Prev Next

User Credentials in a Security Enabled Model

If the model connected via Pro Cloud Server has User Security enabled via Model Credentials or OpenID Authentication, then you will have to authenticate the user before retrieving, updating, creating or deleting a Resource/Resource Feature. Once the user is authenticated, you will be provided with a User Authentication Token that you will have to pass in with the OSLC GET and POST Requests. Unless you pass in the User Authentication Token, the OSLC request on a Security Enabled model will not be processed by the Pro Cloud Server.

To get the User Authentication Token:

  • In a Model that has OpenID Authentication enabled, POST the Authorization Code and Redirect URI to a specific URL; the Authorization Code can be obtained by authorizing the User at the authorizationURI endpoint (which is specified in the Service Provider Resource); the Redirect URI is the URI to which the Authorization Code is sent by the OpenID Server (this is specified in the OpenID Server configuration)
  • In a Model that has Model Credential Security enabled, POST the User's Enterprise Architect Model Security credentials (User ID and Password) to a specific URL; these are the same credentials that you will type into the 'Login to EA Repository' dialog in a security-enabled model
  • Upon successful validation, the XML returned will contain the User Authentication Token (amongst other information) in the XML element 'ss:useridentifier'

Validating User Credentials in a Security Enabled Model

Step

Action

1

If the Model has:

  • OpenID Authentication enabled, go to Step 2
  • Windows NTLM Authentication enabled, go to Step 3
  • Model Credential Security enabled, go to Step 4

2

Validate the user by POSTing the Authorization Code and Redirect URI to:

     URL: <protocol>://<server>/<model_name>/oslc/am/login/

     POST Body: sso=openid;code=<AUTHORIZATION CODE>;redirecturi=<REDIRECT URI>;

3

Get the User Authentication Token by POSTing to this URL:

     URL: <protocol>://<server>/<model_name>/oslc/am/login/

     POST Body: sso=ntlm;

4

Validate the user by POSTing their User's Enterprise Architect Model Security credentials to:

     URL: <protocol>://<server>/<model_name>/oslc/am/login/

     POST Body: uid=<USER ID>;pwd=<PASSWORD>;

5

If validation succeeds, the response will typically be:

<?xml version="1.0" encoding="UTF-8"?>

<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"

                 xmlns:ss="https://sparxsystems.com.au/oslc_am#"

                 xmlns:foaf="http://xmlns.com/foaf/0.1/">

<ss:login>

<!--boolean value that specifies whether the model allows Resource Creation/Update-->

<ss:readonlymodel>VALUE</ss:readonlymodel>

<!--boolean value that specifies whether you have valid Pro Cloud Server license-->

<ss:validlicense>VALUE</ss:validlicense>

<!--specifies the Full Name and User ID of the User in a Security Enabled Model-->

<ss:userfullname>

<foaf:Person>

<foaf:name>FULL NAME</foaf:name>

<foaf:nick>USER ID</foaf:nick>

</foaf:Person>

</ss:userfullname>

<!--specifies the User Authentication Token-->

<ss:useridentifier>USER AUTHENTICATION TOKEN</ss:useridentifier>

<!--specifies the OpenID Access Token in a Model that supports OpenID Authentication-->

<ss:accesstoken>OPENID ACCESS TOKEN</ss:accesstoken>

<!--specifies the OpenID Refresh Token in a Model that supports OpenID Authentication-->

<ss:refreshtoken>OPENID REFRESH TOKEN</ss:refreshtoken>

<!--boolean value that specifies whether you have permission to create/update Resources-->

<ss:elementpermission>VALUE</ss:elementpermission>

<!--boolean value that specifies whether you have permission to update Diagrams-->

<ss:diagrampermission>VALUE</ss:diagrampermission>

<!--boolean value that specifies whether you have permission to create/update Resource Tests-->

<ss:testpermission>VALUE</ss:testpermission>

<!--boolean value that specifies whether you have permission to create/update Resource Allocations-->

<ss:resourceallocationpermission>VALUE</ss:resourceallocationpermission>

<!--boolean value that specifies whether you have permission to create/update Resource Maintenance Items-->

<ss:maintenanceitempermission>VALUE</ss:maintenanceitempermission>

<!--boolean value that specifies whether you have permission to create/update Resource Project Management Items-->

<ss:projectmanagementitempermission>VALUE</ss:projectmanagementitempermission>

</ss:login>

</rdf:RDF>

Passing User Authentication Token with OSLC Requests

Once the User Credential is successfully validated, you pass in the User Authentication Token in every OSLC request; that is, pass in the User Authentication Token:

  • when retrieving a Resource or Resource Feature XML using GET Request as the value of the query string parameter 'useridentifier'
  • when creating/updating a Resource or Resource Feature using POST RDF/XML as the value of the XML element 'ss:useridentifier'

Passing User Authentication Token with GET Requests

For GET requests, pass in the User Authentication Token as the value of the query string parameter 'useridentifier':

  • <protocol>://<server>/<model_name>/oslc/am/OSLC REQUEST/?useridentifier=<USER AUTHENTICATION TOKEN>

Examples

No.

