Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BP RR HTTP interface with SSO

Walter.Koller
Level 11
‎27-10-20 03:14 PM
Status: New
It is not possible to use HTTP command on runtime resources when SSO authentication is used (which should be standard).
So with SSO authentication all HTTP runtime resource interfaces will not work. Even HTTP would be the preferred way to go (SAS, decoupling, ...)

Also it would be great to sync the commands between automatec and HTTP since different commands are available with different parameters and they work differently

http://<runtimeresource>:8181/status 
>> USER NOT SET

http://<runtimeresource>:8181/user%20<userid>&password%20<password>&status
>> USER SET
>> AUTHENTICATION FAILED
>> USER NOT SET

http://<runtimeresource>:8181/sso&status
>> INVALID COMMAND - user 'help'
>> USER NOT SET
3 Comments
bruce.liu
Staff
Staff
‎03-11-20 11:37 PM
‎03-11-20 11:37 PM
Hi Walter,

I believe it is possible to use HTTP interface with SSO.

The URL should look like below if you wish to use SSO with the Blue Prism HTTP interface.

https://machinename:8181/user%20name%20{USERNAME}&password%20{PASSWORD}&proclist

Username can be either one of the following:

  • samaccountname (where it will look for the user in the domain specified in Blue Prism)
  • DOMAIN\samaccountname
  • userprincipalname i.e. something@some.domain
Password is what is associated with the AD account. I have tested all three in my environment and they all worked.

The example above will get you a list of processes but can be easily converted for a different purpose. You do not need to use HTTPS if you have not chosen to encrypt the incoming instructional communications to the RR.

To run processes however, you must firstly obtain a authtoken using GetAuthtoken command, followed by creating a Blue Prism session using the token.
0 Likes
Prashant
Level 4
‎04-11-20 06:11 AM
‎04-11-20 06:11 AM
Hi Bruce,

If i have to enter the username and password in the URL - then it is not SSO. It is in fact the most insecure form of authentication. Compare this with the AutomateC commands where you just specify /sso switch and the command automatically runs under your credential.

I agree with Walter's both requests  - a) support for SSO in HTTP Interface the AutomateC and b) the HTTP interface commands & options should be similar if not identical.

 Even a first step to have equivalent of all HTTPInterface commands in AutomateC along with the /sso switch support on them would be a pretty good enhancement.
0 Likes
Walter.Koller
Level 11
‎06-11-20 01:03 PM
‎06-11-20 01:03 PM
Writing username and password as part of the URL string is a no go for us. 
Reminds me on the early days of web based access, but this is long long time ago 😉 

I didn't try but I read it should be possible to create a token with automatec and use it in HTTP request / URL. Even it would be possible I am not sure if I see the point since if I already can access automatec, I don't need HTTP anymore and the idea is to provide information to decoupled user/clients/solutions without the need of having Blue Prism installed.
0 Likes