HP ALM REST API login using PHP CURL

Question

I'm new to REST and I'm trying to develop a web app that will connect with JIRA from one sid (already covered) and with HP's ALM from the other side.

what I'm attempting to accomplish right now is basic authentication to ALM with PHP but can't seem to progress.
here is my code:

$handle=curl_init('http://192.168.1.7:8081');
$headers = array(
    'Accept: application/xml',
    'Content-Type: application/xml',
    'Authorization: Basic YWRtaW46MTIzNA==',
);

$username='admin';
$password='1234';

$url = 'http://192.168.1.7:8081/qcbin/authentication-point/login.jsp';


curl_setopt_array(
$handle,
array(
CURLOPT_URL=>'http://192.168.1.7:8081/qcbin/rest/domains/default/projects/Ticomsoft/defects?login-form-required=y',
//CURLOPT_COOKIEFILE=>$ckfile,
CURLOPT_POST=>true,
//CURLOPT_HTTPGET =>true,
CURLOPT_COOKIEJAR=>$ckfile,
CURLOPT_VERBOSE=>1,
//CURLOPT_POSTFIELDS=>,
//CURLOPT_GETFIELDS=>'j_username=admin&j_password=1234&redirect-url=http://192.168.1.7:8081/myUiResource.jsps',
CURLOPT_SSL_VERIFYHOST=> 0,
CURLOPT_SSL_VERIFYPEER=> 0,
CURLOPT_RETURNTRANSFER=>true,
CURLOPT_FOLLOWLOCATION=>true,
CURLOPT_HEADER=>false,
CURLOPT_HTTPHEADER=> $headers,
CURLOPT_AUTOREFERER=>true
//CURLOPT_COOKIE=>
//CURLOPT_USERPWD=>"admin:yahala"
//CURLOPT_CUSTOMREQUEST=>"POST"
)

);
$result=curl_exec($handle);
$ch_error = curl_error($handle);
$response = curl_getinfo($handle);

print_r($response);
if ($ch_error) {
    echo "cURL Error: $ch_error";
} else {
    //var_dump(json_decode($result, true));
    echo $result;   
}

curl_close($handle);

?>

as you can see there is a lot of garbage as my trial and error progressed.

Answer 1

Here we go. I followed the QC Rest API documentation to study the order that QC expects requests to be made. I've tested it against ALM11. I'm new to cURL as well, but this should get you in and working......

<?php

//create a new cURL resource
$qc = curl_init();
//create a cookie file
$ckfile = tempnam ("/tmp", "CURLCOOKIE");

//set URL and other appropriate options
curl_setopt($qc, CURLOPT_URL, "http://qualityCenter:8080/qcbin/rest/is-authenticated");
curl_setopt($qc, CURLOPT_HEADER, 0);
curl_setopt($qc, CURLOPT_HTTPGET, 1);
curl_setopt($qc, CURLOPT_RETURNTRANSFER, 1);

//grab the URL and pass it to the browser
$result = curl_exec($qc);
$response = curl_getinfo($qc);

//401 Not authenticated (as expected)
//We need to pass the Authorization: Basic headers to authenticate url with the 
//Correct credentials.
//Store the returned cookfile into $ckfile
//Then use the cookie when we need it......
if($response[http_code] == '401')
{

        $url = "http://qualityCenter:8080/qcbin/authentication-point/authenticate";
        $credentials = "qc_username:qc_password";
        $headers = array("GET /HTTP/1.1","Authorization: Basic ". base64_encode($credentials));

    curl_setopt($qc, CURLOPT_URL, $url);
    curl_setopt($qc, CURLOPT_HTTPGET,1); //Not sure we need these again as set above?
    curl_setopt($qc, CURLOPT_HTTPHEADER, $headers);
    //Set the cookie
        curl_setopt($qc, CURLOPT_COOKIEJAR, $ckfile);
        curl_setopt($qc, CURLOPT_RETURNTRANSFER, true);

        $result = curl_exec($qc);
        $response = curl_getinfo($qc);

       //The response will be 200   
       if($response[http_code] == '200')
       {
        //Use the cookie for subsequent calls...
        curl_setopt($qc, CURLOPT_COOKIEFILE, $ckfile);
        curl_setopt($qc, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($qc, CURLOPT_URL, "http://qualityCenter:8080/qcbin/rest/domains/Your_Domain/projects/Your_Project/defects");

    //In this example we are retrieving the xml so...
        $xml = simplexml_load_string(curl_exec($qc));
        print_r($xml);

    //Call Logout
        logout($qc,"http://qualityCenter:8080/qcbin/authentication-point/logout");

       }
       else
       {
        echo "Authentication failed";
       }

    }
else
{
        echo "Not sure what happened?!";
}

//Close cURL resource, and free up system resources
curl_close($qc);

function logout($qc, $url)
{
    curl_setopt($qc, CURLOPT_URL, $url);
        curl_setopt($qc, CURLOPT_HEADER, 0);
        curl_setopt($qc, CURLOPT_HTTPGET,1);
        curl_setopt($qc, CURLOPT_RETURNTRANSFER, 1);

    //grab the URL and pass it to the browser
    $result = curl_exec($qc);
}

?>

Let me know if it worked!

