how to Documentum IDfSession with AWS Cognito token

Question

I have this code block to get a token with AWS,

public static void main(String[] args) {

        AWSCognitoIdentityProvider cognitoClient = AWSCognitoIdentityProviderClientBuilder//
                .standard()//
                .withRegion(Regions.US_EAST_1)//
                .build();

        final Map<String, String> authParams = new HashMap<>();

        authParams.put("USERNAME", username);
        authParams.put("PASSWORD", password);
        authParams.put("SECRET_HASH", calculateSecretHash(username));

        final InitiateAuthRequest authRequest = new InitiateAuthRequest();

        authRequest//
                .withAuthFlow(AuthFlowType.USER_PASSWORD_AUTH)//
                .withClientId(CLIENT_ID)//
                .withAuthParameters(authParams);

        InitiateAuthResult result = cognitoClient//
                .initiateAuth(authRequest);

        System.out.println(result.getAuthenticationResult().getAccessToken());

}

private static String calculateSecretHash(String userName) throws Exception {

    SecretKeySpec signingKey = new SecretKeySpec( //
            CLIENT_SECRET.getBytes(StandardCharsets.UTF_8), //
            HmacAlgorithms.HMAC_SHA_256.toString());

        Mac mac = Mac.getInstance(HmacAlgorithms.HMAC_SHA_256.toString());
        mac.init(signingKey);
        mac.update(userName.getBytes(StandardCharsets.UTF_8));
        byte[] rawHmac = mac.doFinal(CLIENT_ID.getBytes(StandardCharsets.UTF_8));

        return Base64.encodeBase64String(rawHmac);

}

once I have this token I want to create a IDfSession with documentum, like this but instead of passing user/pass I want to pass the AWS token,

private static IDfSession getDfSession() throws DfException {
    IDfClient client = DfClient.getLocalClient();
    IDfSessionManager sessionMgr = client.newSessionManager();
    IDfLoginInfo login = new DfLoginInfo();
    login.setUser(USERNAME);
    login.setPassword(PASSWORD);
    login.setDomain(null);
    sessionMgr.setIdentity(DOCBASE, login);
    IDfSession session = sessionMgr.newSession(DOCBASE);
    return session;
}

is this possible? do I need to process the token first in any way to being able to authenticate with the repository? using these credentials, in OTDS, there's the option to redirect to aws, sign in and redirect back to OTDS already authenticated.

Answer 1

If you have an authentication handler for aws configured on OTDS, you can get an aws token and then send it (coded as base64 mime) to the token (I think) OTDS endpoint and you should get back an OTDS token that you can use with any DCTM client configured against OTDS.

You just have to fight a little bit (or not so little) with the poorly documented api to get it working