How do you authenticate to the Cisco Contact Center Express Identity Service?
I’m building a 3rd-party app to authenticate with Contact Center Express. Documents are necessary, but not sufficient to achieve this. For example,
// Get Access Token for the received Authorization Code
String redirectURI = config.getRedirectUri();
AccessToken token = client.getAccessToken(authCode, redirectURI);
When and where do you redirect users to Contact Center for authentication? I’ve observed that Finesse redirects users to
But where do you specify the use of identity service (IDS) path/ids/v1/oauth/authorize
? Is state a required parameter? Does the IDS SDK handle callback paths/desktop/sso/authcode
? I guess it won’t, but what are the parameters that will be sent to it? I’m using the Spring Framework.
Do I reverse engineer the entire process, or am I missing additional documentation?
Even after receiving the OAuth token, how can I use it to make additional REST calls to other Cisco products? The Finesse REST API only mentions HTTP Basic authentication. There is no mention of the header of the “Authorization: Bearer” token.
https://developer.cisco.com/docs/finesse/#!sign-in-to-finesse/sign-in-to-finesse
Solution
I have to reverse engineer it after all the redirects.
@Controller
public class SSOController {
@Autowired
private IdSClientConfigurationImpl config;
@Autowired
private IdSClient client;
@PostMapping("/login")
public String login(@RequestParam(name="user", required=true) String user) {
redirect the user to the Cisco Contact Center Express Identity Service
String redirectURI = config.getRedirectUri();
String clientId = config.getClientId();
URI uri = UriComponentsBuilder
.fromUriString("https://contact-center-express:8553/ids/v1/oauth/authorize")
.queryParam("redirect_uri", "{redirect_uri}")
.queryParam("client_id", "{client_id}")
.queryParam("state", "{state}") // base64 encoded
.queryParam("response_type", "code")
.build(redirectURI, clientId);
return "redirect:"+uri.toString();
}
@GetMapping("/idscallback")
public String idscallback(
@RequestParam(name="code", required=true) String code,
@RequestParam(name="state", required=false) String state,
HttpSession session) throws IdSClientException {
Get Access Token for the received Authorization Code
String redirectURI = config.getRedirectUri();
AccessToken token = client.getAccessToken(code, redirectURI); why do I need redirectURI when it's already redirected?
String accessTokenString = token.getAccess_token();
session.setAttribute("token", accessTokenString);
model.addAttribute("token", accessTokenString);
return "redirect:/";
}
In a bean far, far away….
@Bean
public IdSClientConfigurationImpl config() throws IOException, IdSClientException {
ClassPathResource idsclientResource = new ClassPathResource("idsclient.properties");
IdSClientConfigurationImpl config = new IdSClientConfigurationImpl(idsclientResource.getFile().getPath());
IdSClientConfigurationImpl config = new IdSClientConfigurationImpl("src/main/resources/idsclient.properties");
config.load();
return config;
}
@Bean
public IdSClient setupIdsClient() throws IOException, IdSClientException {
IdSClient client = IdSClientFactory.getIdSClient();
client.setTLSContext(createSSLTrustManager(), createHostnameVerifier());
client.setTLSContext(arg0, arg1) // use secure trust manager and hostname verifier in production
client.init(config);
return client;
}
private X509TrustManager createSSLTrustManager() {
X509TrustManager tm = new TrustAllX509TrustManager();
return tm;
}
private HostnameVerifier createHostnameVerifier() {
HostnameVerifier hv = new SkipAllHostNameVerifier();
return hv;
}