The Abiquo API uses a cookie as a token that can be used in subsequent API calls to provide user identity. This token can be used to access the UI without being prompted for the credentials. The following procedure explains how to obtain the authentication token and how to provide it to the client UI.
The Abiquo authentication flow is: cookie token, URL token, login screen. The cookie token authentication method is recommended because it is more secure than the URL authentication method and for this reason it is the first method used by default.
To obtain the authentication token, perform an API call as explained in the Authentication section of the API documentation. An example is given below.
The important part of the response is the cookie:
This will be passed to the client to provide user identity.
By default the authentication token has a lifetime of 30 minutes. After that time, a new token must be obtained.
The token can be registered in a cookie instead of the URL. The token is registered in a temporary browser cookie and deleted when the user logs in.
The workflow is as follows:
If the token is not found in the cookie, Abiquo checks for token in the URL. If the token is not present, the login screen is displayed. The cookie authentication method is recommended because it is more secure than the URL.
The token can be appended as a query parameter to the client URI as follows:
To test this feature, please follow these steps:
1. Download this file (test.html) and place it in the $_TOMCAT/webapps/client-premium folder on the Abiquo Enterprise Edition server
2. In a web browser, connect to http://example.com/client-premium/test.html
3. Click the "Add the token value in the cookie" link and add a valid token
The token must be saved in a cookie named token with the following syntax:
auth=XXXXXX or auth=XXXXX&lang=XX if the language is specified.
The language code must be the same one used in the client-config.xml.jsp file. See Abiquo GUI Client Language Configuration.
4. Click the "connect to cloud platform by cookie token" link to access the platform
The above example shows how to test this feature, but some points must be considered for a custom installation.
The way the token is generated by the API and retrieved into the web browser is specific to each installation, so this step must be done by the customer.
The cookie name must be token, otherwise it will not work
Finaly, the link to the cloud platform must refer to the "index.html" cloud page