Skip to main content

Authorizing AJAX requests against K2 REST Api

  • 31 January 2018
  • 4 replies
  • 24 views

Hello,

 

We are trying to access SmartObjects through an external WebApp. Let's say i have a SmartObject against the Active Directory, and now want to get all users and display them on a site hosted somewhere other than the K2 Server.

 

So I configured the K2HostServer.exe.config to enable REST Endpoints. For varifacation i check the endpoints URL to get a list of all the available endpoints.

http://pserver]:eport]/SmartObjectServices/endpoints/endpoints.xml

 

As Expected I find an entry for the GetList Method on the AD SmartObject.

If i now type in that URL in a browser at a clients machine, i do get a list of all users indeed. However, if i try to send an AJAX request from our WebApp i get a 401 Unautorized. How can i send authorization detail within the request?

Also if i try to open that URL from the K2 server itself, (logged in as a K2 admin account) i get prompted to enter my login Info. When i then enter the clients detail (the one from which i previously successfully was able to open the URL)  I get a 400 Site not found.

 

I am very confused how authorizing access to those endpoints really work. Anyone could shed some light? Thanks in advance!

Nico

It sounds like configuration of an SPN may be applicable:


 


Configuring an HTTP SPN


Certain environments require the K2 Service Account to have an HTTP SPN set for the local machine where the endpoints are hosted. If 401 and 400 HTTP errors are encountered, a HTTP SPN most likely needs to be set.


Example:


User: DomainK2ServiceAccountUser


HTTP/MachineName 
HTTP/MachineName.Domain.com


Or on Cluster environments (if the cluster name is used as the endpoint URL)


HTTP/ClusterName 
HTTP/ClusterName.Domain.com


 


http://help.k2.com/onlinehelp/k2five/DevRef/5.0/default.htm#Reference/SmO/Configuration.html?Highlight="Configuring%20an%20HTTP%20SPN"


 


K2 Five also introduced SmartObject Odata endpoints, if it meets your need:


http://help.k2.com/onlinehelp/k2five/userguide/5.0/default.htm#K2_Management_Site/Integration/SmartObjectODataService.htm

Thanks tin, this indeed seems like a possible solution. Since i do not have access to AD configuration directly i'm trying to use the basic authtorization protocoll instead of the negotiate (windows) for development now. After making changes to the Hostserver.exe.config accordingly, however, i receive this error, when trying to access the endpoint through a browser.

 

 

In this example i tried both, a clients credentials, that i know for example has access to the designer, and also the k2 server admin account, both are not authorized as it seems and i see same error in the console.

Do I have to set permissions somehow to the K2 user trying to access the endpoint? Or am i missing something else?

 

Thanks in advance,

Nico

This is giving me quite the headache. Im exploring OData as an alternative but i cant even determin the service root URL. Everything im trying after i enabled the OData Api and added the SMO in question gives me a 404..

 

Nico

Setting the spn indeed did help. We now can access endpoints by typing in their URL in the browser.

However, we still cannot access them by sending an ajax request. Did anybody actually get this to work - Accessing SmartObject Data from an own WebApp?

Everything we try ends in a 401.

 

If i send a request and look into the response header, I can see the auth protocoll used is NTML, but there is no token within that response. Is there anythingelse we didnt set up correctly for this to work?

 

Regards,

Nico

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings