WSO2 API Manager: Rest Client returns unauthorized

Question

I am using WSO2 API manager 2.0.0 and WSO2 identity server 5.1.0 to manage my Toolkit REST APIs. Both the servers share an user store and have settings to maintain authentication session. SSO is not configured yet.

Reference: https://docs.wso2.com/display/IS510/Enabling+Authentication+Session+Persistence

The first step is to authenticate into Toolkit (works) and the next step is to assign location (fails with 401 error). How to maintain a session between the 2 calls?

How do you authenticate in 1st step? Give more details about 2 requests. — Bee
We use Apache CXF to build our APIs. The cookie after authentication in step1(Login) is used to get the same session for the second step (Set Location). But in WSO2, I can see a cookie value from the 1st response (passed) but a different cookie value from the second response (failed). — Onnesh

Bee Bee · Accepted Answer · 2016-09-15T08:04:00

In WSO2 API Manager, the default authentication mechanism is OAuth2. So you need to send an OAuth2 access token with your REST API calls for authentication.

If you enabled SSO, you get an SAML assertion when you login. Then you can use that assertion to retrieve an access token using the SAML Bearer Grant Type. Documentation can be found here.

WSO2 API Manager: Rest Client returns unauthorized

1 Answers