Example of Oauth client application authenticated with SSO

Document ID : KB000057622
Last Modified Date : 14/02/2018
Show Technical Document Details


Is there an example of an Oauth client application that works in SSO environment?


CA Agile Central Application Manager documentation
ApiKey and Oauth client FAQ KnowledgeBase article
Examples in RallySoftware GitHub repository
SSO KnowledgeBase article

Writing and debugging code is outside of CA Agile Central support's scope. The example used in this article as well as the examples in RallySoftware GitHub repository are not supported.

Per SSO KnowledgeBase article:

We recommend that customers who are using integrations or the Web Services API will authenticate WS API requests with ApiKeys. ?As of April 16, 2015 ApiKey works for users who exclusively authenticate via SSO. There is no longer a requirement to add api users to the exceptions list if ApiKey is used.
Currently, our connectors/integrations?do not support SAML-based authentication. It is possible to write an integration that can acquire a SAML token from an Identity Provider, but no one has done this yet. If you need help with custom coding please see How Technical Services Can Help You.

Example with SSO:

In the steps below we will use a node example from RallySoftware repository that we will take a little further to show that a CA Agile Central endpoint authenticated with SSO via Oauth client returns expected data.

1. Create Oauth client in CA Agile Central Application Manager:

User-added image
2. Get Client ID and Client Secret:

User-added image
3. click "Save". Oauth client application is created:

User-added image
4. In this example we clone a node example from RallySoftware repository.? For the purposes of this demonstration we set required constants only temporarily - they will last for a terminal session only:
$ export CLIENT_ID="0e..."

$ export CLIENT_SECRET="Cz.."

$ export SERVER_URL="http://localhost:3000"

$ npm install

$ npm start

5. Start our app:

User-added image
6. To use SSO authentication, we login to SSO first. Then we click on Authenticate. Click on "Allow Access":

User-added image

7. The AccessToken is displayed:

User-added image
8. The purpose of this article is to show how to use the access token. Add the following routing to index.js. Our goal is to make sure that the Access Token passed to zsessionid is going to authenticate hierarchicalrequest successfully. Notice this is not very different from authenticating cURL requests or requests in a browser REST client as shown in this article.
router.get('/stories', function (req, res, next){
    method: 'GET',
    url: 'https://rally1.rallydev.com/slm/webservice/v2.x/hierarchicalrequirement?query=(CreationDate > 2015-09-01)',
    jar: false,
    headers: {
      zsessionid: req.user.accessToken
  },function(err, response, body){

9. Go to localhost:3000/stories. Check response in the terminal. It should look similar to this.

User-added image

We chose to redirect results to console since it is outside of the scope of this article to walk through a full Oath client application design. The goal was to show how to use access token to authenticate requests using zsessionid header.