Rest and Soap Services Authentication

The Single Sign-on OpenID Connect authentication can be done using the access token. An access token can be retrieved using the basic authorization headers.

Before you beginMake sure that the access token handler is configured in the application.yaml file. Specify the handler's fully qualified class name in the property below : spring.security.oauth2.client.provider.$providerId.accessTokenHandler

For example, if your provider id is wso2, then the handler property is:

spring.security.oauth2.client.provider.wso2.accessTokenHandler=com.tibco.
mdm.integration.security.authentication.sso.rest.oidc.wso2.WSO2AccessTokenService

Note: Built-in handler is available only for the WSO2 provider for which the handler class is

com.tibco.mdm.integration.security.authentication.sso.rest.oidc.wso2.
WSO2AccessTokenService

To get the access token, pass the authorization header to /rest/sso/oidc/accesstoken rest API from Swagger UI. The authorization header must have a base 64-encoded string, which is a combination of your SSO username, password, and the enterprise name. The authorization header returns a bearer token.
Pass this bearer token to each request as an authorization header.
For example, Authorization: Bearer
eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhY2Nlc3NfdG9rZW4iOiJiMmFhOTljNy03ZTJlLTNhMD ItOThmZS05MT.

The token has a validity period after which it expires. You may need to get a new token if the validity period is over.

Note: You may directly send the basic authorization header to different services in order to access them. However, it is not recommended because a new access token is generated for each request.

Did you find this helpful?

Yes No