Authenticating and Session Handling in ADx

Configuring Sessions

You can configure the maximum idle time and the usage of session cookies which allow you to keep the session alive after the browser has been closed. To do it, modify TRIBEFIRE_USER_SESSIONS_MAX_IDLE_TIME and TRIBEFIRE_RUNTIME_OFFER_STAYSIGNED runtime properties in accordance with your needs when installing ADx.

  # Specifies how long a user session should remain active when there is no activity on the session.
  # After the specified inactive time has passed (i.e. no request with the corresponding session ID has been received by the server),
  # the session is flagged as inactive and consequently removed by a periodic cleanup process.
  # The time span can be specified as a human-readable string, using numbers and the time unit, as in 12h, 30m, 3600s, etc.
  TRIBEFIRE_USER_SESSIONS_MAX_IDLE_TIME: "30m"

  # When this is set to true, the login dialog will offer an option to stay signed-in after a browser restart.
  # If this is set to false, the user session will always be closed when the browser is closed.
  # This is achieved by using a session cookie that stores the user's session ID until the browser is closed.
  TRIBEFIRE_RUNTIME_OFFER_STAYSIGNED: "true"

Authenticating to ADx

To authenticate to your ADx instance, send a request to the https://[host]:[port]/access.adx.admin/v1/session endpoint. As a result, a session ID is returned - you can use it in other requests. The table below shows endpoints you can call to handle sessions.

Request type	Service description	Endpoint	Request query parameters	Returns
POST	Create session	`/access.adx.admin/v1/session`	userName, password	``
GET	Get session object or session ID	`/access.adx.admin/v1/session`		Session object.
DELETE	Close session by ID	`/access.adx.admin/v1/session`		``
GET	Search all available sessions	`/access.adx.admin/v1/session/search`		A list of available session objects.
DELETE	Close multiple sessions by their IDs	`/access.adx.admin/v1/sessions`		``

Parameters

Parameter	Data type	Description
userName	string	user name used for authentication
password	string	password used for authorization
sessionId	string	sessionId returned by ADx

Authenticating with Encrypted Passowrds

ADx enables you to create session by providing an encrypted password. To do this, follow these steps:

Encrypt your password by running the ./encrypt.sh --value mypassword (.bat on Windows) script. You should the encrpted password as a response.
```
$ ./encrypt.sh --value 's3cur3p455w0rd'
cNRVe5T5gOB0o3NXxjCdRkiMGbNKWpAsbGFWFVKCVjZ0Jh1yUwyaZxPJ1WjFYbXABc6qiw==
DONE
```
You can find the encrypt.sh file in your adx-deployment-package installation folder.
In Swagger, find the /access.adx.admin/v1/session endpoint and do the following:
1. In userName enter your user name.
2. In password enter the your encrypted password from step one.
3. Check the passwordIsEncrypted box.

cURL Example

The request shown below will return a session ID from ADx instance running on https://[host]:[port]. Replace [host], [port], [username], and [password] with the actual values in your request.

curl -X POST "https://[host]:[port]/access.adx.admin/v1/session" -H  "accept: application/json" -H  "Content-Type: multipart/form-data" -F "user=[username]" -F "password=[password]" -F "noExceptionOnFailure=false" -F "staySignedIn=false"