api/auth endpoint responding with SAML request instead of bearer token

Hello, hope everyone is doing well!

I am attempting to authenticate to the API by invoking the endpoint at api/auth (I have also tried api/auth/login and api/auth/loginadmin

However, instead of responding with the bearer token, it responds with an SSO Authentication Request which I recognize as coming from our SSO provider. See screenshot.

My gut tells me the service account I was provided is misconfigured because there are articles that state “The API has no support for Single Sign On (SSO) authentication for any automated scripting processes. You must use a non-SSO TeamDynamix User-typed account, service account or admin service account to authenticate.” 

Is there a way to configure the account to bypass SSO? Is there something wrong with how I'm making the request? We're a bit stuck here. :) Thanks! 

 

Tags API webapi sso SAML TeamDynamixApi
Asked by Tamara Buch on Tue 4/12/22 10:41 AM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Mark Sayers Tue 4/12/22 12:53 PM

Hello Tamara,

If your goal is to sign in to the API, you definitely need to be pointing it at https://yourdomain/sbtdwebapi/api/auth and not https://yourdomain/sbtdnext/api/auth as that latter version is not an endpoint.

The API definitely does not currently support SSO, so you'd need to be sending the TDX Username and local password for the account in question, and not anything related to the user's SSO credentials.

No feedback
Thanks Mark. You are correct that I was using the wrong endpoint. The correct endpoint was giving a 400 Bad Response while this incorrect one was returning the SAML response. The reason for the 400 was because my body was not json formatted like the API expected. Pulling the body out of the splat, converting to json, then putting it back in the splat before making the rest call got me my token. :)

$Body = @{
'username' = $Credential.UserName
'password' = $Credential.GetNetworkCredential().Password
} | ConvertTo-Json
$IVRsplat.add('Body', $Body)
- Tamara Buch Tue 4/12/22 4:50 PM
Ok great! I'm glad it was an easy fix. - Mark Sayers Tue 4/12/22 4:55 PM