Solved: Webex XML API Authentication issue

Saurabh.Agrahari · ‎11-24-2016

Hi All,

I need to utilize webex XML API to call User Services. In our organization Webex Access is through SSO . I need to know the best way to provide authentication information to invoke XML APIs in this case. I read in XML API Document section 3.1Authenticate User -- We can send SiteAdmin id / pwd in Header and SAML assertion in Body. That will generate a ticket and that can be used in the session duration.

I have couple of queries in this regard -

1. What is the recommended authentication mechanism by WEBEX for situations like this.

2. Will the webex tenant allow for username/password authentication for certain users(service accounts) while SSO is turned on the rest of the users.

3. If SAML token needs to be passed, what exact steps need to be followed. e.g. - What if the IDP does not expose APIs to get SAML assertion.

ryanhunt · ‎11-28-2016

SiteAdmins can login with defined passwords on SSO Enabled WebEx Sites; any API calls that have to be called on the users behalf will require you to AuthenticateUser and issue the calls with that token instead of a password.

This requires the IDP to expose a method for your software to retrieve SAML assertions to login as normal users on any SSO site.

View solution in original post

ryanhunt · ‎11-28-2016

SiteAdmins can login with defined passwords on SSO Enabled WebEx Sites; any API calls that have to be called on the users behalf will require you to AuthenticateUser and issue the calls with that token instead of a password.

This requires the IDP to expose a method for your software to retrieve SAML assertions to login as normal users on any SSO site.

PWJPW · ‎06-19-2017

Dear Ryan

We're trying to get the XML API working with our Spark (inc. Webex Enterprise 200) account. If I dont enable SSO, I can query the XML API just fine with the siteadmin username and password. However, when using SSO, the username and password no longer works. We're only using the siteadmin user/pass to get Meeting info, so we're NOT looking to make API calls on a users behalf.

You mentioned in your reply above that even with SSO enabled on a webex site, we should be able to use the site admin account with a normal username and password. Can you advise further how? I'm hoping we don't need to worry about the SAML assertion document because we're just wanting to use the site admin account, not individual users.

webex.xml:

---------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>

<serv:message xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<siteName>mysitename</siteName>

<webExID>mysiteadminuser</webExID>

</securityContext>

</header>

<body>

<bodyContent

xsi:type="java:com.webex.service.binding.meeting.LstsummaryMeeting">

</listControl>

<order>

<orderBy>HOSTWEBEXID</orderBy>

<orderBy>CONFNAME</orderBy>

<orderBy>STARTTIME</orderBy>

</order>

</bodyContent>

</body>

</serv:message>

---------------------------------------------

With SSO disabled I get an expected response:

---------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>

<serv:message xmlns:serv="http://www.webex.com/schemas/2002/06/service" xmlns:com="http://www.webex.com/schemas/2002/06/common" xmlns:meet="http://www.webex.com/schemas/2002/06/service/meeting" xmlns:att="http://www.webex.com/schemas/2002/06/service/attendee"><serv:header><serv:response><serv:result>SUCCESS</serv:result><serv:gsbStatus>PRIMARY</serv:gsbStatus></serv:response></serv:header><serv:body><serv:bodyContent xsi:type="meet:lstsummaryMeetingResponse" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><meet:meeting><meet:meetingKey>1234567890</meet:meetingKey><meet:confName>My meeting</meet:confName><meet:meetingType>214</meet:meetingType><meet:hostWebExID>my12</meet:hostWebExID><meet:otherHostWebExID>abc@123</meet:otherHostWebExID><meet:timeZoneID>21</meet:timeZoneID><meet:timeZone>GMT+01:00, Western European (London)</meet:timeZone><meet:status>NOT_INPROGRESS</meet:status><meet:startDate>06/19/2017 15:15:00</meet:startDate><meet:duration>60</meet:duration><meet:listStatus>UNLISTED</meet:listStatus><meet:hostJoined>false</meet:hostJoined><meet:participantsJoined>false</meet:participantsJoined><meet:telePresence>false</meet:telePresence></meet:meeting><meet:matchingRecords><serv:total>105</serv:total><serv:returned>1</serv:returned><serv:startFrom>1</serv:startFrom></meet:matchingRecords></serv:bodyContent></serv:body></serv:message>

---------------------------------------------

With SSO enabled (sending the same as above):

---------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>

<serv:message xmlns:serv="http://www.webex.com/schemas/2002/06/service" xmlns:com="http://www.webex.com/schemas/2002/06/common" xmlns:meet="http://www.webex.com/schemas/2002/06/service/meeting" xmlns:att="http://www.webex.com/schemas/2002/06/service/attendee"><serv:header><serv:response><serv:result>FAILURE</serv:result><serv:reason>Incorrect user or password</serv:reason><serv:gsbStatus>PRIMARY</serv:gsbStatus><serv:exceptionID>030002</serv:exceptionID></serv:response></serv:header><serv:body><serv:bodyContent/></serv:body></serv:message>

---------------------------------------------

Any help would be great.

James