I am attempting to access Archer exception data via my rest client (Postman). I am able to obtain a session token via the initial login POST, however successive GET calls to contentapi are giving me trouble. On successive calls I receive a 200 OK response message for successful calls, but am shown our company login page instead of the data I requested. I have also checked and ensured anonymous authentication is enabled.
It doesn't sound like a problem in your code. It sounds like a configuration (and possibly a network) problem.
Try this. Log into Archer in a browser and issue the request in the address bar of that browser. The content API will respect your session cookie, so you should get a file download prompt. Save it and open it in Notepad++. Does that work? If not, your code is not the problem.
I should mention that we have SSO enabled in our production environment. I was able to get the above to work using my SSO username and password. However, the only way I am able to get a session token via my REST client/Postman is by using a separate password linked to the same username (I logged in via SSO, and changed password in 'My Profile'). Only the SSO username and nonSSO password give me this session token via API.
Yes, that is expected behavior. User records that are created in Archer as a result of an LDAP sync never contain Active Directory passwords, and Archer does not authenticate users against external user stores.
When a user accesses Archer via SSO, Archer is essentially accepting a claim about the identity of the requestor. If that identity matches with a user in the Archer user store, a session is created and returned, but the user's domain password is never passed or checked in any way. So the only way to manually log in to Archer is to know the local password, or to reset it like you did.