Sessioning | Legacy REST Web Services

TODO: replace the old type of sessionId for the new one

The sessioning interface provides methods to create, read and delete live sessions. Read and delete methods manipulate live sessions based on the DirX Access server subject identifier (sessionId) of the live session. The same behavior is also used for authorization decisions.

Description

OData4 Metadata

Request

GET {legacy_rest_web_application_location}/sessioning/1_0_0/$metadata

OpenApi Specification

GET {legacy_rest_web_application_location}/sessioning/1_0_0/openapi.json

Properties

The following table shows the Session entity properties:

Property Type Read / Write Description

Property	Type	Read / Write	Description
`sessionId`	`Edm.String`	RW	The server subject identifier of the session. The identifier should be empty when the new session is created (HTTP method POST).
`webPepId`	`Edm.String`	RW	The identifier of the existing WebPep configuration.
`authnMethodId`	`Edm.String`	RW	The identifier of the existing Authentication method configuration (only Password, X.509 and Trusted method types are supported).
`loginName`	`Edm.String`	RW	The login name of the authenticated user.
`password`	`Edm.String`	RW	The password of the user to authenticate (valid only for the Password method type).
`X509Certificate`	`Edm.String`	RW	The X.509 certificate of the user to authenticate (valid only for the X.509 method type).

sessionId

Edm.String

The server subject identifier of the session. The identifier should be empty when the new session is created (HTTP method POST).

webPepId

Edm.String

The identifier of the existing WebPep configuration.

authnMethodId

Edm.String

The identifier of the existing Authentication method configuration (only Password, X.509 and Trusted method types are supported).

loginName

Edm.String

The login name of the authenticated user.

password

Edm.String

The password of the user to authenticate (valid only for the Password method type).

X509Certificate

Edm.String

The X.509 certificate of the user to authenticate (valid only for the X.509 method type).

Examples

Reading Existing Live Session Addressed by the `{session_id}`

Request

GET {legacy_rest_web_application_location}/sessioning/1_0_0/Sessions('{session_id}')

Response

{"@odata.context":"{legacy_rest_web_application_location}/sessioning/1_0_0/$metadata#Sessions/$entity","sessionId":"{session_id}","webPepId":"","authnMethodId":"","loginName":"{user_login_name}","password":"","X509Certificate":""}

Reading `{property_name}` property of existing live session addressed by the `{session_id}`

Request

GET {legacy_rest_web_application_location}/sessioning/1_0_0/Sessions('{session_id}')/{property_name}

Response

{
    "@odata.context": "{legacy_rest_web_application_location}/sessioning/1_0_0/$metadata#Sessions('{session_id}')/{property_name}",
    "value": "{user_login_name}"
}

Create New Session

This section describes the authentication methods for creating new live sessions that are currently supported.

Password Authentication

Request

POST {legacy_rest_web_application_location}/sessioning/1_0_0/Sessions

{
  "sessionId": "",
  "webPepId": "{pep_id}",
  "authnMethodId": "{authn_method_id}",
  "loginName": "{user_login_name}",
  "password": "{user_password}"
}

Result

{
    "@odata.context": "{legacy_rest_web_application_location}/sessioning/1_0_0/$metadata#Sessions/$entity",
    "sessionId": "{session_id}",
    "webPepId": "{pep_id}",
    "authnMethodId": "{authn_method_id}",
    "loginName": "{user_login_name}",
    "password": "{user_password}",
    "X509Certificate": ""
}

X.509 Authentication

Request

POST {legacy_rest_web_application_location}/sessioning/1_0_0/Sessions

{"sessionId": "", "webPepId": "{pep_id}", "authnMethodId": "{authn_method_id}", "loginName": "{user_login_name}", "X509Certificate": "{user_certificate}"}

Result

{
    "@odata.context": "{legacy_rest_web_application_location}/sessioning/1_0_0/$metadata#Sessions/$entity",
    "sessionId": "{session_id}",
    "webPepId": "{pep_id}",
    "authnMethodId": "{authn_method_id}",
    "loginName": "{user_login_name}",
    "password": "",
    "X509Certificate": "{user_certificate}"
}

Trusted Authentication

Request

POST {legacy_rest_web_application_location}/sessioning/1_0_0/Sessions

{
    "sessionId": "",
    "webPepId": "{pep_id}",
    "authnMethodId": "{authn_method_id}",
    "loginName": "{user_login_name}"
}

Result

{
    "@odata.context": "{legacy_rest_web_application_location}/sessioning/1_0_0/$metadata#Sessions/$entity",
    "sessionId": "{session_id}",
    "webPepId": "{pep_id}",
    "authnMethodId": "{authn_method_id}",
    "loginName": "{user_login_name}",
    "password": "",
    "X509Certificate": ""
}

Remove Live Session addressed by `{session_id}`

DELETE {legacy_rest_web_application_location}/sessioning/1_0_0/Sessions('{session_id}')

Authorization Decision Operations

The authorization decision operation provides simple RBAC authorization decisions (true/false) for specific resources according RBAC policies.

