cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1910
Views
10
Helpful
10
Replies

How to make a RESI call to windows NTLM secured API?

House Cat
Level 1
Level 1

Greetings,

In my UCCX script I'm trying to "make rest call" to NTLM (integrated windows authentication), i've tried just username and domain\username - no luck.

Guess, UCCX is lunix and doesn't support NTLM.

 

How can i make this work?

1 Accepted Solution

Accepted Solutions


@Sean Lynch wrote:

...UCCX REST API calls to third party servers is only supported by basic authentication.


Actually, you can use more than just Basic Auth with the Make REST Call step.  In fact, the documentation gives an example of using token based auth.

 

uccx-make-rest-headers.png

uccx-make-rest-headers-doc.png

View solution in original post

10 Replies 10

Anthony Holloway
Cisco Employee
Cisco Employee
I don't have a way, that I know of, to test this at the moment, but according to this site:
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/understanding-http-authentication

It says:
"NTLM authentication requires multiple exchanges between the client and server. The server and any intervening proxies must support persistent connections to successfully complete the authentication."

And to the best of my knowledge, neither one of those two things required: multiple exchanges or persistent connections, are available with the make rest call step.

Therefore, you might need to look into doing this with pure Java implementation, like so:
https://stackoverflow.com/questions/42350027/http-post-requests-unsing-ntlm-authentication-java

However, if you've never adapted a pure java solution to UCCX, you might find that it's either impossible, or at the very least, pretty complex. In the most extreme cases of success, you will have to upload some java libraries to the UCCX Engine and restart the server before you can even test the code out.

I don't know your level of expertise with all of this, and the skills required to solve it span MS, Java, UCCX and Web Development, so it can be a tricky task for anyone to do on their own. Do you have co-workers in one or more of these area to assist you?

Sean Lynch
Level 7
Level 7

I'm not entirely certain of what you are attempting.  From what I understand, UCCX REST API calls to third party servers is only supported by basic authentication.  At this time I can't find a specific reference--and I know I've seen one on the DEVnet site.

Basic auth with certificate validation...  A signed security certificate must be uploaded to the UCCX Tomcat store, so UCCX will trust the third party web service/REST API target.

" ...If you access the external secure REST APIs, upload certificates to platform Tomcat's keystore. The engine Tomcat picks them up from platform Tomcat."  (from the 'Help' file on the REST API palette item).

Hope this helps.

-Sean

 


@Sean Lynch wrote:

...UCCX REST API calls to third party servers is only supported by basic authentication.


Actually, you can use more than just Basic Auth with the Make REST Call step.  In fact, the documentation gives an example of using token based auth.

 

uccx-make-rest-headers.png

uccx-make-rest-headers-doc.png

...ah, yes.  More things to learn.  I will need to be more specific in the future, as I am still only working on UCCX release 10.6(1):

2020-0413-restAPI106.png

...only has Basic Auth

 

For the latest release as referenced on DevNET:

2020-0413-restAPI12x.png

...I have a lot to look forward to (and learn) once we upgrade.  Yup yup.

-Sean

I see, yeah, 10.6(1) is pretty limited. You also get to look forward to the XML companion steps for JSON in 11.6+!

...the JSON stuff is what I'm really going to be focused on--as we are switching to a middle-ware solution that responds with JSON.
Looking forward to it. ...and I'm sure I'll be posting quite a bit to this effect when we arrive.
Thanks!
-Sean

You replied in a JSON Path thread somewhat recently, and I also replied. Be sure to read my response, because Jaway JSONPath is a little different than most. Good luck.

Yup. I saw it. And bookmarked...
-Sean

I read this post and called up to API owner, eventually negotiated to basic auth :)

Good to know!