From Code end, I’m trying to connect to IEM Console via Functional Account through REST API Call. Is it possible to do user based authentication (Windows Login Account / Password) through REST API?
The reason behind, I need to list them the servers from BES Computer based on the user has rights to.
(names of it, last report time of it) of bes computers
Or
is there is any way that I can pass the user id to the relevance query and get the relevant computers/sites/tasks/baseline that the user has rights to?
Please share your comments/suggestions to Accomplish this task
REST API calls do require authentication, and it leverages operator credentials. The credentials that can be used for authentication include both local console operators, as well as LDAP-based operators. Calls made with certain credentials are limited to the scope of permissions associated with the given operator (including computers).
Do you have specific questions around how to authenticate and/or pass operator credentials?
Currently I’m passing the Functional Operator account to REST API for Authentication. Please find the below code on how im authenticating via rest api.
BES oBes = new BES();
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(“https://ServerHost:Port/api/login”);
List oList1 = new List();
string strQuery = “(names of it) of bes computers”;
string strURL = “https://Serverhost:port/api” + “/query?relevance=” + strQuery;
REST.RESTResult orestResult = REST.RESTAPI.getREST(strURL, cr);
Now my question is: Instead of functional operator account how can I impersonate a person with LDAP group or his UserId.
Is it possible to pass something like this in relevant query to get the respective servers/Task/Baseine/sites based on user Id?
(names of it) of bes computers where userid = ‘123’
You would supply the ldap operator’s username and password just as they’d log in to console (with notations such as username@domain, or domain\username).
Regarding limiting session relevance queries to the scope of a given operator, it’s possible, yes, but the approach depends on the object being queries (and is done for you automatically if you supply the operator’s credentials). For computer visibility, you might leverage something like:
names of administered computers of bes user whose (name of it = "<username>")
I’ve successfully tested the above session relevance in my environment. Please confirm that the username on which you are filtering exists in the Console’s “Operators” tab (with the format, and case you specify in the query). Alternatively, you can list out the operator names with the following query/session relevance: