How to setup the HTTP API for PhenixID OneTouch authentication (Push)

This article will describe how to setup the HTTP API for PhenixID OneTouch authentication (using push / assignment).

Prerequisites

- PAS 3.0 or higher installed

- PhenixID OneTouch configured

Authentication

It is recommended to add authentication to the API. These authentication methods are supported:

- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.

- Basic authentication
Add valves to the pipes to perform basic authentication verification.

Add local http-api module

- Login to configuration manager

- Click the Advanced tab

- Open Modules (click on the pen)

- Add this module (if module is already added, only add tenant and/or allowedOperation):

{
		"module": "com.phenixidentity~phenix-api-authenticate",
		"enabled": "true",
		"config": {
                     "http_configuration_ref": "d8baaa02-2ead-473c-88b8-a7aa08a53332",
                     "tenant": [
				{
					"id": "t1",
					"displayName": "Tenant1",
					"allowedOperation": [
						"onetouch_start_auth",
						"onetouch_check_auth"
					]
}
			]
		},
		"id": "authapi_module"
	}

- Replace the http_configuration_ref with used http listener

- Click Stage Changes and Commit Changes

- Open NODE_GROUPS (click on the pen)

- Add id of the newly added module to module_refs. Example below. (You can skip this step if the module was already added)

{
		"name": "WIN-DHB3ICNDG4E",
		"description": "Default node (created automatically)",
		"config": {
			"module_refs": "authapi_module,sealapp,signapp_1,......"
		},
		"created": "2017-07-03T11:38:03.135Z",
		"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
		"modified": "2017-07-03T14:39:43.257Z"
	}

- Click Stage Changes and Commit Changes

 

Add pipes to trigger OneTouch authentication and collect authentication status

- Click the Advanced tab

- Open Pipes (click on the pen)

- Add these pipes.

{
		"id": "onetouch_start_auth",
		"description": "Start OT auth",
		"valves": [
			{
				"name": "IssueAssignmentValve",
				"config": {
					"userNameParameter": "{{request.username}}"
				}
			}
		]
	},
	
	{
		"id": "onetouch_check_auth",
		"description": "Check OT auth",
		"valves": [
			{
				"name": "AssignmentStatusValve",
				"config": {
					"id": "{{request.assignmentid}}",
					"dest": "status"
				}
			}
		]
	}

- Click Stage Changes and Commit Changes

 

(For assignment styling, please view this solution document. Point to the new template in the IssueAssignmentValve according to the instructions here. )

(Please be aware that the response can be augmented with additional data, such as a user directory lookup result. Add required valves to the onetouch_check_auth pipe to augment the response.)

Test

Use a HTTP rest client for testing and debugging. Please review the developer guide for further instructions.