Skip to Main Content
Merative Ideas Portal

Shape the future of Merative!

We invite you to shape the future of Merative, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the Merative team to refine your idea

Help Merative prioritize your ideas and requests

The Merative team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at Merative works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notification on the decision

Some ideas can be implemented at Merative, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.


Merative External Privacy Statement: https://www.merative.com/privacy

Status Not under consideration
Created by Priyabrata Behera
Created on Aug 16, 2021

Rest service : Accept authentication credentials in the http header

SOAP and Rest authentication approach is not same in IBM Curam SPM. We expect Rest service authentication to work similar to SOAP webservice where authentication credentials are passed in the header of the SOAP request.

Currently MSD has exposed numbers of SOAP webservices for other agencies to interact with MSD, where in consumers pass authentication credentials in the header of the SOAP request. Also MSD is consuming some of the Rest services exposed by other agencies where in we make only one request by passing authentication credentials in the header of the HTTP request. Going forward we are looking to implement all our new services as Rest services and we would like all our existing and new consumers (agencies) to have the same experience. It doesn't look good if we request other agencies to make two calls to call Rest services exposed by MSD.

Hence, it would be great if IBM can enhance Rest authentication framework to accept authentication credentials in the http header and perform the authentication based on these credentials.

Support Case : WH00012140

Customer Name New Zealand MSD
  • Attach files
  • Linas Jakucionis
    Reply
    |
    Aug 22, 2023

    We need a support for system to system integration via REST APIs.

    We need to be able to enrol a system as valid consumer of REST API and leave it running without having to call j_security_check.

    The current authentication and authorisation seems to be working well for browser web applications but not for integration between systems.


    We'd like either guidance or enhancements to help support REST API via headers/tokens/or some other mechanism :)


    Our current approach in the absence of this uses a workaround:

    Curam exposes SOAP - IIB sits in front an re-exposes that as REST API - Consumer calls REST API.

  • Guest
    Reply
    |
    Sep 29, 2021

    Hi Priyabrata,

    We have reviewed your enhancement suggestion. Based on the information provided, our understanding of your request is as follows:

    * Enhance the REST authentication framework to accept authentication credentials in the HTTP header and perform the authentication based on these credentials.

    SPM is following the industry-standard way of authenticating for REST services using j_security_check. SPM SOAP web services use Curam custom headers for authenticating. They were designed that way many years ago and at the time the solution was apt. For REST services we cannot follow the same old architecture as it impacts all the other customers who are using SPM REST infrastructure. We are exploring the possibility of enhancing SPM authentication using technologies like JWT and OIDC in a future version, this may change the way we authenticate for REST services in future.

    We are closing this request and do not plan to take any further action. If you believe we have misunderstood your request please respond within 7 days with clarifications.

    Thank you,
    Shane McFadden, SPM Offering Management team
    Note: We have improved your RFE experience and transitioned to an Ideas Portal provided by our trusted business partner Aha!

  • Guest
    Reply
    |
    Aug 17, 2021

    Hi Priyabrata,

    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions.

    We will review the information you have provided and get back to you within 30 days. If additional details are required in order to complete our evaluation, we will send you a request for more information.

    Thank you,
    Shane McFadden, SPM Offering Management team
    You can find more information on the request process here.
    Note: we are currently in the process of improving your RFE experience and will soon transition to an Ideas Portal provided by our trusted business partner Aha!
    Further communications with additional details will be shared shortly.