REST calls without headers… how

This topic contains 1 voice and has 0 replies.

  • Author
    Posts
  • #26016
     mlu 
    Participant

    Greetings,

    I’m following what is outlined here (https://backstage.forgerock.com/docs/idm/6/integrators-guide/#internal-managed-authentication).

    I’ve created external log in page which sends post to openidm/authentication?_action=login. Server returns property mappings as well as httpOnly cookie. This allows me to make subsequent requests to /openidm/config/ or to openidm/config/provisioner.openicf/QADevAccount466673. I’m able to hit these two end points without having to specify X-OpenIDM-Username and X-OpenIDM-Password headers. However when I try to POST, PUT or DELETE on these endpoints server returns 401/403. To make things interesting when I set X-OpenIDM-Username and X-OpenIDM-Password on POST, PUT or DELETE request completes successfully.

    Now, I don’t want to believe that API is forcing me to send these headers all the time as this would mean that application needs to maintain username and password in order for user to perform anything but GET.

    Could someone shed some light on this for me please?

    Best regards,

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?