topic Re: Alfresco JS API Authentication Options in Alfresco Forum

Alfresco JS API Authentication Options

chao — Thu, 30 Nov 2017 03:17:11 GMT

Is there another option for ECM/BPM authentication without using username and password in the Alfresco Javascript API? Assuming the user is already authenticated through external identity access management system, is there API endpoint to retrieve API token for both ECM and BPM?

Re: Alfresco JS API Authentication Options

eugenio_romano — Thu, 30 Nov 2017 09:57:51 GMT

If you are already auth you can just get the instance and perform the calls

Re: Alfresco JS API Authentication Options

chao — Thu, 30 Nov 2017 12:54:29 GMT

Thanks for the reply. What I mean is the user is authenticated for the ADF web application, but not authenticated to ECM/BPM.

Re: Alfresco JS API Authentication Options

eugenio_romano — Thu, 30 Nov 2017 16:51:52 GMT

Sorry, is not clear to me the difference. The only authentication that ADF can perform is the one against BPM and ECM or both.

Re: Alfresco JS API Authentication Options

chao — Thu, 30 Nov 2017 17:11:28 GMT

Let's say the ADF web app is protected by IAM, a user logins through external custom interface, then redirected back to the ADF home. How does ADF in this case authenticate against ECM/BPM REST API without using username and password?

Re: Alfresco JS API Authentication Options

dvuika — Fri, 01 Dec 2017 08:43:15 GMT

JS-API uses basic auth to get the tokens for ACS and APS, and then uses tokens for subsequent calls. If you use external interface you still need a token to talk to ACS and APS. Both "ecmAuth" and "bpmAuth" from JS-API feature a method called "setTicket" that allows assigning a ticket from the outside: alfresco-js-api/ecmAuth.js at master · Alfresco/alfresco-js-api · GitHub

Hope that helps.

Re: Alfresco JS API Authentication Options

chao — Fri, 01 Dec 2017 12:49:40 GMT

Thanks Denys, that's helpful.

What kind of token (like JWT?) that ACS/APS can recognize? Is there custom code I need to develop from ACS/APS perspective? or just some configuration.

Re: Alfresco JS API Authentication Options

dvuika — Sat, 02 Dec 2017 13:18:44 GMT

JS-API just triggers public APS/ACS api, you can refer to the following links for more details on the api:

APS: https://activiti.alfresco.com/activiti-app/api-explorer.html

ACS: https://api-explorer.alfresco.com/api-explorer/

Re: Alfresco JS API Authentication Options

dvuika — Sat, 02 Dec 2017 13:41:01 GMT

You can also read the docs for the JS-API, there are examples for using tickets: https://github.com/Alfresco/alfresco-js-api#login-with-ticket

Re: Alfresco JS API Authentication Options

chao — Sat, 02 Dec 2017 13:46:15 GMT

Thanks, but I don't know what's the valid ticket to set. I may have the userid or some kind of token from the IDM, such as CA Siteminder.