Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CAMPassport authorization #114

Closed
wants to merge 1 commit into from
Closed

CAMPassport authorization #114

wants to merge 1 commit into from

Conversation

adscheevel
Copy link
Collaborator

added functionality to _build_authorization_token function in RestService.py to take gateway as an argument where gateway is the Cognos dispatcher used for CAM security. will use negotiated login attempt to get passport cookie for authorization header instead of taking username & password. If the negotiated login fails, it will set the token to use the username and password, provided they were supplied. Attached is example of config.ini file for on premise installation with gateway parameter defined.

I did this modification because i didnt want to save the base64 password in a config file and am lucky to have cognos CAM with windows integrated authentication set up in our TM1 environment. My python skills are not great, my edits might not be the best way to accomplish what I set out to do.

image

@adscheevel
CAMPassport authorization
efa1dc3 
added functionality to _build_authorization_token function to take gateway as an argument where gateway is the Cognos dispatcher used for CAM security. will use negotiated login attempt to get passport cookie for authorization header instead of taking username & password
@MariusWirtz MariusWirtz self-assigned this Mar 14, 2019
@MariusWirtz
Copy link
Collaborator

Hi,

thanks for the contribution to TM1py. Before I will merge the changes I want to challenge it. Unfortunately I currently can't get it to run with my setup.

I got a TM1 instance that is using CAM and supporting SSO (IntegratedSecurityMode=5) ready.
Now I understand that as the gateway I need to assign the same value that is specified in the tm1s.cfg as ClientCAMURI. Is that correct?

@adscheevel
Copy link
Collaborator Author

Correct, it's should also match the address returned in the WWW-Authenticate header if you send a request to the instance without any authorization header.

MariusWirtz added a commit that referenced this pull request Mar 30, 2019
@MariusWirtz
Minor changes related to MR #114
541694a 
- Fail when CAM gateaway auth fails even though credentials are provided
- Handle case that response does not contain expected 'cam_passport' cookie
MariusWirtz added a commit that referenced this pull request Mar 30, 2019
@MariusWirtz
Minor changes related to MR #114
595ce9f 
- Fail when CAM gateaway auth fails even though credentials are provided
- Handle case that response does not contain expected 'cam_passport' cookie
- Add new requests_negotiate_sspi dependency to setup.py
@MariusWirtz
Copy link
Collaborator

@adscheevel
sorry for my late response on this one. I finally managed to get my hands on a properly set up TM1 and CAM environment. We tested your changes and it works like a charm!

I will close this branch in favor of #120 , as I wanted to do a few (rather cosmetical) changes to the branch before it's merged into the master. #120 now contains your commit e58dd16 and my changes on top
595ce9f

Thanks for your contribution!

MariusWirtz added a commit that referenced this pull request Apr 2, 2019
@MariusWirtz
Minor changes related to MR #114
dc73dc9 
- Fail when CAM gateaway auth fails even though credentials are provided
- Handle case that response does not contain expected 'cam_passport' cookie
- Add new requests_negotiate_sspi dependency to setup.py
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@MariusWirtz MariusWirtz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@adscheevel @MariusWirtz