rwslib with iMedidata about rwslib HOT 3 CLOSED

Hi John,

By default RWS (and hence rwslib) uses basic auth for authentication against a Rave User account username/password combination. In the case of a user authenticated through iMedidata Single-Sign-On using CAS or SAML Rave does not have the password to check against so Basic Auth can't work.

The easiest way to proceed is to request that the client provide you with a Classic Rave Account / Login. Even clients that have moved to iMedidata should be able to do that.

The alternative auth mechanism is MAuth, this allows you to sign your RWS requests with an authentication header. The way this works is that you generate a public/private keypair and supply Medidata with the public half. Medidata registers this key in the mAuth server associating the key with an "App" which has an App UUID. This allows you to sign requests to Medidata API services, proving that the request came from your App. That makes sense for API's like iMedidata's API where you want to act on behalf of an App to determine what users and studies have been assigned to your app but for RWS you want to make some change to clinical data or request clinical data in the context of some user. So for RWS there is an extra step where your App UUID is associated with a user account in Rave, perhaps specially created for the purpose - so you see it still comes back to a user account in Rave in order to provide context to what your requests are allowed to do/see.

The benefit of mAuth with RWS is that the user account it is associated with does not have password expiration so access can never be disrupted by the need to change the password.

I hope that clarifies. If you want to pursue mAuth with RWS, we have a python mAuth library that we are about to release as open source and have a version of rwslib in the develop branch that integrates with it. Feel free to contact me at [email protected]

from rwslib.

Thanks Ian. That was both clear and helpful. For now we'll stay with the local Rave account, but per your suggestion, the long term solution is probably to shift to mAuth. Service consumption without expiring passwords is going to be much more convenient over the long haul.

I will take a look at the mAuth code too. (I guess there's got to be a sandbox in the developer space.)
Thanks again.
J

from rwslib.

requests-mauth is here:

https://github.com/mdsol/requests-mauth

and using it with rwslib is explained here:

https://github.com/mdsol/rwslib/blob/develop/docs/source/getting_started.rst#authentication

It is certainly possible to get an MAuth APP ID and Keys registered for use against the innovate.mdsol.com Rave sandbox, but you'd need to speak to your Medidata technical partner contact. I assume you have an innovate account already? If not, see https://www.mdsol.com/en/who-we-are/clients-partners/developer-central.

from rwslib.