cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1418
Views
30
Helpful
18
Replies
cukouncukoun
Beginner

Finesse 11.6 REST API with SSO

Hi all,

is it possible to use REST API when SSO is enabled on the Finesse or this is not currently supported?I tried this on dcloud. I had one agent without SSO and API calls were working as expected from postman but when I tried same API calls for agent with SSO enabled these API calls were not success with 401 - unauthorized response from Finesser server.

Thx

Tomas

18 REPLIES 18

Our customer runs 11.6.

 

When I try for the https://<server>/finesse/api/UserAuthMode/<username>, I get a 404 not found.

 

I have used my test user which I've been issued by our customer. As I understand it, it should be SSO.

I assume I will then have to use the java API to get my user?

If so - I've been looking at https://developer.cisco.com/docs/contact-center-express/#!cisco-identity-service-client-sdk-guide/register-your-application to set up things on the Finesse side. Not sure what the redirect URL is needed for - if I need to implement a service there, what should it be able to do?

I guess all I should need would be the code given when I add my client app...but will I then be able to use that token to handle calls etc. on behalf of several users?

 

In the text above, it says I can also use a url parameter. So I should be able to call https://<FQDN>/desktop/sso/token?return_user=yes&cc_username=<MyUserName>

Not sure if I should add something to that call to prove who I am?

 

I think I've started rambling a bit, sorry for that.

I need to be able to act on behalf of several users in Finesse 11.6, for SSO (and non-SSO) users.  The non-SSO users I've tried on your lab system, and that worked like a charm. I'm a bit confused as to which way I should go and what should work in 11.6.

Hi,

Our customer runs 11.6.

 

When I try for the https://<server>/finesse/api/UserAuthMode/<username>, I get a 404 not found.

 

I have used my test user which I've been issued by our customer. As I understand it, it should be SSO.


Unfortunately, the UserAuthMode API was added in 12.5. Here is the doc specific to 11.6: https://pubhub.devnetcloud.com/media/finesse/docs/downloads/previous-documentation/developer-guide/Cisco_Finesse_Web_Services_Developer_Guide_Release_11.6(1).pdf

 


I have used my test user which I've been issued by our customer. As I understand it, it should be SSO.

I assume I will then have to use the java API to get my user?

If so - I've been looking at https://developer.cisco.com/docs/contact-center-express/#!cisco-identity-service-client-sdk-guide/register-your-application to set up things on the Finesse side. Not sure what the redirect URL is needed for - if I need to implement a service there, what should it be able to do?

I guess all I should need would be the code given when I add my client app...but will I then be able to use that token to handle calls etc. on behalf of several users?


Sorry, I don't know too much about the identity service client sdk so I cannot answer your questions on that. In terms of having a token to handle calls on behalf of several users, that will not work. The token is per user and the APIs will authenticate based on user. What I mean is an API against agent1 can only work for agent1's token (and maybe the supervisor depending on the API).

 


In the text above, it says I can also use a url parameter. So I should be able to call https://<FQDN>/desktop/sso/token?return_user=yes&cc_username=<MyUserName>

Not sure if I should add something to that call to prove who I am?


The cc_username only works for 12.5 systems.

 


I need to be able to act on behalf of several users in Finesse 11.6, for SSO (and non-SSO) users.  The non-SSO users I've tried on your lab system, and that worked like a charm.

You will not be able to get a token to act on behalf of several users in Finesse. Finesse is built to be a 1 to 1 usage where an individual uses APIs for themselves.

 


I'm a bit confused as to which way I should go and what should work in 11.6.

I hate to say it but SSO with APIs was half-baked until Finesse 12.5. If the 11.6 system is in hybrid mode, then it will not work at all. This is probably not what you wanted to hear though.

 

Thanx,

Denise

 

Thanx,

Denise

 

 

While not what I wanted to hear, at least now I know.

 

If we use 12.5+, SSO will work for us, as I understand it. Will we need to make changes to the REST calls (we have been using Cisco_Finesse_Web_Services_Developer_Guide_Release_11.6.pdf and the online documentation) or the XMPP event receiving mechanism, or does that work in the same way in 12.5+ ? If so, we might try to persuade our customer to either upgrade or drop SSO.

Hi,

 


If we use 12.5+, SSO will work for us, as I understand it.

Correct. You will be able to use the UserAuthMode API to see if the user is in SSO or non-SSO mode (for the hybrid systems). You will be able to use the cc_username query parameter in the token API.

 


Will we need to make changes to the REST calls (we have been using Cisco_Finesse_Web_Services_Developer_Guide_Release_11.6.pdf and the online documentation) or the XMPP event receiving mechanism, or does that work in the same way in 12.5+ ? If so, we might try to persuade our customer to either upgrade or drop SSO.

The REST API requests and XMPP mechanism works the same way in 12.5. All of the custom gadgets will also continue to work as is. In 12.0 and later (so of course 12.5), there was a UI refresh and is more efficient.

 

Thanx,

Denise

Content for Community-Ad