Thanks,

Rich

Answer 2

one of the important things to keep in mind is after authenticating you must do the following POST /qcbin/rest/site-session with cookies LWSSO

this will return QCSession and XSRF-TOKEN which are needed to perform any operations

Answer 3

Here is my solution in Perl for this problem: The authentication step is performed first, setting the cookie for the next libcurl request which then can be performed with no problems. This is a version for background jobs. For a dialog application, the credentials could be passed through from the user's input instead. Also, I had to do this with https instead of http. The Perl program also shows how to instruct curl for https (there is a very good how-to on http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/ ).

#!/usr/bin/perl 

# This script accesses, as a proxy, the REST API of the HP quality center
# Running it without query parameter, the complete list of defects is returned
# A query parameter, e.g. 'query={id[2283]}' will be passed as is to the HP QC API

# We are using the libcurl wrapper WWW::Curl::Easy
# The access is https, so a certificate has to be passed to libcurl
# The main point for using curl, however, is the authentication procedure:
# HP requires a preparative call to a special authentication service
# The authentication ticket will then be passed back as a cookie
# Only with this ticket, the real GET request on the defects can be performed

use WWW::Curl::Easy;

use strict;
use warnings;

use constant {
  URL_QC_DEFECTS   => "https://[QC DOMAIN]/qcbin/rest/domains/[DOMAIN]/projects/[PROJECT]/defects/",
  URL_QC_AUTH      => "https://[QC DOMAIN]/qcbin/authentication-point/authenticate",
  PATH_CERT        => "[PATH TO CREDENTIALS]"  # contains certificate and credentials, see below
  };

doRequest( URL_QC_DEFECTS . "?" . $ENV{QUERY_STRING} );
return 0;

sub doRequest {
  my ($url,$cookies,$response) = (shift,"","");
  eval {
    my $curl = get_curl_instance(\$cookies,\$response);
    authenticate( $curl );
    get( $curl, $url );
    if ($response =~ /.*?(<\?xml\b.*)/s) {
      print "Content-Type:text/xml\n\n";
      print $1;
      }
    else {
      die "The response from HP QC is not in XML format";
      }
    };
  if ($@) {
    print "Content-Type:text/plain\n\n$@";
    }
  }

sub get_curl_instance {

  my ($cookie,$response) = @_;

  my $curl = WWW::Curl::Easy->new( );  

  open( my $cookiefile, ">", $cookie) or die "$!";
  $curl->setopt( CURLOPT_COOKIEFILE, $cookiefile );  
  open( my $responsefile, ">", $response) or die "$!";  
  $curl->setopt( CURLOPT_WRITEDATA, $responsefile );  
  $curl->setopt( CURLOPT_SSL_VERIFYPEER, 1);
  $curl->setopt( CURLOPT_SSL_VERIFYHOST, 2);
  $curl->setopt( CURLOPT_CAINFO, cert() );  
  $curl->setopt( CURLOPT_FOLLOWLOCATION, 1 );
  return $curl;
  }

sub authenticate {
  my $curl = shift;
  my ($rc,$status);
  $curl->setopt( CURLOPT_URL, URL_QC_AUTH );
  $curl->setopt( CURLOPT_USERPWD, cred( ) );  
  if (($rc = $curl->perform( )) != 0) {
    die "Error Code $rc in curl->perform( ) on URL " . URL_QC_AUTH;
    }
  if (($status=$curl->getinfo(CURLINFO_HTTP_CODE))!="200") {
    die "HTTP-Statuscode $status from authentication call";
    }   
  }


sub  get {
  my ($curl,$url) = @_;
  my ($rc,$status);
  $curl->setopt( CURLOPT_URL, $url );
  $curl->setopt( CURLOPT_HEADER, { Accept => "text/xml" } );
  if (($rc = $curl->perform( )) != 0) {
    die "Error Code $rc from defects request";
    }
  if (($status=$curl->getinfo(CURLINFO_HTTP_CODE))!="200") {
    die "HTTP Statuscode $status from defects request";
    }   
  }

sub cred {
  open CRED, PATH_CERT . '/.cred_qc' or die "Can't open credentials file: $!";
  chomp( my $cred = <CRED>); 
  close CRED;
  return $cred;
  }

sub cert {
  return PATH_CERT . '/qc.migros.net.crt';
  }  

Answer 4

As an alternative to Sohaib's answer concerning the need to POST to /qcbin/rest/site-session after authenticating, you can do both in one step by POSTing to /qcbin/api/authentication/sign-in , as per the below:

"There are four cookies that come back, and in ALM 12.53 the authentication point has changed ( but the documentation has not so it sends you to the wrong place ! )

So, send a POST request with BASIC authentication, base64 encoded username / password to /qcbin/api/authentication/sign-in and you will get back

• LWSSO_COOKIE_KEY
• QCSESSION
• ALM_USER
• XSRF_TOKEN

include these with all your subsequent GETS and PUTS and you should be OK."

(This answer is taken from https://community.microfocus.com/t5/ALM-QC-User-Discussions/Authentication-fails-when-trying-to-pull-data-from-ALM-server/td-p/940921 , and worked for me in a similar context).