we plan to automate our DTAP deployment via Powershell in the future. For this, we need to authorise ourselves against Indicium. Normally, this is done by forwarding to the login page. However, since the process is to run without user interaction, we would actually have to pass the required credentials via the Authorize call.
Unfortunately, I could not find an example for this in the documentation. Can someone explain to me how best to implement such a scenario?
Best answer by Vincent DoppenbergView original
that was the decisive hint and my error in thinking. I actually wanted to use the OpenID authentication flow in addition to the basic authentication. But it doesn't really make sense. Now my web service call works and I can take care of the actual build process.
Thanks again and have a nice weekend
thanks for the tip, that's already going in the right direction. Now that I have set up basic authentication on our development system, I can log in to Indicium as a Windows user. In principle, the OData API already works for us, but so far we have been using an interactive login, which means forwarding to the login page.
If I now try to call the "authorize" method with the header "authorization: basic base64(user:password)", the call no longer works. After about 30 seconds I get a "connection refused" message, probably due to an internal timeout. In the server's security event log, I can see that a login with the user in use was successful. In the Indicium log file I cannot find any error message that seems to be related to my tests. Interestingly, in Postman (the program I use to test the API calls) two cookies seem to be created. For me, this somehow indicates that a basic communication seems to be taking place.
Do you have any ideas where we could look for errors or what else we are doing wrong?
What do you mean by authorize method? It makes me think of the /connect/authorize endpoint that would be used to initiate an OpenID authentication flow, but you should not be calling that endpoint if you are already supplying Basic authentication credentials.
Can you elaborate on the HTTP request that you are firing which results in the “connection refused” message?
You can supply the credentials with Basic authentication via an Authorization header on the HTTP request:
Where <base64 credentials> needs to be replaced by the base-64 encoding of the string username:password. So your desired username and password, concatenated by a colon. Supplying such an HTTP header will authorize you.
If you would rather not use Basic authentication, then it is also possible to use Bearer authentication, using an OpenID access token. This requires quite a bit more to set up, which I’ve explained in a reply to this topic here.
I hope this helps.