Requesting a Security Token

For SBM systems that are configured to use Single Sign-On (SSO), you must provide a security token in the HTTP header with the JSON call. Upon successful authentication, the TokenService call returns a valid SSO SAML token that you can pass in subsequent JSON API calls, SOAP-based calls via the SBM Application Engine Web Services API, or other SBM interfaces that require a valid SAML token.

To request a security token:

  1. Invoke the TokenService POST call using the following URL (with your SSO server's host name):

  2. Pass the following header information:

    • Content-Type: application/json;charset=UTF-8
    • Accept: application/json
  3. Include authentication credentials in the payload:

    {"credentials": { "username" : "bill", "password":"mypassword"}}

For example:

Content-Type: application/json;charset=UTF-8
Accept: application/json
Content-Length: 56
Source message

POST /idp/services/rest/TokenService/ HTTP/1.1
HOST: SSOHostName:8085
content-type: application/json;charset=UTF-8
accept: application/json
content-length: 56
 {"credentials": { "username" : "bill", "password":"mypassword"}}

If authentication succeeds, a response message is returned:

"status": "OK"
"lifetime": {
"created": 1467228623885
"expires": 1467257423885
"token": {
"tokenType": "SSO"
"encoding": "base64"
"value": "PHNhbWw6QXNzZXJ0...pBc3NlcnRpb24+"

The token information is in the base64-encoded value string. You now have a valid security token that you can pass with ALFSSOAuthNToken in the HTTP header in subsequent JSON API calls or as part of the WS-trust envelope for SOAP-based calls made via the SBM Application Engine Web Services API.

The following example shows how to pass the token in ALFSSOAuthNToken with the GetVersion call:

GET /jsonapi/GetVersion HTTP/1.1
alfssoauthntoken: PHNhbWw6QX...<base64 encoded string>...dGlvbj4=
cookie: authrequired=

Related Topics