Maximo

Maximo

Come for answers, stay for best practices. All we're missing is you.

 View Only

  • 1.  MAS 8 - REST API Authentication

    Posted Tue December 20, 2022 09:38 PM

    We have a small little client web page that uses the Maximo REST API to query some limited data out of Maximo, users of this web page are required to login with their Maximo credentials which are then getting sent to Maximo via the /maximo/api/login endpoint. 

    I've been seeing that moving forward into MAS 8 that API tokens are the method of authentication moving forward, which begs the question.. Will I no longer be able to validate user credentials through the existing endpoints? 

    If in fact those methods are now broken, do I need to roll my own authentication methods and store users API keys manually? Obviously I could use other methods like service accounts/etc. But if in fact these authentication endpoints no longer work its kind of seems like a giant oversight.

    Any information/help would be appreciated.



    ------------------------------
    Andrew Weaver
    ------------------------------



    #MaximoIntegrationandScripting
    #Maximo
    #AssetandFacilitiesManagement


  • 2.  RE: MAS 8 - REST API Authentication

    Posted Wed December 21, 2022 08:32 AM
    In MAS, we have our own identity provider that uses OIDC to allow the user to authenticate seamlessly across all the products. This causes the identity provider to intercept requests to protected routes (/maximo/oslc for example), similar to how it would occur on 7.6.1.X if you were using SAML/OIDC.

    For traditional integrations (IE Maximo to Salesforce), where it's background processes from one system to the other, API keys are what we recommend because there is no way to interactively authenticate them. 

    For user-based integrations (IE a mobile app or your custom web app), the ideal scenario is your application supports going through the standard Maximo authentication process. We handle this in Maximo Mobile for example where we follow the redirect to our identity provider, the user goes through the authentication steps configured for their user (our identity provider supports mixing authentication methods), and then it redirects back to our application. From there we manage the lifecycle of the session (such as refreshing the access token). 

    You can open a support case to see if we have this process documented. I don't think that we have it documented but we probably should.

    ------------------------------
    Steven Shull
    ------------------------------

    Original Message


  • 3.  RE: MAS 8 - REST API Authentication

    Posted Tue April 04, 2023 11:03 AM

    Hello Steven,

    we currently try to achive exactly what you described here: trying to follow the standard Maximo authentication process, which is based on OIDC now.

    Our only issue is, and currently support could not help us with that question: How do we register our own OIDC client to be able to configure client_id, callback urls and all that for our web-client?
    Is there any documentation about it available (now)?



    ------------------------------
    Michael Scherer
    ------------------------------

    Original Message


  • 4.  RE: MAS 8 - REST API Authentication

    Posted Wed December 21, 2022 11:14 AM
    The authentication mechanism for Maximo Application Suite is quite a bit different architecturally from Maximo EAM 7.6.  For this reason the older methodology has change.  This does not mean broken per-se.  Did it "break" your application? Maybe, but that is a perspective.  The application suite is inherently more secure that it was.  This shift in architecture provides that.

    IBM has rebuilt many of the products to take advantage of the more secure architecture. The hope is this approach will make it easier for IBM's business partners to take advantage of this architecture and build more secure third party applications that will still allow for authentication to your customers IDP and access to IBM's solutions.

    For documentation on authentication process you can start here: Configuring authentication.  This is for MAS 8.3. For 8.8+ continuous delivery and SaaS versions look here and subjects underneath for more info.

    ------------------------------
    Bradley K. Downing , MBA
    Solutions Engineer
    IBM
    Bakersfield CA
    ------------------------------

    Original Message


Related Content