How to use WCF Livelink web services to create a quasi single sign on or login with cookie equivalent of lapi

Recently OT Dev said that don’t really spend time on the Search SOAP service but use the Restful search API that has been there all along these years.

Since almost everything in livelink is served off a URL one of the first things it needs is authentication.For livelink deployments who do not have Single Sign On based on web server auth it is inconvenient that a webapp designed in C# provides links to a livelink URL for e.g I may have an href called “My Assignments” and then I may link it to my livelink server url and the query string ending in personal .assignments

I really don’t think organizations using livelink still use userid/password but this will probably help those users.

http:://my livelinkurl/livelinkvd/llisapi.dll?func=personal.assignments

Now everybody reading this should know that livelink will look for a cookie if not it will present a login screen. Our attempt is to use the token (cookie) returned to us by the CWS auth routine and make sure we can pass it off to a livelink URL or making the request to livelink as if one had logged in and subsequently performing operations.

In my example I am doing this with a LL 9.7.1 version so the ref key word is not used.For newer CWS the ref keyword is needed

SETUP

LL9.7.1 Oracle,IIS6, webserver is anonymous,livelink auth scheme is livelink ,No RCS present,No Dir Svcs module in deployment

in SSO deployments calling a livelink URL from a auth user’s computer results in a pass thru experience so none of this circus is needed anyway.

What I found was if you were adding the LlCookie to the request you have to do a lot of coding as in the user in this thread.I found several hits in the web

to spoof the Cookie but a lot of code for somethingthat you know is not that secure anyway

RE RE RE RE RE Get Region Name

He first gets the auth token and uses cookie setting code to call the search API.

While that is all good and dandy  if you have access to  a web debugging tool like Fiddler if you capture traffic for the first auth call you can see your userid+password

if it is a HTTP connection.I am not sure what it will look if my livelink was HTTPS.So I would just build a userid/password url and specify everything in NextURL.

So if I was coding a C# app and wanted to call my search system in livelink I would just use the simple approach

http://llappu971vm:8080/livelink/livelink.exe?func=ll.login&username=livelinkuser&password=livelinkpassword&nextURL=%2Flivelink%2Flivelink.exe%3Ffunc=ll%26objId=670175%26objAction=browse%26viewType=1

In the above URL the Func=ll.login sets the Cookie and then the NextURL is indicated,it is just webescaped for transmission

Advertisements

Link to Creating RESTful web services in livelink

This is a very good article very insightful for people like me who don’t really  understand hyped up words  in use.

http://ednortonengineeringsociety.blogspot.com/2009/08/creating-restful-web-services-with.html

People at OT has said that their plan is to support web services ,oscript and RESTful

So I am going to try and see if I can make some good easy to use things.Looks easier than CWS to me

I know my oscript so the rest is basically some crafted query strings .I s that what Rest is ?

BTW this is free publicity to the original blogger.If I should not be posting links let me know I will remove it.

HTTPS with Webservices in Livelink

Contrary to stuff that I do this post is basically something I hacked together to make it work.I must have received at least 50 emails for several web services questions.In the absence of OT providing good easy to understand hand holding examples I offer these.If OT ‘s thinking is basically to code a web service a developer needs to take paid training all those things have come to pass.Almost every programming language snippets are available and so there is an expectation that the Vendor provides proper code samples.What I think they should start putting quality samples like what Jason is attempting &  conducting webinars .They could do several official things such as how to code when RCS is present, what is the difference between Enterprise Library Services & Livelink web services,How does the new OTDS come into authenticationg into livelink,What one should do and not do,many things the livelink programming community needs help on.This in my mind will ensure a good talent pool of programmers out there who would do things as OT intends to.

I naturally like to understand what I am doing unfortunately in this installment I have resorted to mostly ‘trial & error’

HTTPS and Livelink Web Services code

As we learned on our SSO attempt and livelink web services this time we start with this

Part 1

  1. Make VM IPv4 and disable IPv6 it should work for IPv6 provided you do the stuff in my previous blog.
  2. Make sure the IIS7 livelink webserver is functioning fine
  3. Make sure anonymous(livelink) authentication is fine  i.e.’ we can login as the powerful ‘Admin’ and the right password.
  4. Now with our baseline favorite Kyle Swidrowich’s piece of code start making it work without https
  5. We then make IIS HTTPS. Note you cannot make a webserver https commercially without shelling some money.HTTPS needs a certifying authority. For purposes of demonstration I will be using Microsoft’s self-signing certificate. Self-signing certificates are the same secure protocol other than the fact that a commercial company will not stand by it. Products such as archive server uses self-signing certs and OT bundles a signer program so I have used it many times to create closed loops between SAP ,livelink and archive server. For the completely uninitiated a secure transmission means only with the private key can you decipher the communication between the browser and the application so snooping with fiddler/wire shark etc. will give you a lot of garbled messages.
  6. So we manage to login as HTTP on that livelink

Again VC#, At this point this looks promising, Now add quickly DocumentManagemnt.svc and ContentService.svc as well Try Kyle’s code and make it work for HTTPS .Perfect everything works we added the document

Part 2

Making IIS HTTPS

I used this site and followed that

see how simple it was for me a non MS/IIS person to figure this out that is what we sadly lack with OT.

BTW word press cannot do embedded images from my word document.I have the word document replete with screen caps in communities.

And this Now for good measure we need to remove http

If you remember a posting I made and Guy Pomerleaux commented if you have http and https running and OT web services code  is accessed you don’t really know you are talking https unless you do this. To keep it simple my livelink is now HTTPs Web GUI or web services. Perhaps if you leave a http listening port this would make your coding easier, but since I am doubtful which protocol will be used I resort to this.My builder program reports HTTPS=on that tells me everything is SSL.

We say yes to the IE warning and proceed to our newly created Livelink website which is now on HTTPS

We have cert errors even after we import the cert to keep IE happy

But I guess it will complain until I paid VeriSign or Thawte some money Perhaps readers can pool some money and buy me a certificate J for all practical purposes I am https

When I try to change my web service references we get this

I say yes

I got this and plenty of yellow looking errors at the livelink web services server when I tried to call the web service. Too many to list and too unknowing to comment on the mumbo jumbo.Essentially at this point I am trying on the server to get this service created.

https://appuw2k8vm/les-services/Authentication.svc

Several errors ensued which I basically got around by removing all traces of places I thought was written for HTTP stuff.

So I remembered form my 9.7.1 that there is some SSL binding stuff we have to do on the web services on the server. So we make a copy of the Web.Config and try it.

Mostly if you remove everything that did not contain SSL and enable the SSL stuff it should work.

Also could not establish trust relationship means you have to install the certificate into the trusted certificate store

A working Web.Config you can find a working app.config you can also find. I am not able to explain the mumbo jumbo as it is mostly trial and error. I hope if any OT knowledgeable people read this they would conduct a webinar on how to do this.

Link 1 The above article replete with screen caps as a word doc

Link 2 The Web.Config that goes on the web services install that works for me 

Link 3 The App.Config from my C# application