Java:访问使用SAML身份验证的API
[英]Java: Access an API that uses SAML authentication
问题描述
I have a web project that needs to pull some data from a hosted versionone instance. 
我有一个Web项目,需要从托管的versionone实例中提取一些数据。 The versionone instance uses SAML authentication for single sign-on. versionone实例使用SAML身份验证进行单点登录。 The single sign-on itself uses a username and pin+one-time password for authentication so it is nearly impossible to hard-code those values into the application. 单点登录本身使用用户名和pin +一次性密码进行身份验证,因此几乎不可能将这些值硬编码到应用程序中。
Is there a way to handle this situation? 有没有办法处理这种情况? Can I set something in the header of the request to bypass the single-signon process? 我可以在请求的标头中设置一些内容以绕过单点登录过程吗?
1 个解决方案
解决方案1
1 已采纳 2013-06-12 18:37:24
As of release 13.1, VersionOne supports OAuth2 for authentication against the API endpoints. 从版本13.1开始,VersionOne支持OAuth2对API端点进行身份验证。 Both the Webserver flow (where the hosted instance POSTs auth tokens to your waiting HTTP server) and the Out-of-band flow (where the hosted instance gives the user a code to copy/paste to the client) are supported. 同时支持Web服务器流(托管实例将auth令牌发布到等待的HTTP服务器)和带外流程(托管实例为用户提供要复制/粘贴到客户端的代码)。
That may be a better match for your requirements, as the SAML process is difficult to complete without a web browser and user present. 这可能更符合您的要求,因为如果没有Web浏览器和用户在场,SAML流程将很难完成。
Once the OAuth2 credentials are obtained by the app, it can operate without user intervention. 应用获得OAuth2凭据后,即可在无需用户干预的情况下运行。 At any time, the user may revoke the app's permissions inside of VersionOne. 用户可以随时在VersionOne内部撤消该应用程序的权限。
With OAuth2, the process is: 使用OAuth2,过程为:
Register your app with VersionOne, thus creating a client secret
向VersionOne注册您的应用程序,从而创建客户端机密 Configure the app with the client secret data from the registration
使用注册中的客户端机密数据配置应用 Have the app request a permission grant, which sends you to the VersionOne server.
让应用程序请求权限授予,这会将您发送到VersionOne服务器。 Login to the server as the user you wish the app to act as, and accept the grant.
以您希望应用充当的用户身份登录服务器,并接受授权。 Copy the grant code back to the app if using the out-of-band flow.
如果使用带外流程,则将授权码复制回应用程序。 The app contacts the VersionOne instance and exchanges the code for a persistent token.
该应用程序联系VersionOne实例,并将代码交换为永久令牌。 The app can apply the token as an "Authorization: Bearer " HTTP header to achieve access to the VersionOne endpoint
该应用程序可以将令牌用作“ Authorization:Bearer” HTTP标头,以实现对VersionOne端点的访问 If the token has expired and the request returns Unauthorized, the client may attempt to refresh the token and try again, without user intervention.
如果令牌已过期并且请求返回未授权,则客户端可以尝试刷新令牌并重试,而无需用户干预。
There is some documentation available on the VersionOne community site . 在VersionOne社区站点上有一些文档可用。
And a few (in-progress) examples in the VersionOne OAuth2 Examples repository 还有VersionOne OAuth2示例存储库中的一些(正在进行中的)示例
We also have a (beta) HTTP proxy that can run on your app's server, forwarding requests to the VersionOne instance after wrapping them with OAuth2 and SSL. 我们还具有一个(测试版) HTTP代理 ,该代理可以在您应用的服务器上运行,在将请求封装为OAuth2和SSL后将其转发到VersionOne实例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.