NFM-T is a secured application. Before accessing any REST services, external application needs to authenticate itself to 1350 application using below seven steps Authentication REST APIs.

API Function

HTTP Method

URL

User authentication with CAS.

POST

https://{serverIp}:443/cas/v1/tickets

username=<username>& password=<password>& presentation=<{{server}:8443}> 

Response: { TGT-ID}

“server address  = OTN Server IP”

Get Service Ticket for NFM-T

POST

https://{serverIp}/cas/v1/tickets/{TGT- ID}
 service=http://[OTN Server IP]/oms1350

Response: {Ticket for NFM-T}

Service Ticket NspOs

GET

https://{serverIp}/session-manager/login/cas

user=<username>& password=<password>& ticket=<{Ticket for NFM-T}>

Register SSO session Manager

GET

https://{serverIp}/session-manager/login?service

user=<username>& password=<password>& service=<{{ServerIP}:8443/oms1350/login/cas}>

Service Ticket for Session Manager

POST

https://{serverIp}/cas/v1/tickets/{TG-ID}

user=<username>& password=<password>& service=<{{ServerIP}:8443/oms1350/login/cas}>

Service Ticket for NFM-T Application

GET

https://{serverIp}:8443/oms1350/login/cas

user=<username>& password=<password>& ticket=<{Service Ticket}>

Fetch Session Information from NFM-T Application

GET

https://{serverIp}:8443/oms1350/data/common/sessionInfo

NFM-T Application uses Central Authentication Service (CAS) which is single sign-on protocol for the web, and its purpose is to permit a user to access application while providing their credential only once.

Client needs to execute below seven steps to get authenticated itself to NFM-T web application.

1.1 User authentication with CAS.

When the client visits an application desiring to authenticate to it, the application redirects it to CAS. CAS validates the client’s authenticity by checking a username and password against its db. If authentication succeeds, CAS returns security ticket (TGT Id).

Rest call details:  

URL = "http://{serverIp}:8443/cas/v1/tickets";

HTTP Method: POST

Input Parameters: username and password.

           [Presentation] = OTN IP address.

          Response: {TGT-ID}.

          Sample TGT Id: TGT-104-HYNRlJlN7PmKBOqlKPnTDs9djzmOydkuevkY0p1om5r7bIVgF3-cas01.example.org  

Code Snippet

private URI getTGTUrl(AuthInfo authInfo) {
HashMap requestHeaders = new HashMap();
requestHeaders.put("Content-Type", "application/x-www-form-urlencoded");

String tgtUrl = "https://" + authInfo.getServerIP() + ":443" + "/cas/v1/tickets";

MultiValueMap<String, String> payload = new LinkedMultiValueMap<String, String>();
payload.add("username", authInfo.getServerUser());
payload.add("password", authInfo.getServerPwd());
return postForLocation(tgtUrl, payload);

}

 

1.2 Get Service Ticket for NFM-T

Once getting the TGT-ID from the CAS server in the previous step, we should get the Service-Ticket by using the TGT-ID.

Rest call details:  

          URL = "http://{serverIp}:8443/cas/v1/tickets/<TGT-ID>";

           HTTP Method: POST

           Input Parameters: service= http://{serverIp}:8443/{serverIp}/session-manager/login/cas.

           [Service address] = OTN IP address.

          Response: {Service-Ticket}.

          Sample Service-Ticket: ST-104-r66nweiJSpXfzP6OOgDI-cas01.example.org

Code Snippet

private String getSTTicket(AuthInfo authInfo, URI tgtUrl) {
HashMap requestHeaders = new HashMap();
requestHeaders.put("Content-Type", "application/x-www-form-urlencoded");

String svcUrl = "https://" + authInfo.getServerIP() + "/session-manager/login/cas";

MultiValueMap<String, String> servicePayload = new LinkedMultiValueMap<String, String>();
servicePayload.add("username", authInfo.getServerUser());
return postForObject(tgtUrl, servicePayload, String.class);

}

1.3 Service Ticket NspOs

This is the third step of the authentication.After getting the Service-Ticket from the previous step, HTTP GET method on SessionManager URL to validate the ServiceTicket nspOS.  

