This page provides sample code for creating a Crowd Client using the SOAP API.
 | The Crowd API has been tested with: Axis 1/2, Microsoft .NET and XFire. |
The SOAP WSDL is available on the following URL for the Crowd Standalone version:
The Java Remote Interface that is used to generate the SOAP service is available here:
This JavaDoc file details inputs and outputs for the available Crowd security server SOAP server. You will see that all methods require an AuthenticatedToken. A valid token can be obtained by calling the authenticateApplication service method.
Like a user token, the application client token is valid only for the same period of time a user token would be. If you receive a SOAP fault for an invalid application client you will need to re-authenticate your application client and re-invoke the SOAP service.
Crowd ships with out of the box Java Integration Libraries that map one-to-one to these web services.
authenticateApplication - Authenticating an Application Client
Here is the server request which passes in the server name and a password credential.
The server will respond with an application token:
authenticatePrincipal - Authenticating a Principal
In this message the principal is authenticated using the previously obtained application token.
The server then responds with the token for the now authenticated user:
An invalid authentication attempt will look like the following:
findPrincipalByToken - Finding a Principal by their Authenticated Token
Now that the principal is authenticated, we may want to find additional details about the principal. With the authenticated principal token, the application can now look up a user by a token or their name. The example below shows looking up a principal by their authenticated token:
The server lookup response for the principal token:
