Blogs Blogs

«Back

Browsing protected OpenTox datasets

The protected resources at our test server https://ambit.uni-plovdiv.bg:8443/ambit2 can be again accessed via web browser, despite the fact the web browsers have no support for OpenSSO authentication scheme, used by OpenTox.

For example, accessing a protected dataset will return an error, telling the access is forbidden.

However, clicking the Login link at the top right , or https://ambit.uni-plovdiv.bg:8443/ambit2/opentoxuser REST service, will lead to a simple login form, allowing to provide your OpenTox credentials. The OpenTox user and password expected are the same, as used to log in into www.opentox.org site.  If you don't have an OpenTox account, don't hesitate to join !

The service will then connect to OpenTox OpenSSO service and retrieve an access token, if the user and password are valid. The token will be saved as a cookie in your browser and used during subsequent accesses to protected resources at  https://ambit.uni-plovdiv.bg:8443/ambit2

Now you should be able to view the datasets via web browser.

Clicking "Logout" will invalidate the OpenSSO token and remove the cookie from your browser.

More technically :

Log in (HTTP POST) . The OpenSSO token is returned in the Set-Cookie: header.

curl -X POST -H "Accept:text/uri-list"  -d "user=<username>" -d "password=<password>" -kL https://ambit.uni-plovdiv.bg:8443/ambit2/opentoxuser -i

HTTP/1.1 200 OK
Set-Cookie: subjectid=<THE_TOKEN>; Path=/; Secure
Content-Type: text/uri-list;charset=UTF-8
Content-Length: 59

https://ambit.uni-plovdiv.bg:8443/ambit2/opentoxuser/<username>

Retrieve some data (use the token in the subjectid: HTTP header)

$ curl -H "subjectid:<THE_TOKEN>" -H "Accept:application/rdf+xml" https://ambit.uni-plovdiv.bg:8443/ambit2/dataset/272?max=10 -i
HTTP/1.1 200 OK
Set-Cookie: subjectid=<THE_TOKEN>; Path=/
Content-Type: application/rdf+xml;charset=UTF-8

<content skipped>
 

Alternatively, retrieve some data by sending the token as cookie:

$ curl -H "Cookie:subjectid=<THE_TOKEN>" -H "Accept:application/rdf+xml" https://ambit.uni-plovdiv.bg:8443/ambit2/dataset/272?max=10 -i
HTTP/1.1 200 OK
Set-Cookie: subjectid=AQIC5wM2LY4Sfcy/kwp5gRN7MG6c7Urnd5bBjNnWqtoFk2U=@AAJTSQACMDE=#; Path=/
Content-Type: application/rdf+xml;charset=UTF-8

<content skipped>

Logout (HTTP DELETE)

$ curl -X DELETE -H "Cookie:subjectid=<THE_TOKEN>" -H "Accept:text/uri-list" https://ambit.uni-plovdiv.bg:8443/ambit2/opentoxuser -i

HTTP/1.1 200 OK
Content-Type: text/uri-list;charset=UTF-8
Content-Length: 58

 

 

Comments