Hi - I am not an Python guy - I am normally doing this kind of work in SDI which I find the best tool for integration (I know it is not an easy tool for REAL developers as it is basically an ETL wrapped into an Eclipse TK)...
But let me show a scripted AL with the steps doing it in SDI - you can then hopefully convert that to Python (or you can fall in love with SDI ;-))
To do a rest call on ISIM basically 4 steps are needed :
- get the session ID
- get the LTPA token
- get the CSRF token
- Do the REST call
So let me show the SDI code for each (IP/hostnames/userid/passwords of course needs to be changed).
Get Session ID :
//Setup connector
myHttpConn = system.getConnector("ibmdi.HTTPClient");
//Prepare call to get JSESSIONID
myHttpConn.setParam("url","https://192.168.42.131:9082/itim/restlogin/login.jsp");
myHttpConn.setParam("method","GET");
myHttpConn.initialize(null);
//Perform call
httpReply = myHttpConn.queryReply(null);
//Retrieve JSESSIONID
JSESSIONID = httpReply.getString("http.Set-Cookie");
task.logmsg(JSESSIONID);
Get LTPA token :
//Prepare call to get LTPAToken2
myHttpConn.setParam("url","https://192.168.42.131:9082/itim/j_security_check");
myHttpConn.setParam("method","POST");
myHttpConn.initialize(null);
//Configure the call
var httpcall = system.newEntry();
httpcall.setAttribute("http.Content-Type","application/x-www-form-urlencoded");
httpcall.setAttribute("http.Cookie",JSESSIONID);
//Set body to userid/password
httpcall.setAttribute("http.body","j_username=itim manager&j_password=Passw0rd");
//Perform call
httpReply = myHttpConn.queryReply(httpcall);
//Retrieve LTPAToken2
LTPAToken2 = httpReply.getString("http.Set-Cookie");
task.logmsg(LTPAToken2);
Get CSFR token :
//Prepare call to get CSRFToken
myHttpConn.setParam("url","https://192.168.42.131:9082/itim/rest/systemusers/me");
myHttpConn.setParam("method","POST");
myHttpConn.initialize(null);
//Configure the call
var httpcall = system.newEntry();
httpcall.setAttribute("http.Cookie",[JSESSIONID,LTPAToken2]);
//Perform call
httpReply = myHttpConn.queryReply(httpcall);
//Retrieve CSRFToken
CSRFToken = httpReply.getString("http.CSRFToken");
task.logmsg(CSRFToken);
Finally - do a REST call (search users) :
//Prepare call to get some users
myHttpConn.setParam("url","https://192.168.42.131:9082/itim/rest/people?cn=Alice*");
myHttpConn.setParam("method","GET");
myHttpConn.initialize(null);
//Configure the call
var httpcall = system.newEntry();
httpcall.setAttribute("http.Cookie",[JSESSIONID,LTPAToken2,CSRFToken]);
//Perform call
httpReply = myHttpConn.queryReply(httpcall);
//Show the JSON
jsonresponse = httpReply.getString("http.bodyAsString");
task.logmsg(jsonresponse);
I hope this shows the necessary steps in a readable format that you can translate to you Python code - let me know if that helps and please show your code as well for the benefit of other Python users...
------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------
Original Message:
Sent: Wed November 03, 2021 03:28 PM
From: Mandiel Lastra
Subject: Using ISIM API from Python Script
I am trying to fetch a user attribute from ISIM by making REST API calls from python script using requests. The calls (GET JSESSION ID and POST ltpaToken 2) are made before making any calls to ISIM. For fetching the the user attribute, cookies are sent in the headers which should be retrieved from the GET JSESSION ID and POST ltpaToken 2.
However, I have tried fetching the cookies using multiple ways and get only the JSESSION ID every time (no ltpa token). Do you know what method we can user to retrieve the ltap token form the cookies so we can use that for subsequent requests?
Here are the commands I used and outputs received.
------------------------------
Mandiel Lastra
------------------------------