How to fetch security token via SSO in Rally?

2
votes

The security token API asks for basic authentication. I am using SSO for logging in a user.

This is the API: https://rally1.rallydev.com/slm/webservice/v2.0/security/authorize

Doc: https://rally1.rallydev.com/slm/doc/webservice/authentication.jsp

In an environment using SAML based SSO authentication, how can I fetch the security token for creating/updating resources? Without the security token, all my calls receive "Not authorized to perform action: Invalid key" error.

Note: I have a valid cookie that I receive using https://sso.rallydev.com/sp/startSSO.ping?PartnerIdpId=sso.company.com&TargetResource=https://us1.rallydev.com/slm/j_sso_security_check?noRedirect=true

1
web-servicessecurityrallywsapi

1 Answers

2
votes

I'm not sure if you can do this via SSO- that endpoint only works with basic auth I'm pretty sure. Can you use an API Key instead? That is the preferred approach for external integrations these days- especially in SSO environments. With an API key you shouldn't need to worry about the CSRF validation and subsequent invalid key error.

Also, are you using one of our built-in rest toolkits? Most of them support api keys right out of the box (java, .net, node for sure...)