Chilkat Online Tools

TCL / ForgeRock Identity Cloud Collection / Step 2b: Authenticate as ID Cloud Admin using MFA Skip Callback, Get Session Token and Cookie Name

Back to Collection Items

load ./chilkat.dll

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set http [new_CkHttp]

# Use this online tool to generate code from sample JSON: Generate Code to Create JSON

# The following JSON is sent in the request body.

# {
#   "authId": "{{authId}}",
#   "callbacks": [
#     {
#       "type": "TextOutputCallback",
#       "output": [
#         {
#           "name": "message",
#           "value": "Skip"
#         },
#         {
#           "name": "messageType",
#           "value": "0"
#         }
#       ]
#     },
#     {
#       "type": "ConfirmationCallback",
#       "output": [
#         {
#           "name": "prompt",
#           "value": ""
#         },
#         {
#           "name": "messageType",
#           "value": 0
#         },
#         {
#           "name": "options",
#           "value": [
#             "Set up"
#           ]
#         },
#         {
#           "name": "optionType",
#           "value": -1
#         },
#         {
#           "name": "defaultOption",
#           "value": 0
#         }
#       ],
#       "input": [
#         {
#           "name": "IDToken2",
#           "value": 0
#         }
#       ]
#     },
#     {
#       "type": "HiddenValueCallback",
#       "output": [
#         {
#           "name": "value",
#           "value": "false"
#         },
#         {
#           "name": "id",
#           "value": "Skip"
#         }
#       ],
#       "input": [
#         {
#           "name": "IDToken3",
#           "value": "Skip"
#         }
#       ]
#     }
#   ]
# }

set json [new_CkJsonObject]

CkJsonObject_UpdateString $json "authId" "{{authId}}"
CkJsonObject_UpdateString $json "callbacks[0].type" "TextOutputCallback"
CkJsonObject_UpdateString $json "callbacks[0].output[0].name" "message"
CkJsonObject_UpdateString $json "callbacks[0].output[0].value" "Skip"
CkJsonObject_UpdateString $json "callbacks[0].output[1].name" "messageType"
CkJsonObject_UpdateString $json "callbacks[0].output[1].value" "0"
CkJsonObject_UpdateString $json "callbacks[1].type" "ConfirmationCallback"
CkJsonObject_UpdateString $json "callbacks[1].output[0].name" "prompt"
CkJsonObject_UpdateString $json "callbacks[1].output[0].value" ""
CkJsonObject_UpdateString $json "callbacks[1].output[1].name" "messageType"
CkJsonObject_UpdateInt $json "callbacks[1].output[1].value" 0
CkJsonObject_UpdateString $json "callbacks[1].output[2].name" "options"
CkJsonObject_UpdateString $json "callbacks[1].output[2].value[0]" "Set up"
CkJsonObject_UpdateString $json "callbacks[1].output[3].name" "optionType"
CkJsonObject_UpdateInt $json "callbacks[1].output[3].value" -1
CkJsonObject_UpdateString $json "callbacks[1].output[4].name" "defaultOption"
CkJsonObject_UpdateInt $json "callbacks[1].output[4].value" 0
CkJsonObject_UpdateString $json "callbacks[1].input[0].name" "IDToken2"
CkJsonObject_UpdateInt $json "callbacks[1].input[0].value" 0
CkJsonObject_UpdateString $json "callbacks[2].type" "HiddenValueCallback"
CkJsonObject_UpdateString $json "callbacks[2].output[0].name" "value"
CkJsonObject_UpdateString $json "callbacks[2].output[0].value" "false"
CkJsonObject_UpdateString $json "callbacks[2].output[1].name" "id"
CkJsonObject_UpdateString $json "callbacks[2].output[1].value" "Skip"
CkJsonObject_UpdateString $json "callbacks[2].input[0].name" "IDToken3"
CkJsonObject_UpdateString $json "callbacks[2].input[0].value" "Skip"

CkHttp_SetRequestHeader $http "Content-Type" "application/json"
CkHttp_SetRequestHeader $http "Accept-API-Version" "resource=2.1, protocol=1.0"

# resp is a CkHttpResponse
set resp [CkHttp_PostJson3 $http "https://<tenant-name>.forgeblocks.com/am/json/authenticate" "application/json" $json]
if {[CkHttp_get_LastMethodSuccess $http] == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkJsonObject $json
    exit
}

set sbResponseBody [new_CkStringBuilder]

CkHttpResponse_GetBodySb $resp $sbResponseBody

set jResp [new_CkJsonObject]

