[OTDev] A&A clarifications
surajit ray mr.surajit.ray at gmail.comMon Mar 7 17:06:21 CET 2011
- Previous message: [OTDev] Intentional redirection ?
- Next message: [OTDev] A&A clarifications
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Andreas,All, Was trying to work through the doc file given as documentation on the website at http://opentox.org/data/documents/partner/wp/3/deliverables/Draft%20Report%20WP3-D3.3 I had a few queries regarding the content. 1) To quote an example from the doc file ------------------------------------------------------------------------------------ # Listing all my policies... # ======================= curl -i -X GET http://opensso.in-silico.ch/Pol/opensso-pol -H “subjectid: AQIC5wM2LY4SfcxrnpcZCmbfdsKTyxG9E66uu5FVhefps7I%3D%40AAJTSQACMDE%3D%23” HTTP/1.1 200 OK Content-Type: text/plain There were not matching policies under realm, /. ------------------------------------------------------------------------------------ here the token is url encoded while in reality (on the server at http://opensso.in-silico.ch/Pol/opensso-pol) the accepted form is without urlencoding the token. when I submit a urlencoded token heres the result ------------------------------------------------------------------------------------ maxtox at maxtox-desktop:~$ curl -i -X GET http://opensso.in-silico.ch/Pol/opensso-pol -H "subjectid:AQIC5wM2LY4SfcwYjtLJPwt6fs8ca1Owk5XWByXX3Wn%2BbX4%3D%40AAJTSQACMDE%3D%23" HTTP/1.0 400 Bad Request Server: nginx/0.6.32 Date: Mon, 07 Mar 2011 15:35:20 GMT Content-Type: text/plain Proxy-Connection: keep-alive Content-Length: 59 Token could not be resolved to a user id. Token expired?. ------------------------------------------------------------------------------------ and the result from the non-urlencoded token submission is following ------------------------------------------------------------------------------------ maxtox at maxtox-desktop:~$ curl -i -X GET http://opensso.in-silico.ch/Pol/opensso-pol -H "subjectid:AQIC5wM2LY4SfcwYjtLJPwt6fs8ca1Owk5XWByXX3Wn+bX4=@AAJTSQACMDE=#" HTTP/1.0 200 OK Server: nginx/0.6.32 Date: Mon, 07 Mar 2011 15:36:58 GMT Content-Type: text/plain Proxy-Connection: keep-alive Content-Length: 1 ------------------------------------------------------------------------------------ as you can see I could not get the expected : "There were not matching policies under realm, /." could you clarify how to obtain the result shown in the example 2) When I do a authentication like the following I get the result as a token.id like so ------------------------------------------------------------------------------------ maxtox at maxtox-desktop:~$ curl -i -d "username=surajitray" -d "password=w3lc0m3" http://opensso.in-silico.ch/opensso/identity/authenticate HTTP/1.0 200 OK Server: nginx/0.6.32 Date: Mon, 07 Mar 2011 15:31:26 GMT Content-Type: text/plain;charset=UTF-8 Proxy-Connection: keep-alive Content-Length: 72 token.id=AQIC5wM2LY4Sfcy24eQG5V7J8Lth75vK3Tdr94/rrc/nBJs=@AAJTSQACMDE=# ------------------------------------------------------------------------------------ Have been correct to assume that this token.id is to be used as subjectid in the previous step ? If my assumption was correct then could you please remove this apparent inconsistency by changing both the variables to the same name (either token.id or subjectid) ? Also in the documentation on the website (http://opentox.org/dev/apis/api-1.2/AA) the following is mentioned ------------------------------------------------------------------------------------ Authentication POST on /auth/authenticate username password uri 200 + token (Valid) 401 (Invalid) Token validation POST on /auth/isTokenValid tokenid 200 + Boolean Logout POST on /auth/logout subjectid 200 + void ------------------------------------------------------------------------------------ As you can see theres a mix of token and tokenid. So we have four representations of the same thing token.id , token , tokenid, subjectid ? could you please help me, cause I am stuck with the a&a implementation for a considerable time now ! Regards Surajit
- Previous message: [OTDev] Intentional redirection ?
- Next message: [OTDev] A&A clarifications
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list