Solved: Re: Viya 3.5 - Creation of Authentication domain from code

idziemianczyk · Posted 07-07-2021 08:31 AM

Hi community,

I'm able to create authenticated domain in the Environment Manager.

Is it possible to create a new AuthDomain from CLI or REST API call? Could you please provide an example of it. I haven't found any documentation about the creation of authenticated-domain from REST API or CLI.

There is a piece of code in Python link, but I'm not as familiar with Python to translate it to REST API call.

Thanks in advance

gwootton · Posted 07-07-2021 09:07 AM

Yes, this is possible through the credentials REST API using a PUT call to the endpoint /credentials/domains/{domain_id}. This would either create an authentication domain with that ID or update it if it already exists.

The body would contain the id and type, and optionally a description and label. For example:

curl --location --request PUT 'http://viya.demo.sas.com/credentials/domains/TestDomain' \
--header 'Accept: application/vnd.sas.credential.domain+json, application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
"id": "TestDomain",
"description": "This is a test domain.",
"label": "label",
"type": "password"
}'

--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

gwootton · Posted 07-07-2021 09:07 AM

Yes, this is possible through the credentials REST API using a PUT call to the endpoint /credentials/domains/{domain_id}. This would either create an authentication domain with that ID or update it if it already exists.

The body would contain the id and type, and optionally a description and label. For example:

curl --location --request PUT 'http://viya.demo.sas.com/credentials/domains/TestDomain' \
--header 'Accept: application/vnd.sas.credential.domain+json, application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
"id": "TestDomain",
"description": "This is a test domain.",
"label": "label",
"type": "password"
}'

--
Greg Wootton | Principal Systems Technical Support Engineer

idziemianczyk · Posted 05-19-2022 07:46 AM

Hello @gwootton, thanks for your help.

Do you have an idea if we can add USER and PASSWORD into this(or another) into the Authdomain + assign it to groups?

I didn't find any examples of creation PUT request for Authdomain credentials. I can only check existing credentials with the following GET request.

GET https://<server>/credentials/domains/TestDomain/credentials

Could you please help me to build PUT request for adding credentials:

USER + PASSWORD and assign the access to groups.

For eg.

USER: ORACLE_TEST

PASSWORD: ORACLE_PASS

Credentials: SASAdministrators, DataBuilders

gwootton · Posted 05-19-2022 11:57 AM

Yes the endpoint for adding credentials to an authentication domain for a group would be specific to the group so you'd need to do one for SASAdministrators and one for DataBuilders in your example (or make a new group that both SASAdministrators and DataBuilders is a member of and add it to that):

PUT /credentials/domains/{{ domain id}}/groups/{{ group id }}

with a body
'{
"domainId": "{{ domain id }}",
"identityType": "group",
"identityId": "{{ group id }}",
"domainType": "password",
"properties": {
"userId": "ORACLE_TEST"
},
"secrets": {
"password": "{{ base 64 encoded password }}"
}
}'

You can use the command "base64" to encode the password, the -n prevents echo from sending a newline character:

$ echo -n "ORACLE_PASS" | base64
T1JBQ0xFX1BBU1M=

--
Greg Wootton | Principal Systems Technical Support Engineer