CkJsonObject_LoadSb $jResp $sbResponseBody
CkJsonObject_put_EmitCompact $jResp 0

puts "Response Body:"
puts [CkJsonObject_emit $jResp]

set respStatusCode [CkHttpResponse_get_StatusCode $resp]
puts "Response Status Code = $respStatusCode"
if {$respStatusCode >= 400} then {
    puts "Response Header:"
    puts [CkHttpResponse_header $resp]
    puts "Failed."
    delete_CkHttpResponse $resp

    delete_CkHttp $http
    delete_CkJsonObject $json
    delete_CkStringBuilder $sbResponseBody
    delete_CkJsonObject $jResp
    exit
}

delete_CkHttpResponse $resp

# Sample JSON response:
# (Sample code for parsing the JSON response is shown below)

# {
#   "tokenId": "N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*",
#   "successUrl": "/openam/console",
#   "realm": "/"
# }

# Sample code for parsing the JSON response...
# Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code

set tokenId [CkJsonObject_stringOf $jResp "tokenId"]
set successUrl [CkJsonObject_stringOf $jResp "successUrl"]
set realm [CkJsonObject_stringOf $jResp "realm"]

delete_CkHttp $http
delete_CkJsonObject $json
delete_CkStringBuilder $sbResponseBody
delete_CkJsonObject $jResp

Curl Command

curl -X POST
	-H "Content-Type: application/json"
	-H "Accept-API-Version: resource=2.1, protocol=1.0"
	-d '{
    "authId": "{{authId}}",
    "callbacks": [
        {
            "type": "TextOutputCallback",
            "output": [
                {
                    "name": "message",
                    "value": "Skip"
                },
                {
                    "name": "messageType",
                    "value": "0"
                }
            ]
        },
        {
            "type": "ConfirmationCallback",
            "output": [
                {
                    "name": "prompt",
                    "value": ""
                },
                {
                    "name": "messageType",
                    "value": 0
                },
                {
                    "name": "options",
                    "value": [
                        "Set up"
                    ]
                },
                {
                    "name": "optionType",
                    "value": -1
                },
                {
                    "name": "defaultOption",
                    "value": 0
                }
            ],
            "input": [
                {
                    "name": "IDToken2",
                    "value": 0
                }
            ]
        },
        {
            "type": "HiddenValueCallback",
            "output": [
                {
                    "name": "value",
                    "value": "false"
                },
                {
                    "name": "id",
                    "value": "Skip"
                }
            ],
            "input": [
                {
                    "name": "IDToken3",
                    "value": "Skip"
                }
            ]
        }
    ]
}'
https://<tenant-name>.forgeblocks.com/am/json/authenticate