Rest call details:  

URL = "http://{serverIp}:8443/session-manager/login/cas";

HTTP Method: GET

Input Parameters: Username : username for NFM-T presentation server

                                Password : password for NFM-T presentation server

                                Presentation : IP address of NFM-T presentation server

                                Ticket: Service-Ticket returned from previous step.

           [Service address] = OTN IP address.

          Response: JNLP File for LSM Application

          Sample TGT Id

Code Snippet

private ResponseEntity validateServiceTicket(AuthInfo authInfo, String st_ticket) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);

MultiValueMap<String, String> ticketPayload = new LinkedMultiValueMap<String, String>();
ticketPayload.add("ticket", st_ticket);HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(ticketPayload,headers);

String validateSessionUrl = "https://" + authInfo.getServerIP() + "/session-manager/login/cas";
return postForEntity(validateSessionUrl, request, String.class);

}

1.4 Register SSO session Manager

Once getting the TGT-ID from the CAS server in the previous step, we should get the Service-Ticket by using the TGT-ID.

Rest call details:  

          URL = "http://{serverIp}:/session-manager/login/<TGT-ID>";

           HTTP Method: GET

           Input Parameters: service= http://{serverIp}:8443/{serverIp}:8443/oms1350/login/cas/.

           [Service address] = OTN IP address.

Code Snippet

private ResponseEntity registerSession(AuthInfo authInfo, String nspOsCookie) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nspOsCookie);

HttpEntity<String> request = new HttpEntity<String>(headers);

String regSessionUrl = "https://" + authInfo.getServerIP() + "/session-manager/login?service=https://"+ authInfo.getServerIP() + ":8443/oms1350/login/cas";
servicePayload.add("username", authInfo.getServerUser());
return exchange(regSessionUrl, HttpMethod.GET, request, String.class);

}

1.5 Service Ticket for Session Manager

Once getting the TGT-ID from the CAS server in the previous in second step, we should get the Service-Ticket by using the TGT-ID.

Rest call details:  

          URL = "http://{serverIp}::443/cas/v1/tickets/<TGT-ID>";

           HTTP Method: POST

           Input Parameters: service= http://{serverIp}:8443/{serveIp}/session-manager/login/cas.

           [Service address] = OTN IP address.

          Response: {Service-Ticket}.

          Sample Service-Ticket: ST-104-r66nweiJSpXfzP6OOgDI-cas01.example.org

Code Snippet

private String generateSTViaTGTUrl(AuthInfo authInfo, String nspOsCookie, URI tgtUrl, String st_ticket) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nspOsCookie);

String svcUrl = "https://" + authInfo.getServerIP() + ":8443/oms1350/login/cas";
MultiValueMap<String, String> servicePayload = new LinkedMultiValueMap<String, String>();
servicePayload.add("service", svcUrl);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(servicePayload, headers);

return postForObject(tgtUrl, request, String.class);

}

1.6 Service Ticket for NFM-T Application

This is the sixth step of authentication.Once the service ticket is obtained as response in the previous step , HTTP GET method on SessionManager URL to validate the ServiceTicket NFM-T.

Rest call details:  

          URL = "http://{serverIp}:8443oms1350/login/cas/<TGT-ID>";

           HTTP Method: GET

           Input Parameters: service= http://[Service Ticket]:ST-66-HQVAlJSeAXCH3b7gtLGr-otneVM1.

           [Service address] = OTN IP address.

          Response: {Service-Ticket}.

          Sample Service-Ticket: ST-104-r66nweiJSpXfzP6OOgDI-cas01.example.org

Code Snippet

private ResponseEntity validateServiceTicket2(AuthInfo authInfo, String st_ticekt2, String nspOsCookie) {
String validateServiceTicketUrl = "https://" + authInfo.getServerIP() + ":8443/oms1350/login/cas";
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nspOsCookie);

MultiValueMap<String, String> ticketPayload = new LinkedMultiValueMap<String, String>();
ticketPayload.add("ticket", st_ticekt2);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(ticketPayload,headers);

return postForEntity(validateServiceTicketUrl, request, String.class);

}

1.7 Fetch Session Information from NFM-T Application

In this step we need to fetch the session information from the NFM-T Application after which we can access all the exposed REST services.  

