Versions Compared

Old Version 1

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


This tutorial guides you through the process of building a sample application using the REST API. The goals for the tutorial are to gain competence and familiarity with the process of developing a DualShield application. This tutorial uses Python as the programming language. It assumes:

  1. You have installed DualShield platform.
  2. You can write, test, and troubleshoot a Python application.

Building a DualShield API application is actually quite simple. There are only 3 basic steps:

  1. Register an API Agent
  2. Download the Agent Certificate
  3. Write your codes

...

Table of Contents
maxLevel2

...

Register an API Agent

To DualShield, your application is an API agent. Therefore, the very first step is to register your application as an API Agent in the DualShield authentication server.
To register an agent, you must first create the following objects in DualShield:

  • A domain
  • A realm
  • A logon procedure
  • An application

The type of the logon procedure should be set as "Web SSO"
Image Removed
And the logon procedure does not have to contain any logon steps.
To register an API agent, select "Authenticaton | Agents" in the main menu, then click the "Register" button in the toolbar.
Image Removed
The type of the agent must be set to "API Agent".
Make sure that you select the application that you have created for the agent.
You can enable the "Check Agent IP" option for extra security. If this option is selected then you must provide the IP address of the machine where your application is running.
The communication protocol between the agent, i.e. your application and the DualShield is always HTTPS, therefore DualShield will create a SSL certificate for the agent.
The Agent Registration Data is not required.

...

As mentioned, the communication protocol between your application and the DualShield is always HTTPS. Therefore you need to download the agent's certificate which will be required in your application codes.
You can use either PKCS12 or PEM certificate in your code.
To download a PEM format certificate, in the Agents list, click the context menu of your agent and select "Download | Agent SSL Certificate (PEM)". The certificate will be saved as "My Application.PEM". This PEM certificate contains both the certificate and the private key.
If you are using some programming language, like python, you might want to extract the private key separately. You can use the OpenSSL tool:

  1. Rename "My application.pem" to "apicert.pem"
  2. In the CMD console, execute:

...

Expand

Include Page
Register API Agent
Register API Agent

Download the API Agent Certificate

Expand

Include Page
Download API Agent Certificate
Download API Agent Certificate

Write an API Application

Test API in Python

Expand

Include Page
Test DualShield API in Python
Test DualShield API in Python

Test API in Postman

Expand

Include Page
Test DualShield API in Postman
Test DualShield API in Postman

...

host = 'dualshield.deepnetlabs.com'
port = 8071
keyFile = 'apikey.pem'
certFile = 'apicert.pem'
domainname='deepnetlabs.com'

...

Call the"Hello" method in DualShieldto check the connection

def test_1_hello(self):
r=self.auth.execute("auth/hello", {})
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e9129c09-948c-45d8-be42-50c5ca2ba70c"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0)

]]></ac:plain-text-body></ac:structured-macro>

...

The authentication method for verifying Static Password is "SPASS"

def test_2_staticpass(self):
#logon with 'static password' credential
username=raw_input('Please enter your login name:')
password=raw_input('Please enter your AD password:')
params = {
'user':{'loginName':username, 'domain.name':domainname},
'credential':{'method':'SPASS', 'password':password}
}
r=self.auth.execute("auth/verify", params)
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="129f118b-60c0-4dd1-87c2-501151dc569c"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0, r['message'])

]]></ac:plain-text-body></ac:structured-macro>

...

The authentication method for verifying Static Password is "OTP"

def test_3_verifySafeID(self):
otp=raw_input('Please enter you SafeIDotp:')
params = {
'user':{'loginName':username, 'domain.name':domainname},
'credential':{'method':'OTP', 'otp':otp}
}
r=self.auth.execute("auth/verify", params)
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cb4bc08c-ecba-42e8-86a2-c4be5291ecc5"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0, r['message'])

]]></ac:plain-text-body></ac:structured-macro>

...

To deliver an on-demand password to a user via email message (SMTP)

def test_4_sendOTP(self):
username=raw_input('Please enter your login name:')
params = {
'user':{'loginName':username, 'domain.name':domainname},
'options':{'channel':'SMTP'}
}
r=self.auth.execute("auth/sendOTP", params)
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ebba0142-b6bb-49e0-9c64-67753c8fd5fb"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0, r['message'])

]]></ac:plain-text-body></ac:structured-macro>

...

The authentication method for verifying On-Demand Password is "OTPoD"

def test_5_verifyODP(self):
username=raw_input('Please enter your login name:')
otp=raw_input('Please enter you otp:')
params = {
'user':{'loginName':username, 'domain.name':domainname},
'credential':{'method':'OTPoD', 'otp':otp}
}
r=self.auth.execute("auth/verify", params)
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b98d6860-1b76-46b0-bcfe-83c53914f56d"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0, r['message'])

]]></ac:plain-text-body></ac:structured-macro>

...