Use CURL to access /demo/mobile-demo/rba with the access token
Use CURL to run the following command in a shell terminal.
The command includes the previously obtained access token with the Authorization header. Use this command to access the protected application resource /demo/mobile-demo/rba.
curl k v H "Authorization: Bearer C57M09" H "ContentType: application/json" H "Accept: application/json" https://<reverse proxy address>/demo/mobiledemo/rba
The response is the result of enforcement of the previously attached CBA policy. The policy requires completion of a TOTP authentication.
< HTTP/1.1 200 OK < { "mechanism": "urn:ibm:security:authentication:asf:mechanism:totp", "message": "", "state": "9efd546c5a574d218a027a79110c2f19", "location": "/mga/sps/apiauthsvc?StateId=9efd546c5a574d218a027a79110c2f19", "execptionMsg": "NA" }
The next request validates the TOTP for testuser1. The otp value is supplied by testuser1 by reading its Google Authenticator app.
curl k v X PUT H "ContentType: application/json" H "Accept: application/json" H "Authorization: Bearer C57M09" data "{'otp': '842998'}" "https://<reverse proxy address>/mgaapi/sps/apiauthsvc?StateId=9efd546c5a574d218a027a79110c2f19"
The resulting response is the actual protected resource from /demo/mobile-demo/rba. Its data format is HTML. However, the basic configuration and REST client experience is successfully deployed.
< HTTP/1.1 200 OK < contentlanguage: enUS < contenttype: text/html;charset=ISO88591 < date: Mon, 08 Feb 2016 04:06:34 GMT < p3p: CP="NON CUR OTPi OUR NOR UNI" < xoldcontentlength: 1554 < transferencoding: chunked < cachecontrol: nocache="setcookie, setcookie2" < expires: Thu, 01 Dec 1994 16:00:00 GMT
<HTML> <BODY> <div class="content"> <div class="contentHeader"> <h1 class="pageTitle">Riskbased access protected resource</h1> <div class="instructions"></div> </div> <div class="pageContent" style="width: 600">
If you get the following page, then either you have a match for the device fingerprint or you were already authenticated at a high level (for example, one-time password).
</div> </div> </BODY> </HTML>
Parent topic: Example combining CBA, Authentication Service Framework, and OAuth