Postman Collection Item JSON

{
  "name": "Step 2b: Authenticate as ID Cloud Admin using MFA Skip Callback, Get Session Token and Cookie Name",
  "event": [
    {
      "listen": "test",
      "script": {
        "exec": [
          "const JSONResponse = JSON.parse(responseBody);",
          "",
          "// Did request return SSO Token?",
          "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")",
          "{",
          "  // Set `adminSSOToken` variable",
          "  pm.globals.set(\"adminSSOToken\", JSONResponse.tokenId);",
          "",
          "  // Get custom cookie name",
          "  var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());",
          "  pm.collectionVariables.set(\"cookieName\", customCookieName);",
          "",
          "  // Remove `authId` variable",
          "  pm.globals.unset(\"authId\");",
          "",
          "}",
          "",
          "// Tests",
          "",
          "pm.test(\"Status code is 200\", () => {",
          "  pm.expect(pm.response.code).to.eql(200);",
          "});",
          "",
          "pm.test(\"Response contains tokenId\", function () {",
          "    pm.expect(JSONResponse).to.have.any.keys('tokenId');",
          "});",
          "",
          ""
        ],
        "type": "text/javascript"
      }
    }
  ],
  "protocolProfileBehavior": {
    "disableCookies": true
  },
  "request": {
    "method": "POST",
    "header": [
      {
        "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests.",
        "key": "Content-Type",
        "value": "application/json"
      },
      {
        "description": "Specifies the version of the `/json/authenticate` endpoint to use.",
        "key": "Accept-API-Version",
        "value": "resource=2.1, protocol=1.0"
      }
    ],
    "body": {
      "mode": "raw",
      "raw": "{\n    \"authId\": \"{{authId}}\",\n    \"callbacks\": [\n        {\n            \"type\": \"TextOutputCallback\",\n            \"output\": [\n                {\n                    \"name\": \"message\",\n                    \"value\": \"Skip\"\n                },\n                {\n                    \"name\": \"messageType\",\n                    \"value\": \"0\"\n                }\n            ]\n        },\n        {\n            \"type\": \"ConfirmationCallback\",\n            \"output\": [\n                {\n                    \"name\": \"prompt\",\n                    \"value\": \"\"\n                },\n                {\n                    \"name\": \"messageType\",\n                    \"value\": 0\n                },\n                {\n                    \"name\": \"options\",\n                    \"value\": [\n                        \"Set up\"\n                    ]\n                },\n                {\n                    \"name\": \"optionType\",\n                    \"value\": -1\n                },\n                {\n                    \"name\": \"defaultOption\",\n                    \"value\": 0\n                }\n            ],\n            \"input\": [\n                {\n                    \"name\": \"IDToken2\",\n                    \"value\": 0\n                }\n            ]\n        },\n        {\n            \"type\": \"HiddenValueCallback\",\n            \"output\": [\n                {\n                    \"name\": \"value\",\n                    \"value\": \"false\"\n                },\n                {\n                    \"name\": \"id\",\n                    \"value\": \"Skip\"\n                }\n            ],\n            \"input\": [\n                {\n                    \"name\": \"IDToken3\",\n                    \"value\": \"Skip\"\n                }\n            ]\n        }\n    ]\n}",
      "options": {
        "raw": {
          "language": "json"
        }
      }
    },
    "url": {
      "raw": "{{amUrl}}/json/authenticate",
      "host": [
        "{{amUrl}}"
      ],
      "path": [
        "json",
        "authenticate"
      ]
    },
    "description": "Return the MFA skip callbacks received from the previous step. \n\nThen get the session token from the response headers. To manually provide the session token name, navigate to **Tenant Settings** in the ID Cloud console and copy the *Cookie Name* value. Use this value in the `cookieName` variable in your Postman Collection."
  },
  "response": [
    {
      "name": "Success - authentication complete",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json",
            "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests."
          },
          {
            "key": "Accept-API-Version",
            "value": "resource=2.0, protocol=1.0",
            "description": "Specifies the version of the `/json/authenticate` endpoint to use."
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n    \"authId\": \"{{authId}}\",\n    \"callbacks\": [\n        {\n            \"type\": \"NameCallback\",\n            \"output\": [\n                {\n                    \"name\": \"prompt\",\n                    \"value\": \"User Name\"\n                }\n            ],\n            \"input\": [\n                {\n                    \"name\": \"IDToken1\",\n                    \"value\": \"{{postmanDemoUsername}}\"\n                }\n            ],\n            \"_id\": 0\n        },\n        {\n            \"type\": \"PasswordCallback\",\n            \"output\": [\n                {\n                    \"name\": \"prompt\",\n                    \"value\": \"Password\"\n                }\n            ],\n            \"input\": [\n                {\n                    \"name\": \"IDToken2\",\n                    \"value\": \"{{postmanDemoPassword}}\"\n                }\n            ],\n            \"_id\": 1\n        }\n    ]\n}",
          "options": {
            "raw": {
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}",
          "host": [
            "{{amUrl}}"
          ],
          "path": [
            "json{{realm}}",
            "authenticate"
          ],
          "query": [
            {
              "key": "authIndexType",
              "value": "service",
              "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request."
            },
            {
              "key": "authIndexValue",
              "value": "{{loginJourney}}",
              "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable."
            }
          ]
        }
      },
      "status": "OK",
      "code": 200,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "X-Frame-Options",
          "value": "SAMEORIGIN"
        },
        {
          "key": "X-Content-Type-Options",
          "value": "nosniff"
        },
        {
          "key": "Cache-Control",
          "value": "private"
        },
        {
          "key": "Cache-Control",
          "value": "no-cache, no-store, must-revalidate"
        },
        {
          "key": "Set-Cookie",
          "value": "iPlanetDirectoryPro=0_OKRrdKWp4qNlomyaBn3lRl23U.*AAJTSQACMDEAAlNLABxiNmZiTnVSV05IbUFNbWprV3ZndUlNdlVYNDg9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly"
        },
        {
          "key": "Set-Cookie",
          "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly"
        },
        {
          "key": "Content-API-Version",
          "value": "resource=2.1"
        },
        {
          "key": "Expires",
          "value": "0"
        },
        {
          "key": "Pragma",
          "value": "no-cache"
        },
        {
          "key": "Content-Type",
          "value": "application/json"
        },
        {
          "key": "Content-Length",
          "value": "167"
        },
        {
          "key": "Date",
          "value": "Wed, 12 Aug 2020 14:08:53 GMT"
        }
      ],
      "cookie": [
      ],
      "body": "{\n    \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n    \"successUrl\": \"/openam/console\",\n    \"realm\": \"/\"\n}"
    }
  ]
}