Versions Compared

Old Version 13

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


This tutorial guides you through the process of building a sample application using the REST API. The goals for the tutorial are to gain competence and familiarity with the process of developing a DualShield application.This tutorial uses Python as the programming language. It assumes:

  1. You have installed DualShield platform.
  2. You can write, test, and troubleshoot a Python application.

Building a DualShield API application is actually quite simple. There are only 3 basic steps:

  1. Register an API Agent
  2. Download the Agent Certificate
  3. Write your codes

...

Table of Contents
maxLevel2

...

Register an API Agent

To DualShield, your application is an API agent. Therefore, the very first step is to register your application as an API Agent in the DualShield authentication server.
To register an agent, you must first create the following objects in DualShield:

  • A domain
  • A realm
  • A logon procedure
  • An application

The type of the logon procedure should be set as "Web SSO"

Image Removed

The logon procedure does not have to contain any logon steps.

...

As mentioned, the communication protocol between your application and the DualShield is always HTTPS. Therefore you need to download the agent's certificate which will be required in your application codes.
You can use either PKCS12 or PEM certificate in your code.

...

  1. Rename "My application.pem" to "apicert.pem"
  2. In the CMD console, execute:

...

Expand

Include Page
Register API Agent
Register API Agent

Download the API Agent Certificate

Expand

Include Page
Download API Agent Certificate
Download API Agent Certificate

Write an API Application

Test API in Python

Expand

Include Page
Test DualShield API in Python
Test DualShield API in Python

Test API in Postman

Expand

Include Page
Test DualShield API in Postman
Test DualShield API in Postman

...

Code Block
languagepy
class DualShield:

    headers = {"Content-Type": "application/json"}
    app_context = "/das5/rest/"

    def _init_(self, host, port, keyFile, certFile):
        self.keyFile = keyFile
        self.certFile = certFile
        self.conn = HTTPSConnection(host, port, keyFile, certFile)

    def execute(self, method, params):
        data = json.dumps(params)
        self.conn.request("POST", self.app_context + method, data, self.headers)
        response = self.conn.getresponse()
        data = response.read()
        return json.loads(data.decode('utf-8'))

    def close(self):
        self.conn.close()
        self.conn = None

...

Code Block
languagepy
host = 'dualshield.deepnetlabs.com'
port = 8071
keyFile = 'apikey.pem'
certFile = 'apicert.pem'
domainname='deepnetlabs.com'

Replace the values of these variable with your own.
host: the host name (FQDN) of your DualShield server
port: the port number of the DualShield authentication server
keyFile: Your agent's private key file
certFile: Your agent's certificate file
domainname: The name of the domain that your agent is connected to

...

Code Block
languagepy
class TestDualShield(unittest.TestCase):

    def setUp(self):
        self.auth=DualShield(host, port, keyFile, certFile)

    def tearDown(self):
        self.auth.close()

...

Call the"Hello" method in DualShield to check the connection

Code Block
languagepy
    def test_1_hello(self):
        r=self.auth.execute("auth/hello", {})

...

The authentication method for verifying Static Password is "SPASS"

Code Block
languagepy
    def test_2_staticpass(self):
        #logon with 'static password' credential
        username=raw_input('Please enter your login name:')
        password=raw_input('Please enter your AD password:')
        params = {
            'user':{'loginName':username, 'domain.name':domainname},
            'credential':{'method':'SPASS', 'password':password}
        }
        r=self.auth.execute("auth/verify", params)

...

The authentication method for verifying Static Password is "OTP"

Code Block
languagepy
    def test_3_verifySafeID(self):
        otp=raw_input('Please enter you SafeIDotp:')
        params = {
            'user':{'loginName':username, 'domain.name':domainname},
            'credential':{'method':'OTP', 'otp':otp}
        }
        r=self.auth.execute("auth/verify", params)

...

To deliver an on-demand password to a user via email message (SMTP)

Code Block
languagepy
    def test_4_sendOTP(self):
        username=raw_input('Please enter your login name:')
        params = {
            'user':{'loginName':username, 'domain.name':domainname},
            'options':{'channel':'SMTP'}
        }
        r=self.auth.execute("auth/sendOTP", params)

...

The authentication method for verifying On-Demand Password is "OTPoD"

Code Block
languagepy
    def test_5_verifyODP(self):
        username=raw_input('Please enter your login name:')
        otp=raw_input('Please enter you otp:')
        params = {
            'user':{'loginName':username, 'domain.name':domainname},
            'credential':{'method':'OTPoD', 'otp':otp}
        }
        r=self.auth.execute("auth/verify", params)

...