OBO RSA authentication

You can use on behalf of (OBO) via RSA key pair authentication rather than using certificate authentication as detailed here. 

To enable OBO RSA authentication, you will need an application deployed with the OBO feature enabled and already be using RSA authentication. Details of this can be found here.

Once completed, enable OBO authentication by following these steps:

1. Refer to the Knowledge Article found here on how to generate RSA key pairs and perform the required steps

2. Once you have set the public key into the authentication section in the application bundle, you can either update the application if you already have it deployed, or create it if you have not (Figure 1):

1.png

Figure 1 Authentication Section

Note: Figure 1 highlights the Act As User variable required for OBO and the RSA Public Key section

3. To obtain the sessionToken, run the following call, replacing the user AppID with your own (Figure 2):

java -jar jwt-helper.jar -user AppID -key mykey.pem

2.png

Figure 2 SessionToken

4. Copy the resulting sessionToken and use it within 5 minutes.

5. Using Postman, obtain the application sessionToken by navigating to the following URL, ensuring you edit the Pod Url value to reflect your company details (Figure 3):

https://<pod_name>.symphony.com/login/pubkey/app/authenticate

Note: For example, https://companyabc.symphony.com/ 

3.png

Figure 3 SessionToken

6. Use either the username of the person or their UID to obtain their sessionToken (Figure 4 and Figure 5):

https://<pod_name>.symphony.com/login/pubkey/app/username/<username>/authenticate

Note: For example, https://companyabc.symphony.com/ 

4.png

Figure 5 Username

https://<pod_name>.symphony.com/login/pubkey/app/user/<UID>/authenticate

Note: For example, https://companyabc.symphony.com/ 

5.png

Figure 6 UID

7. Once you have the OBO SessionToken, you can use any of the following OBO API Endpoints detailed here

Note: The Key Manager token is not used