Solved: Apigee Edge SAML automated tasks

Report Inappropriate Content · 08-16-2017 04:52 PM

I have an org integrated with SAML. I want to use maven scripts to upload proxies to that org. I have created a machine user for it and giving the username and password in the pom file but getting a 401 unauthorized error back. This is how the profile looks in the pom file that I am calling.

Please let me know if I am missing something out.

<profile>
<id>test</id>
<properties>
<apigee.profile>test</apigee.profile>
<apigee.env>sandbox</apigee.env>
<apigee.hosturl>https://api.enterprise.apigee.com</apigee.hosturl>
<apigee.apiversion>v1</apigee.apiversion>
<apigee.org>${org}</apigee.org>
<apigee.username>${username}</apigee.username>
<apigee.password>${password}</apigee.password>
<apigee.tokenurl>https://<zonename>.login.apigee.com/oauth/token</apigee.tokenurl> 
<apigee.authtype>oauth</apigee.authtype> 
</properties>
</profile>

madhans

When you have SAML activated the management API requires OAuth tokens and not Basic Auth. Please follow the instructions here.

https://github.com/apigee/apigee-deploy-maven-plugin#oauth-and-two-factor-authentication

View solution in original post

madhans

When you have SAML activated the management API requires OAuth tokens and not Basic Auth. Please follow the instructions here.

https://github.com/apigee/apigee-deploy-maven-plugin#oauth-and-two-factor-authentication

Report Inappropriate Content

Thanks for the reply. If you see I am setting the authtype to oauth and also setting the token url with my zonename. This is the command that I call

mvn clean install -Ptest -Dusername=machine_org@zonename.com -Dpassword=<my password> -Dorg=<my org> -X

Even with this, I can see in the logs that the Maven script is using Basic auth for Authorization header. Should I be doing something else as well.

ssvaidyanathan

Can you try calling this curl to see if you get a token response

curl -s -X POST https://<zoneName>.login.apigee.com/oauth/token /
-H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" /
-H "accept: application/json;charset=utf-8" /
-H "authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0"/
-d "grant_type=password&username=<machine_org@zonename.com>&password=<password>"

Does this give you a valid response with a token ?

Report Inappropriate Content

Hi @Sai Saran Vaidyanathan. I am able to generate an OAuth token when I call the token API with my zone name from Curl or Postman. When I use the maven script is when I get a 401 error back.

ssvaidyanathan

Hi.. Can you share your email Id ? (missing in your community profile). Or else, please drop me an email (ssvaidyanathan@google.com)

Report Inappropriate Content

I have sent you an email.

Report Inappropriate Content

The issue got resolved after updating the version number and by adding and assigning the created machine user to a given role in the Apigee org.

ssvaidyanathan

Awesome !!! Can you please accept the answer as well

ssvaidyanathan

Hi @ChaitanyaRathi1 - Have you followed the steps mentioned here. Which method are you following, machine user or long token? Depending on that the Maven calls would differ. The profile xml above does not look correct. Can you share the exact code ?

Report Inappropriate Content

HI @Sai Saran Vaidyanathan . I am following the steps in the given link and have got the machine user created which I am using to generate the OAuth token. But when I do it from the maven script I get a 401 error back. Can you please tell what is incorrect in the script. Also, can you please tell what code should I share.

ssvaidyanathan

Which version of the plugin are you using ?

Report Inappropriate Content

I am using version 2.3 of the maven plugin.

ssvaidyanathan

Was referring to the Apigee maven plugin you are using for deployment

<plugin>
  <groupId>io.apigee.build-tools.enterprise4g</groupId>
  <artifactId>apigee-edge-maven-plugin</artifactId>
  <version>?</version> <!-- Latest is 1.1.5 -->
</plugin>

Report Inappropriate Content

The version number is 1.0.2

ssvaidyanathan

That could be the reason, please update the version and check. Also confirm the machine user is added in the apigee org (Admin --> Users) and has a role assigned that has access to deployment

ssvaidyanathan

I meant the code of your <profile> you shared in your question.