RDP Authentication Flow with two applications

Hello,
I have the following scenario, I have two registered application in EDP API for production and QA environment. In sepparetly way when the proccess in production is active we do not have any problem with the login and refresh token, but when we active the QA environment proccess with the other app key the login is ok but in both environment at the moment that we want to refresh the token with the following headers
params.add(new BasicNameValuePair("client_id", 'myid'));
params.add(new BasicNameValuePair("username", 'myusername'));
params.add(new BasicNameValuePair("grant_type", "refresh_token"));
params.add(new BasicNameValuePair("refresh_token", refreshToken));
I got
Login Rejected. Authentication token not provided.After that error, we try again refresh the token, after five attempts the login is called again without refresh the token to get a new one.
This is the complete code for authentication
params.add(new BasicNameValuePair("client_id", Singleton.getInstance().getRdpApplicationId()));
params.add(new BasicNameValuePair("username", Singleton.getInstance().getRDPUser()));
//login for first time
if(refreshToken == null) {
params.add(new BasicNameValuePair("password", Singleton.getInstance().getRDPPassword()));
params.add(new BasicNameValuePair("grant_type", "password"));
params.add(new BasicNameValuePair("takeExclusiveSignOnControl", "true"));
}else {
// refresh token every 5 minutes
params.add(new BasicNameValuePair("grant_type", "refresh_token"));
params.add(new BasicNameValuePair("refresh_token", refreshToken));
}
httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
Im wondering if something is missing or the header takeExclusiveSignOnControl work like only mantain one login no matter what app key I use affecting the other login in a different environment. Or what is the correct way to handle this authentication flow with two environment at the same time.
**The processes run in separate environments
Thanks
Best Answer
-
Hi @isanchez
The 'client_id', or App Key does not control permissions but rather identifies an application. It is the 'username' that controls permissions and it is this ID that the authentication system presently only allows 1 active session.
If you disable the 'takeExclusiveSignControl', i.e. false, you will not be able to authenticate any additional instances while you have one already running with the same 'username'. The only way around this is to use a different username.
0
Answers
-
Hi @isanchez
Are you using the same 'username' for both applications? Also, is the same application running in both environments?
If you plan to run the applications simultaneously using the same username, I would suggest you reach out to your account manager and explain what you are trying to do, and request a 2nd username ID. Presently, the authentication system only allows 1 active session for a given username ID. If you attempt to run simultaneous applications and have enabled 'takeExclusiveSignonControl' to true, the 2nd application that starts will steal control of the session. That is, after the 2nd application takes exclusive control, once the 1st application attempts to refresh its access token, it will fail.
0 -
Hello @nick.zincone
The username is the same in both environments and the client_id is different we have an app key for QA and other for Production.
Yes, the connector is the same version in both environments only the configuration change for what app key need to use.
If I disable the header takeExclusiveSignonControl to false I will have the same result using differents APP KEY?
Thanks in advance
0 -
Hello @nick.zincone
We ask to our account manager and He said to us the feature of this product is "Each ID supports up to 5 concurrent connections. Customers may want to split their subscriptions over more than 1 connection for perfomance, administrative or legacy reason"
Therefore I want to clarify the params that I sent to the login
client_id -> APP KEY generated by environment (different in QA and producction)
username -> MachineID (Same in both environment)
password -> Password created for the machineID (Same in both environment)
Thanks.0 -
It is true that an ID can support up to 5 concurrent connections into the streaming server, but only supports 1 active session into the RDP authentication system. If you run a single application, you first retrieve the authentication tokens. Once you have the access token, you can use this to form up to 5 connections into a streaming server using the same access token. That is what it is referring to when it states 5 concurrent connections. However, if you run the 2nd application, the authentication server detects your session count == 1 (max) and the 2nd application "steals" the session and as a result, the 1st application will fail to refresh its token.
The only real way around this is to request a second Machine ID.
0
Categories
- All Categories
- 3 Polls
- 6 AHS
- 36 Alpha
- 166 App Studio
- 6 Block Chain
- 4 Bot Platform
- 18 Connected Risk APIs
- 47 Data Fusion
- 34 Data Model Discovery
- 690 Datastream
- 1.5K DSS
- 629 Eikon COM
- 5.2K Eikon Data APIs
- 11 Electronic Trading
- 1 Generic FIX
- 7 Local Bank Node API
- 3 Trading API
- 2.9K Elektron
- 1.4K EMA
- 255 ETA
- 560 WebSocket API
- 39 FX Venues
- 15 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 25 Messenger Bot
- 3 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 60 Open Calais
- 281 Open PermID
- 46 Entity Search
- 2 Org ID
- 1 PAM
- PAM - Logging
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 23 RDMS
- 2K Refinitiv Data Platform
- 724 Refinitiv Data Platform Libraries
- 4 LSEG Due Diligence
- LSEG Due Diligence Portal API
- 4 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.2K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 12 World-Check Customer Risk Screener
- 1K World-Check One
- 46 World-Check One Zero Footprint
- 45 Side by Side Integration API
- 2 Test Space
- 3 Thomson One Smart
- 10 TR Knowledge Graph
- 151 Transactions
- 143 REDI API
- 1.8K TREP APIs
- 4 CAT
- 27 DACS Station
- 121 Open DACS
- 1.1K RFA
- 106 UPA
- 194 TREP Infrastructure
- 229 TRKD
- 918 TRTH
- 5 Velocity Analytics
- 9 Wealth Management Web Services
- 95 Workspace SDK
- 11 Element Framework
- 5 Grid
- 19 World-Check Data File
- 1 Yield Book Analytics
- 48 中文论坛