cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1750
Views
0
Helpful
5
Replies

Performing REST API Login and BOSH Connection with SSO

loydv
Cisco Employee
Cisco Employee

We have a customer that is wanting to use SSO with a custom thick client Finesse desktop client that will consume the REST API and BOSH interfaces directly.

I understand that 11.6+ of Finesse now supports sending SSO access token instead of AgentID and Password on the REST API and BOSH connection. The Client would embed the SSO SDK to enable the SSO login to retrieve the access token and would then use the token on the REST and BOSH HTTP connection. There are code examples on the SSO SDK site that shows how to do this:

https://developer.cisco.com/site/contact-center-express/docs/#cisco-identity-service-client-sdk-overview

https://developer.cisco.com/site/contact-center-express/docs/#cisco-identity-service-client-sdk-guide

https://developer.cisco.com/site/contact-center-express/docs/#cisco-identity-service-client-sdk

However, their isn't an example of how you would do the Login to Finesse using the REST API, that I can find anywhere. The 11.6 Web Service guide doesn't mention anything about SSO. I understand that you can use the SSO SDK to get an access token, and then send the SSO access token on the REST API Requests instead of the AgentID/Password with basic authentication. But what I don’t understand is how to get the AgentID for the resource ID beforehand? The OOTB Desktop is doing this in the Shindig container with a dip to the AWDB. It then preforms the REST API call to Tomcat using the AgentID it retrieved to perform the actual login to UCCE. The only way that I can see the customer being able to use SSO would be to prompt the Agent for both the SSO Login ID and the AgentID, Right?

For example, when you issue the Login request to the REST API you have to have the AgentID in the ResourceID of the URL.

PUT to http://<FQDN>/finesse/api/User/<id>

with body:

<User>

<state>LOGIN</state>

<extension>1001001</extension>

</User>

There must be a step that I am missing here?  In my opinion, there is a missing component. A Web Service call that the client can make using the SSO access token for authentication, and the Agent Login Name (i.e. SSO User Name) to retrieve the User object including the AgentID. Once the client has the AgentID then, it is business as usual, except using the SSO Access Token instead of the AgentID/Password and basic authentication.

Loyd Vest,

Senior Custom Software Engineer,

AS Custom Application and Integration Team.

1 Accepted Solution

Accepted Solutions

dekwan
Cisco Employee
Cisco Employee

Hi,

Just as an update, there are single sign on APIs that was the missing step. They have now been added to the Finesse Developers guide: https://developer.cisco.com/docs/finesse/#!single-sign-on-apis

Thanx,

Denise

View solution in original post

5 Replies 5

dekwan
Cisco Employee
Cisco Employee

Hi Loyd,

Sorry for the slow reply, I was away for most of last week. I currently don't have a good answer for you, but I will look into it.

Thanx,

Denise

dekwan
Cisco Employee
Cisco Employee

Hi,

Just as an update, there are single sign on APIs that was the missing step. They have now been added to the Finesse Developers guide: https://developer.cisco.com/docs/finesse/#!single-sign-on-apis

Thanx,

Denise

manoj.km
Level 1
Level 1

HI,

All of finess API are working with Bearer attached to it

We are problem with BOSH events are not working with for SSO user , for non-sso user we have attaching b64Encode(username +':'+password)  in header , in the same way we tried for SSO user by attaching Bearer token to it(BOSH events) , But it doesn't work 

 

Can you kindly help us on this 

 

Thanks

Manoj 

Hi,

 

Unfortunately SSO for the XMPP/BOSH connection is not supported at this time.

 

Thanx,

Denise

loydv
Cisco Employee
Cisco Employee

The OOTB Desktop uses a WebSocket for the XMPP Event Feed in Finesse 12.0 using Strophe. If you are on 12.0, you can use a WebSocket via Strophe.js. You can then pass the Bearer Token in the Password field to Strophe.Connection.connect function, for SSO.

 

Have a look at the EventTunnel.js at http://<hostname>:<port>/tunnel/EventTunnel.js on your Finesse Server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: