2

The security token API asks for basic authentication. I am using SSO for logging in a user.

This is the API: https://rally1.rallydev.com/slm/webservice/v2.0/security/authorize

Doc: https://rally1.rallydev.com/slm/doc/webservice/authentication.jsp

In an environment using SAML based SSO authentication, how can I fetch the security token for creating/updating resources? Without the security token, all my calls receive "Not authorized to perform action: Invalid key" error.

Note: I have a valid cookie that I receive using https://sso.rallydev.com/sp/startSSO.ping?PartnerIdpId=sso.company.com&TargetResource=https://us1.rallydev.com/slm/j_sso_security_check?noRedirect=true

akshay1188
  • 1,647
  • 2
  • 17
  • 35

1 Answers1

2

I'm not sure if you can do this via SSO- that endpoint only works with basic auth I'm pretty sure. Can you use an API Key instead? That is the preferred approach for external integrations these days- especially in SSO environments. With an API key you shouldn't need to worry about the CSRF validation and subsequent invalid key error.

Also, are you using one of our built-in rest toolkits? Most of them support api keys right out of the box (java, .net, node for sure...)

Kyle Morse
  • 8,390
  • 2
  • 15
  • 16
  • I am accessing the API in Swift. I looked at the toolkits but didn't find any in Swift. Also how can I get the API key? – akshay1188 Feb 28 '17 at 16:35
  • 1
    Thanks, I figured we can create API key from here - https://rally1.rallydev.com/login/accounts/index.html#/keys – akshay1188 Feb 28 '17 at 18:45
  • 1
    Using the api key in the header of the request as "zsessionid":"api_key_value", authenticates and gives full access for creating/updating – akshay1188 Feb 28 '17 at 18:57