stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pradeep Fernando <>
Subject Session based authentication/authorization for REST API
Date Sun, 02 Feb 2014 11:46:58 GMT

I Completed the $subject. Now you can get a jsessionId from the /cookie
endpoint and use that in subsequent requests.

I have used that in the web console as well. its working fine should be
able to complete it by tomorrow. This is in addition to SAML SSO

IMO, we should use the same mechanism in CLI as well. At the moment CLI is
storing the username/password. It is not a good practice and CLI continue
to work even when we restart the backend.. :)

Sajith please look in to that if you have some time.

flow listed below.

endpoint url,


GET request.

authenticate with basic auth.

you get the JSESSIONID

use that JSESSIONID as a cookie for subsequent requests.


Pradeep Fernando.

View raw message