Important Update: Some Community URL Redirects are Under Maintenance. Learn More. .

cancel
Showing results for 
Search instead for 
Did you mean: 

Archer GRC REST Content Help

AndrewPaulson
Contributor II

I am attempting to access Archer exception data via my rest client (Postman). I am able to obtain a session token via the initial login POST, however successive GET calls to contentapi are giving me trouble. On successive calls I receive a 200 OK response message for successful calls, but am shown our company login page instead of the data I requested. I have also checked and ensured anonymous authentication is enabled.

14 REPLIES 14

BodieMinster
Archer Employee
Archer Employee

When you say you are "shown" the company login page, what do you mean? Are you making the GET calls from a browser? 

AndrewPaulson
Contributor II

I said that based off the "Preview" in my rest client Postman (shown in the initial attachment). I am making the GET call from this client. So to my knowledge authentication is not occurring even with the session token being passed.

 

Including another attachment of this call:

archer API response after providing archer session ID.PNG

It doesn't sound like a problem in your code. It sounds like a configuration (and possibly a network) problem.

 

Try this. Log into Archer in a browser and issue the request in the address bar of that browser. The content API will respect your session cookie, so you should get a file download prompt. Save it and open it in Notepad++. Does that work? If not, your code is not the problem.

AndrewPaulson
Contributor II

Hi Bodie,

 

I should mention that we have SSO enabled in our production environment. I was able to get the above to work using my SSO username and password. However, the only way I am able to get a session token via my REST client/Postman is by using a separate password linked to the same username (I logged in via SSO, and changed password in 'My Profile'). Only the SSO username and nonSSO password give me this session token via API.

Make sure that Manual Bypass is enabled in ACP.

I'm not sure I'm understanding you, but it sounds like you're saying you were trying to authenticate using the password associated with your network account credentials. Is that correct?

Yes, “Allow manual bypass” is enabled in the Archer Control Panel (ACP)

I am able to login to the Archer UI with my network account, but I'm only able to get a session token via API with my local password.

Yes, that is expected behavior. User records that are created in Archer as a result of an LDAP sync never contain Active Directory passwords, and Archer does not authenticate users against external user stores.

 

When a user accesses Archer via SSO, Archer is essentially accepting a claim about the identity of the requestor. If that identity matches with a user in the Archer user store, a session is created and returned, but the user's domain password is never passed or checked in any way. So the only way to manually log in to Archer is to know the local password, or to reset it like you did.