Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.
SOAP access over SSO
Peter Benedix
Tyro
in API
Hello,
we're integrating Panopto into our show control system. Our customers need to use the SSO login and we need to set a folder for recording. I can't found a way to login using SSO using the SOAP API. If this is not possible in general, please give me an idea how to add a folder and/or communicate with panopto outside of a browser using SSO logins.
Thanks!
0
Answers
We still need this information. Please respond to our question.
Hello Peter,
You said SSO login. I assume you meant that the end users who have access to Panopto are authenticated by SAML ID provider or some LMS. I can think of two different goals that you might have. Can you clarify which one is your case, or tell me more detail if neither represents your case?
a. Your application works as Panpto system admin level. Your application is responsible to authenticate the user on behalf of SAML ID provider or LMS, and then want to access Panopto API on behalf of authenticated users.
b. Your application does not handle authentication. You want the end users to go through authentication process over the browser and the application will use some sort of access token to access Panopto API
Hello Hiroshi Ohno,
thanks for answering. I need a solution for case a. Based on your .Net online sample I used this pice of code:
…
string panoptoFqdn = "wxxxxxxx.eu";
string username = "<name of the sso user>";
string identityProviderInstanceName = "WxxxxS-SSO";
string identityProviderApplicationKey = "7xxxxxxxxxxxx2aae";
PanoptoRemoteRecorderManagement.AuthenticationInfo recorderAuthInfo = new PanoptoRemoteRecorderManagement.AuthenticationInfo()
{
UserKey = identityProviderInstanceName + "\\" + username,
AuthCode = CreateAuthCode(identityProviderInstanceName, username, panoptoFqdn, identityProviderApplicationKey)
};
…
private static string CreateAuthCode(string identityProviderInstanceName, string username, string serverFqdn, string applicationKey)
{
string payload = identityProviderInstanceName + "\\" + username + "@" + serverFqdn.ToLower() + "|" + applicationKey.ToLower();
var data = Encoding.ASCII.GetBytes(payload);
var hashData = new System.Security.Cryptography.SHA1Managed().ComputeHash(data);
var hash = string.Empty;
foreach (var b in hashData)
hash += b.ToString("X2");
return hash;
}
I used the RemoteRecorderDemoGUI sample from github and had replaced the user/password part by this code. Unfortunately the only result that I’m receiving is "The current user does not have access to call this method."
The user is a user is part on the sso login group – not the official administrator. Since this message also appears when I enter a non-existent user (like "foo"), I can't be sure how to interpret this refusal.
Thanks,
Peter
Peter,
Thank you for explaining more details. What you did looks correct and I think something minor is wrong.
Can you open a support ticket (through your Panopto administrator who has access to support channel) so that we can directly work with you?
Hi Hiroshi,
thanks for replying.
@Mr. Benedix, I already opened a ticket for you (Case 00734982), and ensured a Panopto administrator is added. One of my colleagues will reach out to you asap.
Best,
Evelin