...
Armor uses ADFS and OAUTH workflow for the portal and API authentication. By presenting a retrieved Bearer id_token to the API a user can leverage the API documentation to access all endpoints from both the Legacy and v2 API. Below is documentation to retrieve a token from Armor’s SSO platform using your Armor user account with that does not have MFA enabled.
Postman Example
(Right click to save as)
...
Authentication and ID token generation is handled by https://auth.armor.com To authentication authenticate and receive an ID token, please follow these steps:
Authenticate
...
Provide a username (which does not have MFA enabled) and the password. This endpoint would will return a SessionToken in response.
A subsequent call to GET https://amp.armor.com/oauth2/default/v1/authorize end point with required query string parameters would return the Id_Token
QUERY STRING PARAMETERS
response_type required | string The expected response type. Always id_token |
response_mode required | string The method by which the ID token will be returned. Always form_post |
client_id required | String Use this client_Id “0oab141ypCQYHHQgI696” |
redirect_uri required | string The base URL of the API that will be used in this session. Example: https://api.armor.com/ |
sessionToken required | Value received from the above step |
scope required | string openid email profile |
State required | string “state-296bc9a0-a2a2-4a57-be1a-d0e2fd9bb601" |
Nonce required | string “g5ly497e8ps" |
Prompt required | string none |
The returned body will contain an HTML <form> element containing the ID token. Proceed to the next relevant step based on the client_id you submitted with the request. This endpoint will return a 200 response. If your HTTP client supports following redirects, enable that option. Otherwise, perform a subsequent GET of the returned location header.
Response:
Retrieve Your ID Token
Similar to how you retrieve the MFA context in the previous step, use xpath Use Xpath or a similar parser to get the value if of the id_token HTML input:
XPath Example
xpath 'html/body/form/input[@name="id_token"]/@value'
...
Scoped access token generation is handled by the by api.armor.com and requires a valid ID token. To retrieve a scoped access token, make the following API request with your ID token:
POST https://api.armor.com/auth/token
QUERY STRING PARAMETERS
scope required | string A space-delimited list of scopes to assign to the access token. A full list of permission scopes are available by going to the Roles and Permissions Screen in the Armor Management Portal and selecting a role. The scope name will be the "System" name prefixed with *: For example, if the system for a given permission is log-management, the corresponding scope is *:log-management The list of scopes must always include at least openid, email, and profile |
REQUEST HEADERS
authorization required | string The authorization header including the Bearer scheme and the ID token from above. Example: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9… |
REQUEST BODY SCHEMASCHEMA application/json
(None) | null The body of this request must be exactly null. |
RESPONSE BODY SCHEMASCHEMA application/json
assertion
| null The resulting scoped access token as a JWT. |
scope
| null A space separated list of scopes included on the token. This should be identical to the requested scopes unless the user does not have any permissions applicable to a requested scope, in which case that scope is excluded. |
token_type
| null The type of token returned in the assertion field. Always jwt-bearer. |
You can now use the access token from the assertion property of the response, and the ID token retrieved in the previous step to make API calls to any OAuth2 scoped token endpoint.
...