Is OnePass Needed for a UDS Session?
Disregarding everything that would need to change in Website, is a OnePass account actually needed in order to establish a UDS session? Another way to ask: Is it possible to create a Cobalt product that does not use OnePass without significant changes to modules besides Website?
Tagged:
4
Best Answer
-
OnePass is NOT required in order to establish a UDS session. In fact, it was only within the last year or so that OnePass absolutely became required for WestlawNext (prior to that certain trial or test passwords were allowed to bypass OnePass). OnePass **is** required in order to access Data Room, although work is underway in Data Room to support alternate OAUTH credentials (a SAML token from a trusted source). At least minor changes would be needed in UDS and Data Room to support a new credentials source, but a pattern for using OAUTH/SAML is being established for a new non-Legal product being developed on the Cobalt platform.3
Answers
-
Awesome, could you elaborate a bit on what is needed? Is there still a regkey of some sort, or PRISM id, or really anything regarding who the user is that UDS needs? The reason why is I am on a project that might have A LOT of unique and unidentified users and I want to look at all options.0
-
UDS does require some sort of user id (anything 40 bytes or less), and certain other fields, but it does not have to be a valid Prism user guid. Just for session creation, UDS assumes other modules are co-ordinating the authentication (perhaps through calling other UDS apis, that are independent of session creation.) More details on which session fields are required can be found on the UDS wiki:
http://nsawiki.int.westgroup.com/wiki/index.php5/Session_Management#Session_Object0 -
The Data Room OAUTH/SAML processing is still under development, but when completed, it will support creation of a DR WorkProductToken using a SAML assertion, from a recognized, trusted source, that contains all the information that DR needs to identify the user and the user's access information (eliminating the need for Prism Security and OnlineCharges.) Callers will still be able to create the OAUTH WorkProductToken via UDS, assuming UDS knows what api to call for that product, to obtain the SAML assertion.0
-
Just to clarify terminology which you are mixing. SAML and OAuth have NOTHING to do with each other. Each use different techniques for secure authentication. SAML is for access INTO something else, and is should really only be used for browser based apps (which is what it is designed for). OAUTH is a completely different technique, that STILL requires some form of browser (for the use to authorized access). If DR is using either of these, it can be problematic. OAuth is the closes, but DR doesn't have it's own authentication.0
-
I used that terminology because the Data Room api to create the WPT is currently called "CreateOauthToken" but it accepts an encrypted SAML assertion. It may change by the time development is completed.0
Categories
- All Categories
- 6 AHS
- 37 Alpha
- 161 App Studio
- 4 Block Chain
- 4 Bot Platform
- 16 Connected Risk APIs
- 47 Data Fusion
- 30 Data Model Discovery
- 608 Datastream
- 1.3K DSS
- 577 Eikon COM
- 4.9K Eikon Data APIs
- 7 Electronic Trading
- Generic FIX
- 7 Local Bank Node API
- Trading API
- 2.7K Elektron
- 1.3K EMA
- 236 ETA
- 519 WebSocket API
- 33 FX Venues
- 10 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 20 Messenger Bot
- 2 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 59 Open Calais
- 264 Open PermID
- 39 Entity Search
- 2 Org ID
- PAM
- PAM - Logging
- 8.4K Private Comments
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 20 RDMS
- 1.4K Refinitiv Data Platform
- 367 Refinitiv Data Platform Libraries
- 3 Refinitiv Due Diligence
- LSEG Due Diligence Portal API
- 3 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.1K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 10 World-Check Customer Risk Screener
- 990 World-Check One
- 44 World-Check One Zero Footprint
- 45 Side by Side Integration API
- Test Space
- 3 Thomson One Smart
- 1.2K TR Internal
- Global Hackathon 2015
- 2 Specialists Who Code
- 10 TR Knowledge Graph
- 150 Transactions
- 142 REDI API
- 1.7K TREP APIs
- 4 CAT
- 21 DACS Station
- 117 Open DACS
- 1.1K RFA
- 103 UPA
- 172 TREP Infrastructure
- 224 TRKD
- 886 TRTH
- 5 Velocity Analytics
- 5 Wealth Management Web Services
- 59 Workspace SDK
- 9 Element Framework
- 5 Grid
- 13 World-Check Data File
- Yield Book Analytics
- 46 中文论坛