Example Input

1

Retrieve the Properties of an Enterprise Architect Package Resource:

  • Whose GUID is {5147E138-1F14-4738-B721-5FCC0F8821A8}
  • In a Security Enabled model
  • Where the User Authentication Token is {72825AF9-E116-48f1-9DF8-77815E66B1A7}

http://localhost:480/firebird_model/oslc/am/resource/pk_{5147E138-1F14-4738-B721-5FCC0F8821A8}/?useridentifier={72825AF9-E116-48f1-9DF8-77815E66B1A7}

2

Retrieve all Resources:

  • With the name Class1
  • In a Security Enabled model
  • Where the User Authentication Token is {72825AF9-E116-48f1-9DF8-77815E66B1A7}

http://localhost:480/firebird_model/oslc/am/qc/?useridentifier={72825AF9-E116-48f1-9DF8-77815E66B1A7}&oslc.where=dcterms:title="Class1"

Passing in a User Authentication Token with OSLC POST Requests

For OSLC POST requests, you need to pass in the User Authentication Token as a part of the RDF/XML accompanying the POST request.

Examples

No.

Input

1

In a Security Enabled model:

  • The User Authentication Token is {72825AF9-E116-48f1-9DF8-77815E66B1A7}
  • A Class 'Class1' is created under a Package with the Enterprise Architect GUID {965A54C2-6A89-46d7-AB7E-F192668010CA}

The Notes, Complexity and Version are set.

<?xml version="1.0" encoding="UTF-8"?>

<rdf:RDF xmlns:oslc_am="http://open-services.net/ns/am#"

                xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"

                xmlns:dcterms="http://purl.org/dc/terms/"

                xmlns:foaf="http://xmlns.com/foaf/0.1/"

                xmlns:ss="https://sparxsystems.com.au/oslc_am#">

     <oslc_am:Resource>

          <!--Required Properties-->

          <dcterms:title>Class1</dcterms:title>

          <dcterms:type>Class</dcterms:type>

          <ss:parentresourceidentifier>pk_{259A54C2-6A89-46d7-AB7E-F192668010CA}</ss:parentresourceidentifier>     

          <dcterms:description>Created via OSLC</dcterms:description>

          <ss:complexity>Easy</ss:complexity>

          <ss:version>1.0</ss:version>

          <ss:useridentifier>{72825AF9-E116-48f1-9DF8-77815E66B1A7}</ss:useridentifier>

     </oslc_am:Resource>

</rdf:RDF>

2

In a Security Enabled model:

  • The User Authentication Token is {72825AF9-E116-48f1-9DF8-77815E66B1A7}
  • An Actor 'Actor1' with the Enterprise Architect GUID {567854C2-6A89-46d7-AB7E-F192668010CA} has its name updated to 'Actor 1_New'

<?xml version="1.0" encoding="UTF-8"?>

<rdf:RDF xmlns:oslc_am="http://open-services.net/ns/am#"

                xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"

                xmlns:dcterms="http://purl.org/dc/terms/"

                xmlns:foaf="http://xmlns.com/foaf/0.1/"

                xmlns:ss="https://sparxsystems.com.au/oslc_am#">

     <oslc_am:Resource>

          <!--Required Properties-->

          <dcterms:identifier>el_{567854C2-6A89-46d7-AB7E-F192668010CA}</dcterms:identifier>   

          <dcterms:title>Actor1_New</dcterms:identifier>

          <ss:useridentifier>{72825AF9-E116-48f1-9DF8-77815E66B1A7}</ss:useridentifier>

     </oslc_am:Resource>

</rdf:RDF>

Notes

  • This facility is available through these Enterprise Architect Pro Cloud Server Editions, under Enterprise Architect Release 13.5 or higher: Small Business Edition, Team Server Edition and Enterprise Server Edition
  • An OSLC request will not be processed by the Pro Cloud Server unless the User Authentication Token is passed in with the request on a Security Enabled model
  • 30 minutes of inactivity will log you out of a Security Enabled model; you will have to login again by POSTing the User Credentials to the credential validation URL

Learn more