PhenixID DocumentationPhenixID Authentication ServicesSolutionsHTTP API ConfigurationHow to setup the HTTP API for PhenixID OneTouch authentication (Push)

How to setup the HTTP API for PhenixID OneTouch authentication (Push)

This article will describe how to setup the HTTP API for PhenixID OneTouch authentication (using push / assignment).

Prerequisites

- PAS 3.0 or higher installed

- PhenixID OneTouch configured

Authentication

It is recommended to add authentication to the API. These authentication methods are supported:

- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.

- Basic authentication
Add valves to the pipes to perform basic authentication verification.

Add local http-api module

- Login to configuration manager

- Click the Advanced tab

- Open Modules (click on the pen)

- Add this module (if module is already added, only add tenant and/or allowedOperation):

{
		"module": "com.phenixidentity~phenix-api-authenticate",
		"enabled": "true",
		"config": {
                     "http_configuration_ref": "d8baaa02-2ead-473c-88b8-a7aa08a53332",
                     "tenant": [
				{
					"id": "t1",
					"displayName": "Tenant1",
					"allowedOperation": [
						"onetouch_start_auth",
						"onetouch_check_auth"
					]
}
			]
		},
		"id": "authapi_module"
	}

- Replace the http_configuration_ref with used http listener

- Click Stage Changes and Commit Changes

- Open NODE_GROUPS (click on the pen)

- Add id of the newly added module to module_refs. Example below. (You can skip this step if the module was already added)

{
		"name": "WIN-DHB3ICNDG4E",
		"description": "Default node (created automatically)",
		"config": {
			"module_refs": "authapi_module,sealapp,signapp_1,......"
		},
		"created": "2017-07-03T11:38:03.135Z",
		"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
		"modified": "2017-07-03T14:39:43.257Z"
	}

- Click Stage Changes and Commit Changes

 

Add pipes to trigger OneTouch authentication and collect authentication status

- Click the Advanced tab

- Open Pipes (click on the pen)

- Add these pipes.

{
		"id": "onetouch_start_auth",
		"description": "Start OT auth",
		"valves": [
			{
				"name": "IssueAssignmentValve",
				"config": {
					"userNameParameter": "{{request.username}}"
				}
			}
		]
	},
	
	{
		"id": "onetouch_check_auth",
		"description": "Check OT auth",
		"valves": [
			{
				"name": "AssignmentStatusValve",
				"config": {
					"id": "{{request.assignmentid}}",
					"dest": "status"
				}
			}
		]
	}

- Click Stage Changes and Commit Changes

 

(For assignment styling, please view this solution document. Point to the new template in the IssueAssignmentValve according to the instructions here. )

(Please be aware that the response can be augmented with additional data, such as a user directory lookup result. Add required valves to the onetouch_check_auth pipe to augment the response.)

Test

Use a HTTP rest client for testing and debugging. Please review the developer guide for further instructions.