Rest call details:  

URL = "http://{serverIp}:8443/oms1350/data/common/sessionInfo";

HTTP Method: GET

          Response: Session Info from the NFM-T Server

Code Snippet

private ResponseEntity retrieveSessionInfo(AuthInfo authInfo, String nfmtCookie) {

String retrieveSessionInfoUrl = "https://" + authInfo.getServerIP() + ":8443/oms1350/data/common/sessionInfo";

HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nfmtCookie);

HttpEntity<String> request = new HttpEntity<String>(headers);
return exchange(retrieveSessionInfoUrl, HttpMethod.GET, request, String.class);

}

NFM-T REST TEMPLATE CODE

Below is the complete code which authenticates the client code :

public class OMSRestTemplate extends RestTemplate {
private String myCookie = "";
private String urlPrefix = "";

public void authenticate ( AuthInfo authInfo ){
try {
nullHostNameVerifier();
turnOffSslChecking();
} catch (KeyManagementException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
List<String> successStatusCodes = Arrays.asList("200", "201", "302");}

URI tgtUrl = getTGTUrl(authInfo);
String st_ticket = getSTTicket(authInfo, tgtUrl);
ResponseEntity validateSessionResponse = validateServiceTicket(authInfo, st_ticket);
if (!successStatusCodes.contains(validateSessionResponse.getStatusCode().toString())) {
throw new Exception("Authentication failed at step 3 ");
}
String sessionResponse = validateSessionResponse.toString();
String nspOsCookie = sessionResponse.substring(sessionResponse.indexOf("NSPOS_JSESSIONID"),sessionResponse.indexOf("; Expires"));
ResponseEntity regSessionRes = registerSession(authInfo, nspOsCookie);
if (!successStatusCodes.contains(regSessionRes.getStatusCode().toString())) {
throw new Exception("Authentication failed at step 4 ");
}String st_ticekt2 = generateSTViaTGTUrl(authInfo, nspOsCookie, tgtUrl, st_ticket);
ResponseEntity validateSvcTicketRes = validateServiceTicket2(authInfo, st_ticekt2, nspOsCookie);
if (!successStatusCodes.contains(validateSvcTicketRes.getStatusCode().toString())) {
throw new Exception("Authentication failed at step 6");
}
String validateSvcticketResStr = validateSvcTicketRes.toString();
String nfmtCookie = validateSvcticketResStr.substring(validateSvcticketResStr.indexOf("JSESSIONID="),validateSvcticketResStr.indexOf("; Path="));
ResponseEntity sessionInfoRes = retrieveSessionInfo(authInfo, nfmtCookie);
setMyCookie(nfmtCookie);
setUrlPrefix("https://" + authInfo.getServerIP() + ":" + authInfo.getServerPort() + "/oms1350");
} catch (Exception e) {
}

}
/**
*
* When the client visits an application desiring to authenticate to it, the
* application redirects it to CAS. CAS validates the client’s authenticity
* by checking a username and password against its db. If authentication
* succeeds, CAS returns security ticket (TGT Id).
*
*
*/

private URI getTGTUrl(AuthInfo authInfo) {
HashMap requestHeaders = new HashMap();
requestHeaders.put("Content-Type", "application/x-www-form-urlencoded");

String tgtUrl = "https://" + authInfo.getServerIP() + ":443" + "/cas/v1/tickets";

MultiValueMap<String, String> payload = new LinkedMultiValueMap<String, String>();
payload.add("username", authInfo.getServerUser());
payload.add("password", authInfo.getServerPwd());
return postForLocation(tgtUrl, payload);

}
private String getSTTicket(AuthInfo authInfo, URI tgtUrl) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);

String svcUrl = "https://" + authInfo.getServerIP() + "/session-manager/login/cas";

MultiValueMap<String, String> servicePayload = new LinkedMultiValueMap<String, String>();
servicePayload.add("username", authInfo.getServerUser());
return postForObject(tgtUrl, servicePayload, String.class);

}
private ResponseEntity validateServiceTicket(AuthInfo authInfo, String st_ticket) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);