Parameters and Return Type

The following table shows the Authorization decision parameters and return type:

Parameter Type Read / Write Description

Parameter	Type	Read / Write	Description
`sessionId`	`Edm.String`	W	The identifier of the session used for the request (returned by the Session entity).
`webPepId`	`Edm.String`	W	The identifier of the existing WebPep configuration used for the authorization decision.
`resource`	`Edm.String`	W	The URI of the request for the authorization decision.
`action`	`Edm.String`	W	The action of the request for the authorization decision.
Return Value	Type	Read / Write	Description
	`Edm.Boolean`	R	The authorization decision (true/false) in the form of the returned type.

sessionId

Edm.String

The identifier of the session used for the request (returned by the Session entity).

webPepId

Edm.String

The identifier of the existing WebPep configuration used for the authorization decision.

resource

Edm.String

The URI of the request for the authorization decision.

action

Edm.String

The action of the request for the authorization decision.

Return Value

Type

Read / Write

Description

Edm.Boolean

The authorization decision (true/false) in the form of the returned type.

Examples

Addressing (HTTP Method POST)

/odata4/sessioning/1_0_0/AuthorizationDecision

Request body

{
  sessionId : "82a-vkf7zui-kxik2itvspth4tynul6z6gyzjllvfmqp7kdohpg4ckvdg2hi4eya",
  webPepId : "Apache 2.4 - My-Company Web Application",
  resource : "http://my-server.my-company.example:8080/my-company/root/intranet/home.html"
  action : "get"}

Result

{
  "@odata.context":"http://my-server.my-company.example:11114/odata4/sessioning/1_0_0/$metadata#Edm.Boolean",
  "value":true
}

Authorization XACML Decision Operation

The authorization XACML decision operation provides authorization decisions based on XACML requests.

Parameters and Return Type

The following table shows the Authorization XACML decision parameters and return type:

Parameter Type Read / Write Description

Parameter	Type	Read / Write	Description
`sessionId`	`Edm.String`	W	The identifier of the session used for the request (returned by the Session entity).
`webPepId`	`Edm.String`	W	The identifier of the WebPep configuration item used for the authorization decision.
`xacmlRequest`	`Edm.String`	W	The XACML request in the XML string to be processed. (The request must be encoded)
Return Value	Type	Read / Write	Description
	`Edm.String`	R	The XACML response in the XML string.

sessionId

Edm.String

The identifier of the session used for the request (returned by the Session entity).

webPepId

Edm.String

The identifier of the WebPep configuration item used for the authorization decision.

xacmlRequest

Edm.String

The XACML request in the XML string to be processed. (The request must be encoded)

Return Value

Type

Read / Write

Description

Edm.String

The XACML response in the XML string.

Examples

Addressing (HTTP Method POST)

/odata4/sessioning/1_0_0/AuthorizationDecisionXacml

Request body

{
  sessionId : "82a-vkf7zui-kxik2itvspth4tynul6z6gyzjllvfmqp7kdohpg4ckvdg2hi4eya",
  webPepId : "Apache 2.4 - My-Company Web Application",
  xacmlRequest : "<Request>...</Request>"
}

Request Injection Operation

The request injection operation provides Request Injection Data from a session. The operation is based on the definitions from a specific webPepId.

Parameters and Return Type

The following table shows the Request injection parameters and Return type:

Property Type Read / Write

Property	Type	Read / Write
`sessionId`	`Edm.String`	W
`webPepId`	`Edm.String`	RW
Return Value	Type		Read / Write
	Collection(net.atos.dirx.access.odata4.session.``RequestInjectionTemplate)		R

sessionId

Edm.String

webPepId

Edm.String

Return Value

Type

Read / Write

Collection(net.atos.dirx.access.odata4.session.``RequestInjectionTemplate)

Examples

Addressing (HTTP Method POST)

/odata4/sessioning/1_0_0/RequestInjection

= Request body

{
  sessionId : "82a-vkf7zui-6iux45kx4uf6e4eaev2azbzehr6v4klsyhvg75yyg4f43u3ifeba",
  webPepId : "Apache 2.4 - My-Company Web Application"
}

Sessioning | Legacy REST Web Services

Description

OData4 Metadata

Request

OpenApi Specification

Properties

Examples

Reading Existing Live Session Addressed by the {session_id}

Request

Response

Reading {property_name} property of existing live session addressed by the {session_id}

Request

Response

Create New Session

Password Authentication

Request

Result

X.509 Authentication

Request

Result

Trusted Authentication

Request

Result

Remove Live Session addressed by {session_id}

Authorization Decision Operations

Parameters and Return Type

Examples

Addressing (HTTP Method POST)

Request body

Result

Authorization XACML Decision Operation

Parameters and Return Type

Examples

Addressing (HTTP Method POST)

Request body

Request Injection Operation

Parameters and Return Type

Examples

Addressing (HTTP Method POST)

= Request body

Reading Existing Live Session Addressed by the `{session_id}`

Reading `{property_name}` property of existing live session addressed by the `{session_id}`

Remove Live Session addressed by `{session_id}`