Intro smart bcs 1.0 Ticket Service Operation

Operation

Login in the Browser

Usually you don't have to login directly to the SBCS Login Service. But for troubleshooting or developing other SBCS services, this can be usefull. Usually other SBCS services require you to present a valid ticket issued by the SBCS Login Service.

The home page of the SBCS Login Service can be reached at https://sbcs.example.com/.

SBCS Login Service

Enter your valid user credentials. If they can be validated successfully by the SBCS Login Service, your browser will receive a ticket an store it in a cookie. The details of this ticket are presented to you for reference.

SBCS Login Service: My Ticket

Note the value of the exp claim. This is the Unix timestamp (seconds since 1970-01-01) of the expiration date of your ticket. You can convert this to a human readable date using a tool of your choice (e. g. EpochConverter).

Create a Ticket using curl

You can create a ticket using curl.

$ curl -H "Content-Type: application/json" -d '{"username": "user", "password": "secret"}' https://sbcs-host/ticketserver/api/v1/login  

{
    "ticket": "eyJ0eXAiOiJKV1QiLCJhbGci....pDhag" 
}

Create a Service Ticket

The SBCS Services access each other using service tickets. These tickets are valid for 10 years and include the ADMIN group.

The command sbcs-create-ticket can be used to create a service ticket.

$ sbcs-create-ticket --help
usage: sbcs-create-ticket [-h] --sub SUB

Ticket Server JWT Creator

optional arguments:
  -h, --help  show this help message and exit
  --sub SUB   JWT sub

The value for the --sub argument should identify the SBCS service that will use this ticket.

$ sbcs-create-ticket --sub sbcs-faw@sbcs-host.example.com
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJUaWNrZXQgU2Vydm...

The decoded JWT contains payload similar to this:

{
  "iss": "Ticket Server v1",
  "exp": 1843819200,
  "groups": [
    "USER",
    "ADMIN"
  ],
  "sub": "sbcs-faw@sbcs-host.example.com",
  "jti": "25faa309-81b0-49f3-b48d-00d1f7ffc6a6"
}

Refresh a Ticket

You can manually get a new ticket using an existing one as long as the existing ticket is still valid.

POST https://sbcs-host/ticketserver/api/v1/refresh
existing ticket as:
- cookie ecm4u-jwt or
- header Authorization: Bearer <existing ticket>
Response (JSON)
- ticket: the new ticket

Example using cookie:

$ curl --cookie "ecm4u-jwt=$ticket" -X POST https://sbcs-host/ticketserver/api/v1/refresh

{
    "ticket": "eyJ0eXAiOiJKV1QiLCJhbGci...pDhag" 
}

Example using header:

$ curl -H "Authorization: Bearer $ticket" -X POST https://sbcs-host/ticketserver/api/v1/refresh

{
    "ticket": "eyJ0eXAiOiJKV1QiLCJhbGci...pDhag" 
}