MultiValueMap<String, String> ticketPayload = new LinkedMultiValueMap<String, String>();
ticketPayload.add("ticket", st_ticket);HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(ticketPayload,headers);

String validateSessionUrl = "https://" + authInfo.getServerIP() + "/session-manager/login/cas";
return postForEntity(validateSessionUrl, request, String.class);

}
private ResponseEntity registerSession(AuthInfo authInfo, String nspOsCookie) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nspOsCookie);

HttpEntity<String> request = new HttpEntity<String>(headers);

String regSessionUrl = "https://" + authInfo.getServerIP() + "/session-manager/login?service=https://"+ authInfo.getServerIP() + ":8443/oms1350/login/cas";
servicePayload.add("username", authInfo.getServerUser());
return exchange(regSessionUrl, HttpMethod.GET, request, String.class);

}
private String generateSTViaTGTUrl(AuthInfo authInfo, String nspOsCookie, URI tgtUrl, String st_ticket) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nspOsCookie);

String svcUrl = "https://" + authInfo.getServerIP() + ":8443/oms1350/login/cas";
MultiValueMap<String, String> servicePayload = new LinkedMultiValueMap<String, String>();
servicePayload.add("service", svcUrl);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(servicePayload, headers);
return postForObject(tgtUrl, request, String.class);

}
private ResponseEntity validateServiceTicket2(AuthInfo authInfo, String st_ticekt2, String nspOsCookie) {
String validateServiceTicketUrl = "https://" + authInfo.getServerIP() + ":8443/oms1350/login/cas";
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nspOsCookie);

MultiValueMap<String, String> ticketPayload = new LinkedMultiValueMap<String, String>();
ticketPayload.add("ticket", st_ticekt2);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(ticketPayload,headers);
return postForEntity(validateServiceTicketUrl, request, String.class);

}
private ResponseEntity retrieveSessionInfo(AuthInfo authInfo, String nfmtCookie) {

String retrieveSessionInfoUrl = "https://" + authInfo.getServerIP() + ":8443/oms1350/data/common/sessionInfo";

HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.add("Cookie", nfmtCookie);

HttpEntity<String> request = new HttpEntity<String>(headers);
return exchange(retrieveSessionInfoUrl, HttpMethod.GET, request, String.class);

}

@Override
protected ClientHttpRequest createRequest(URI url, HttpMethod method) throws IOException {
ClientHttpRequest request = super.createRequest(url, method);
request.getHeaders().add("Cookie", myCookie);
return request;
}
public String getMyCookie() {
return myCookie;
}
public void setMyCookie(String myCookie) {
this.myCookie = myCookie;
}
private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers(){
return null;
}
public void checkClientTrusted( X509Certificate[] certs, String authType ){}
public void checkServerTrusted( X509Certificate[] certs, String authType ){}
}
};
public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
// Install the all-trusting trust manager
final SSLContext sc = SSLContext.getInstance("SSL");
sc.init( null, UNQUESTIONING_TRUST_MANAGER, null );
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
private static void nullHostNameVerifier (){
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
{
public boolean verify(String hostname, SSLSession session)
{
// ip address of the service URL(like.23.28.244.244)
//if (hostname.equals("135.250.16.122"))
return true;
//return false;
}
});
}
public String getUrlPrefix() {
return urlPrefix;
}
public void setUrlPrefix(String urlPrefix) {
this.urlPrefix = urlPrefix;
}
}

2. NFM-T Rest Call Client usage

REST CLIENT APPLICATION CODE

Below is the complete code of the client which uses authentication

public class NFMTRestClientApplication {
public static void main(String[] args) {
/**Authentication Information like Machine IP, username and password*/
AuthInfo authInfo = new AuthInfo();

/**create NFMTRestTemplate instance**/
NFMTRestTemplate nfmtRestTemplate = new NFMTRestTemplate ();

/**authenticate*/
nfmtRestTemplate.authenticate(authInfo);

// below is the sample to execute the service.Others can be implemented in the same way

CustomerService custSvc = new CustomerService ();
String resp = custSvc.getAllCustomers(nfmtRestTemplate);
}
}