03-22-2018 01:20 PM
Hi all,
is it possible to use REST API when SSO is enabled on the Finesse or this is not currently supported?I tried this on dcloud. I had one agent without SSO and API calls were working as expected from postman but when I tried same API calls for agent with SSO enabled these API calls were not success with 401 - unauthorized response from Finesser server.
Thx
Tomas
Solved! Go to Solution.
03-04-2021 05:35 AM
Our customer runs 11.6.
When I try for the https://<server>/finesse/api/UserAuthMode/<username>, I get a 404 not found.
I have used my test user which I've been issued by our customer. As I understand it, it should be SSO.
I assume I will then have to use the java API to get my user?
If so - I've been looking at https://developer.cisco.com/docs/contact-center-express/#!cisco-identity-service-client-sdk-guide/register-your-application to set up things on the Finesse side. Not sure what the redirect URL is needed for - if I need to implement a service there, what should it be able to do?
I guess all I should need would be the code given when I add my client app...but will I then be able to use that token to handle calls etc. on behalf of several users?
In the text above, it says I can also use a url parameter. So I should be able to call https://<FQDN>/desktop/sso/token?return_user=yes&cc_username=<MyUserName>
Not sure if I should add something to that call to prove who I am?
I think I've started rambling a bit, sorry for that.
I need to be able to act on behalf of several users in Finesse 11.6, for SSO (and non-SSO) users. The non-SSO users I've tried on your lab system, and that worked like a charm. I'm a bit confused as to which way I should go and what should work in 11.6.
03-04-2021 08:31 AM
Hi,
Our customer runs 11.6.
When I try for the https://<server>/finesse/api/UserAuthMode/<username>, I get a 404 not found.
I have used my test user which I've been issued by our customer. As I understand it, it should be SSO.
Unfortunately, the UserAuthMode API was added in 12.5. Here is the doc specific to 11.6: https://pubhub.devnetcloud.com/media/finesse/docs/downloads/previous-documentation/developer-guide/Cisco_Finesse_Web_Services_Developer_Guide_Release_11.6(1).pdf
I have used my test user which I've been issued by our customer. As I understand it, it should be SSO.
I assume I will then have to use the java API to get my user?
If so - I've been looking at https://developer.cisco.com/docs/contact-center-express/#!cisco-identity-service-client-sdk-guide/register-your-application to set up things on the Finesse side. Not sure what the redirect URL is needed for - if I need to implement a service there, what should it be able to do?
I guess all I should need would be the code given when I add my client app...but will I then be able to use that token to handle calls etc. on behalf of several users?
Sorry, I don't know too much about the identity service client sdk so I cannot answer your questions on that. In terms of having a token to handle calls on behalf of several users, that will not work. The token is per user and the APIs will authenticate based on user. What I mean is an API against agent1 can only work for agent1's token (and maybe the supervisor depending on the API).
In the text above, it says I can also use a url parameter. So I should be able to call https://<FQDN>/desktop/sso/token?return_user=yes&cc_username=<MyUserName>
Not sure if I should add something to that call to prove who I am?
The cc_username only works for 12.5 systems.
I need to be able to act on behalf of several users in Finesse 11.6, for SSO (and non-SSO) users. The non-SSO users I've tried on your lab system, and that worked like a charm.
You will not be able to get a token to act on behalf of several users in Finesse. Finesse is built to be a 1 to 1 usage where an individual uses APIs for themselves.
I'm a bit confused as to which way I should go and what should work in 11.6.
I hate to say it but SSO with APIs was half-baked until Finesse 12.5. If the 11.6 system is in hybrid mode, then it will not work at all. This is probably not what you wanted to hear though.
Thanx,
Denise
Thanx,
Denise
03-05-2021 06:09 AM
While not what I wanted to hear, at least now I know.
If we use 12.5+, SSO will work for us, as I understand it. Will we need to make changes to the REST calls (we have been using Cisco_Finesse_Web_Services_Developer_Guide_Release_11.6.pdf and the online documentation) or the XMPP event receiving mechanism, or does that work in the same way in 12.5+ ? If so, we might try to persuade our customer to either upgrade or drop SSO.
03-05-2021 08:54 AM
Hi,
If we use 12.5+, SSO will work for us, as I understand it.
Correct. You will be able to use the UserAuthMode API to see if the user is in SSO or non-SSO mode (for the hybrid systems). You will be able to use the cc_username query parameter in the token API.
Will we need to make changes to the REST calls (we have been using Cisco_Finesse_Web_Services_Developer_Guide_Release_11.6.pdf and the online documentation) or the XMPP event receiving mechanism, or does that work in the same way in 12.5+ ? If so, we might try to persuade our customer to either upgrade or drop SSO.
The REST API requests and XMPP mechanism works the same way in 12.5. All of the custom gadgets will also continue to work as is. In 12.0 and later (so of course 12.5), there was a UI refresh and is more efficient.
Thanx,
Denise
11-09-2021 05:14 AM
Hi Denise,
can you help?
How can I use SSO from website - just to make click to call button.
I know the steps, but I cannot make it done with just javascript. I cannot fetch access token.
I need get token with user than with token and user id I can get the user extension and make new dialog with token auth. But the issue is that I cannot get that token via AJAX or XHR request.
Any idea how to make it works?
Thank you,
Jozef
11-09-2021 10:32 AM
Hi Jozef,
Are you trying to use SSO from a third party website? Take a look at this doc: https://developer.cisco.com/docs/finesse/#!rest-api-with-sso-guide-client-integration
Also, what version of Finesse are you using?
Thanx,
Denise
11-10-2021 12:37 AM
Hi Denise,
Finesse version is 12.5
I try to get token on different domains, but there is issue to fetch the token also from finesse domain. The first issue is CORS and CORB. The CORS is enabled and allowed from finesse servers and all other APIs work good, just fetch token has CORS issue (in dev I can preflight CORS with extensions).
I tried to use ajax, XHR and also fetch without any progress. I can get token just if I go directly to tokens API url. I cannot get token with using just javascript from any domain.
11-10-2021 08:32 AM
Hi,
In the past, the Finesse team had stated that the SSO APIs do not work on different domains.
Thanx,
Denise
04-14-2023 06:03 AM
Hi @jozefnad
I am also facing this issue.
Were you able to resolve this?
04-21-2023 05:17 AM
Try to create middleware/proxy for it and it should work for you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide