SQL Server / ForgeRock Identity Cloud Collection / Step 2b: Authenticate as ID Cloud Admin using MFA Skip Callback, Get Session Token and Cookie Name
Back to Collection Items
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
DECLARE @iTmp0 int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
-- This example assumes the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @http int
-- Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
DECLARE @success int
-- Use this online tool to generate code from sample JSON: Generate Code to Create JSON
-- The following JSON is sent in the request body.
-- {
-- "authId": "{{authId}}",
-- "callbacks": [
-- {
-- "type": "TextOutputCallback",
-- "output": [
-- {
-- "name": "message",
-- "value": "Skip"
-- },
-- {
-- "name": "messageType",
-- "value": "0"
-- }
-- ]
-- },
-- {
-- "type": "ConfirmationCallback",
-- "output": [
-- {
-- "name": "prompt",
-- "value": ""
-- },
-- {
-- "name": "messageType",
-- "value": 0
-- },
-- {
-- "name": "options",
-- "value": [
-- "Set up"
-- ]
-- },
-- {
-- "name": "optionType",
-- "value": -1
-- },
-- {
-- "name": "defaultOption",
-- "value": 0
-- }
-- ],
-- "input": [
-- {
-- "name": "IDToken2",
-- "value": 0
-- }
-- ]
-- },
-- {
-- "type": "HiddenValueCallback",
-- "output": [
-- {
-- "name": "value",
-- "value": "false"
-- },
-- {
-- "name": "id",
-- "value": "Skip"
-- }
-- ],
-- "input": [
-- {
-- "name": "IDToken3",
-- "value": "Skip"
-- }
-- ]
-- }
-- ]
-- }
DECLARE @json int
-- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'authId', '{{authId}}'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[0].type', 'TextOutputCallback'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[0].output[0].name', 'message'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[0].output[0].value', 'Skip'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[0].output[1].name', 'messageType'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[0].output[1].value', '0'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[1].type', 'ConfirmationCallback'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[1].output[0].name', 'prompt'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[1].output[0].value', ''
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[1].output[1].name', 'messageType'
EXEC sp_OAMethod @json, 'UpdateInt', @success OUT, 'callbacks[1].output[1].value', 0
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[1].output[2].name', 'options'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[1].output[2].value[0]', 'Set up'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[1].output[3].name', 'optionType'
EXEC sp_OAMethod @json, 'UpdateInt', @success OUT, 'callbacks[1].output[3].value', -1
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[1].output[4].name', 'defaultOption'
EXEC sp_OAMethod @json, 'UpdateInt', @success OUT, 'callbacks[1].output[4].value', 0
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[1].input[0].name', 'IDToken2'
EXEC sp_OAMethod @json, 'UpdateInt', @success OUT, 'callbacks[1].input[0].value', 0
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[2].type', 'HiddenValueCallback'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[2].output[0].name', 'value'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[2].output[0].value', 'false'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[2].output[1].name', 'id'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[2].output[1].value', 'Skip'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[2].input[0].name', 'IDToken3'
EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'callbacks[2].input[0].value', 'Skip'
EXEC sp_OAMethod @http, 'SetRequestHeader', NULL, 'Content-Type', 'application/json'
EXEC sp_OAMethod @http, 'SetRequestHeader', NULL, 'Accept-API-Version', 'resource=2.1, protocol=1.0'
DECLARE @resp int
EXEC sp_OAMethod @http, 'PostJson3', @resp OUT, 'https://<tenant-name>.forgeblocks.com/am/json/authenticate', 'application/json', @json
EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT
IF @iTmp0 = 0
BEGIN
EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @json
RETURN
END
DECLARE @sbResponseBody int
-- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbResponseBody OUT
EXEC sp_OAMethod @resp, 'GetBodySb', @success OUT, @sbResponseBody
DECLARE @jResp int
-- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jResp OUT
EXEC sp_OAMethod @jResp, 'LoadSb', @success OUT, @sbResponseBody
EXEC sp_OASetProperty @jResp, 'EmitCompact', 0
PRINT 'Response Body:'
EXEC sp_OAMethod @jResp, 'Emit', @sTmp0 OUT
PRINT @sTmp0
DECLARE @respStatusCode int
EXEC sp_OAGetProperty @resp, 'StatusCode', @respStatusCode OUT
PRINT 'Response Status Code = ' + @respStatusCode
IF @respStatusCode >= 400
BEGIN
PRINT 'Response Header:'
EXEC sp_OAGetProperty @resp, 'Header', @sTmp0 OUT
PRINT @sTmp0
PRINT 'Failed.'
EXEC @hr = sp_OADestroy @resp
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @sbResponseBody
EXEC @hr = sp_OADestroy @jResp
RETURN
END
EXEC @hr = sp_OADestroy @resp
-- Sample JSON response:
-- (Sample code for parsing the JSON response is shown below)
-- {
-- "tokenId": "N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*",
-- "successUrl": "/openam/console",
-- "realm": "/"
-- }
-- Sample code for parsing the JSON response...
-- Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
DECLARE @tokenId nvarchar(4000)
EXEC sp_OAMethod @jResp, 'StringOf', @tokenId OUT, 'tokenId'
DECLARE @successUrl nvarchar(4000)
EXEC sp_OAMethod @jResp, 'StringOf', @successUrl OUT, 'successUrl'
DECLARE @realm nvarchar(4000)
EXEC sp_OAMethod @jResp, 'StringOf', @realm OUT, 'realm'
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @json
EXEC @hr = sp_OADestroy @sbResponseBody
EXEC @hr = sp_OADestroy @jResp
END
GO
Curl Command
curl -X POST
-H "Content-Type: application/json"
-H "Accept-API-Version: resource=2.1, protocol=1.0"
-d '{
"authId": "{{authId}}",
"callbacks": [
{
"type": "TextOutputCallback",
"output": [
{
"name": "message",
"value": "Skip"
},
{
"name": "messageType",
"value": "0"
}
]
},
{
"type": "ConfirmationCallback",
"output": [
{
"name": "prompt",
"value": ""
},
{
"name": "messageType",
"value": 0
},
{
"name": "options",
"value": [
"Set up"
]
},
{
"name": "optionType",
"value": -1
},
{
"name": "defaultOption",
"value": 0
}
],
"input": [
{
"name": "IDToken2",
"value": 0
}
]
},
{
"type": "HiddenValueCallback",
"output": [
{
"name": "value",
"value": "false"
},
{
"name": "id",
"value": "Skip"
}
],
"input": [
{
"name": "IDToken3",
"value": "Skip"
}
]
}
]
}'
https://<tenant-name>.forgeblocks.com/am/json/authenticate
Postman Collection Item JSON
{
"name": "Step 2b: Authenticate as ID Cloud Admin using MFA Skip Callback, Get Session Token and Cookie Name",
"event": [
{
"listen": "test",
"script": {
"exec": [
"const JSONResponse = JSON.parse(responseBody);",
"",
"// Did request return SSO Token?",
"if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")",
"{",
" // Set `adminSSOToken` variable",
" pm.globals.set(\"adminSSOToken\", JSONResponse.tokenId);",
"",
" // Get custom cookie name",
" var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());",
" pm.collectionVariables.set(\"cookieName\", customCookieName);",
"",
" // Remove `authId` variable",
" pm.globals.unset(\"authId\");",
"",
"}",
"",
"// Tests",
"",
"pm.test(\"Status code is 200\", () => {",
" pm.expect(pm.response.code).to.eql(200);",
"});",
"",
"pm.test(\"Response contains tokenId\", function () {",
" pm.expect(JSONResponse).to.have.any.keys('tokenId');",
"});",
"",
""
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disableCookies": true
},
"request": {
"method": "POST",
"header": [
{
"description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests.",
"key": "Content-Type",
"value": "application/json"
},
{
"description": "Specifies the version of the `/json/authenticate` endpoint to use.",
"key": "Accept-API-Version",
"value": "resource=2.1, protocol=1.0"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"TextOutputCallback\",\n \"output\": [\n {\n \"name\": \"message\",\n \"value\": \"Skip\"\n },\n {\n \"name\": \"messageType\",\n \"value\": \"0\"\n }\n ]\n },\n {\n \"type\": \"ConfirmationCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"\"\n },\n {\n \"name\": \"messageType\",\n \"value\": 0\n },\n {\n \"name\": \"options\",\n \"value\": [\n \"Set up\"\n ]\n },\n {\n \"name\": \"optionType\",\n \"value\": -1\n },\n {\n \"name\": \"defaultOption\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": 0\n }\n ]\n },\n {\n \"type\": \"HiddenValueCallback\",\n \"output\": [\n {\n \"name\": \"value\",\n \"value\": \"false\"\n },\n {\n \"name\": \"id\",\n \"value\": \"Skip\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken3\",\n \"value\": \"Skip\"\n }\n ]\n }\n ]\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "{{amUrl}}/json/authenticate",
"host": [
"{{amUrl}}"
],
"path": [
"json",
"authenticate"
]
},
"description": "Return the MFA skip callbacks received from the previous step. \n\nThen get the session token from the response headers. To manually provide the session token name, navigate to **Tenant Settings** in the ID Cloud console and copy the *Cookie Name* value. Use this value in the `cookieName` variable in your Postman Collection."
},
"response": [
{
"name": "Success - authentication complete",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json",
"description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests."
},
{
"key": "Accept-API-Version",
"value": "resource=2.0, protocol=1.0",
"description": "Specifies the version of the `/json/authenticate` endpoint to use."
}
],
"body": {
"mode": "raw",
"raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}",
"host": [
"{{amUrl}}"
],
"path": [
"json{{realm}}",
"authenticate"
],
"query": [
{
"key": "authIndexType",
"value": "service",
"description": "Allows the request to configure the service (for example, an authentication tree) to use for this request."
},
{
"key": "authIndexValue",
"value": "{{loginJourney}}",
"description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable."
}
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Cache-Control",
"value": "private"
},
{
"key": "Cache-Control",
"value": "no-cache, no-store, must-revalidate"
},
{
"key": "Set-Cookie",
"value": "iPlanetDirectoryPro=0_OKRrdKWp4qNlomyaBn3lRl23U.*AAJTSQACMDEAAlNLABxiNmZiTnVSV05IbUFNbWprV3ZndUlNdlVYNDg9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly"
},
{
"key": "Set-Cookie",
"value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly"
},
{
"key": "Content-API-Version",
"value": "resource=2.1"
},
{
"key": "Expires",
"value": "0"
},
{
"key": "Pragma",
"value": "no-cache"
},
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Content-Length",
"value": "167"
},
{
"key": "Date",
"value": "Wed, 12 Aug 2020 14:08:53 GMT"
}
],
"cookie": [
],
"body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}"
}
]
}
