Java – How do you authenticate to the Cisco Contact Center Express Identity Service?

How do you authenticate to the Cisco Contact Center Express Identity Service?… here is a solution to the problem.

How do you authenticate to the Cisco Contact Center Express Identity Service?

I’m building a 3rd-party app to authenticate with Contact Center Express. Documents are necessary, but not sufficient to achieve this. For example,

https://developer.cisco.com/docs/contact-center-express/#!cisco-identity-service-client-sdk-guide/during-agent-login

// Get Access Token for the received Authorization Code
String redirectURI = config.getRedirectUri();
AccessToken token = client.getAccessToken(authCode, redirectURI);

When and where do you redirect users to Contact Center for authentication? I’ve observed that Finesse redirects users to

https://contactcenter.example.com:8553/ids/v1/oauth/authorize?redirect_uri=https%3A%2F%2Ffinesse.example.com%3A443%2Fdesktop%2Fsso%2Fauthcode&client_id=8a75xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&state=aHR0cHM6Ly92bS1mLWZpbi1hLmRldi5pbi5zcGluc2NpLmNvbS9kZXNrdG9wL2pfaWRlbnRpdHlfY2hlY2s%2FZXJyb3I9dHJ1ZQlhcHBsb2dpbg%3D%3D&response_type=code

But where do you specify the use of identity service (IDS) path/ids/v1/oauth/authorize? Is state a required parameter? Does the IDS SDK handle callback paths/desktop/sso/authcode? I guess it won’t, but what are the parameters that will be sent to it? I’m using the Spring Framework.

Do I reverse engineer the entire process, or am I missing additional documentation?

Even after receiving the OAuth token, how can I use it to make additional REST calls to other Cisco products? The Finesse REST API only mentions HTTP Basic authentication. There is no mention of the header of the “Authorization: Bearer” token.

https://developer.cisco.com/docs/finesse/#!sign-in-to-finesse/sign-in-to-finesse

Solution

I have to reverse engineer it after all the redirects.

@Controller
public class SSOController {

@Autowired
    private IdSClientConfigurationImpl config;

@Autowired 
    private IdSClient client;

@PostMapping("/login")
    public String login(@RequestParam(name="user", required=true) String user) {
         redirect the user to the Cisco Contact Center Express Identity Service
        String redirectURI = config.getRedirectUri();
        String clientId = config.getClientId();

URI uri = UriComponentsBuilder
                .fromUriString("https://contact-center-express:8553/ids/v1/oauth/authorize")
                .queryParam("redirect_uri", "{redirect_uri}")
                .queryParam("client_id", "{client_id}")
              .queryParam("state", "{state}") // base64 encoded
                .queryParam("response_type", "code")
                .build(redirectURI, clientId);
        return "redirect:"+uri.toString();
    }

@GetMapping("/idscallback")
    public String idscallback(
            @RequestParam(name="code", required=true) String code, 
            @RequestParam(name="state", required=false) String state,
            HttpSession session) throws IdSClientException {

 Get Access Token for the received Authorization Code
        String redirectURI = config.getRedirectUri();
        AccessToken token = client.getAccessToken(code, redirectURI);  why do I need redirectURI when it's already redirected?
        String accessTokenString = token.getAccess_token();
        session.setAttribute("token", accessTokenString);
      model.addAttribute("token", accessTokenString);     
        return "redirect:/";
    }

In a bean far, far away….

    @Bean
    public IdSClientConfigurationImpl config() throws IOException, IdSClientException {
        ClassPathResource idsclientResource = new ClassPathResource("idsclient.properties");
        IdSClientConfigurationImpl config = new IdSClientConfigurationImpl(idsclientResource.getFile().getPath());
      IdSClientConfigurationImpl config = new IdSClientConfigurationImpl("src/main/resources/idsclient.properties");
        config.load();
        return config;
    }

@Bean
    public IdSClient setupIdsClient() throws IOException, IdSClientException {
        IdSClient client = IdSClientFactory.getIdSClient();
        client.setTLSContext(createSSLTrustManager(), createHostnameVerifier());
      client.setTLSContext(arg0, arg1) // use secure trust manager and hostname verifier in production
        client.init(config);
        return client;
    }

private X509TrustManager createSSLTrustManager() {
        X509TrustManager tm = new TrustAllX509TrustManager();
        return tm;  
    }

private HostnameVerifier createHostnameVerifier() {
        HostnameVerifier hv = new SkipAllHostNameVerifier();
        return hv;
    }

Related Problems and Solutions