How to generate an Authorization header for the SecureAuth API using ColdFusion

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version Affected:  8.2 and higher



    This article describes how to generate an authorization header for  the SecureAuth Authentication API using ColdFusion Markup Language.



    GitHub contains C# and Javascript SDKs for the API but if implementing the API in a different language or not using the SDK, it can be useful to see a simple working example in a different language such as CFML




    This script is also attached as a text file:


    Copyright (c) 2018, Pillar Software Developers, LLC

    All rights reserved.

    Original Author: Armando Falcon




    <!--- GET USERID FROM XML ---->

    <cfset userid = "USERID GOES HERE">


    <!--- VARIABLES ---->

    <cfset timeStamp = "#datetimeformat(now(),'EEE, dd mmm yyyy HH:nn:ss.lll', 'GMT')# GMT">

    <cfset thePath = "/secureauth9/api/v1/users/#userid#/factors">

    <cfset Method = "GET">

    <!--- VERY IMPORTANT TO REMOVE ALL CARRIAGE RETURNS FROM THIS STRING, ONLY LF ACCEPTED, this will cause your authentication to fail if not properly formatted --->


    <cfset myString = "#Method#







    <!--- Encryption Function ---->

    <cfset keybytes = BinaryDecode(session.secretkey, "Hex")>

    <cfset databytes = CharsetDecode(myString, "UTF-8")>

    <cfset secret = createObject("java", "javax.crypto.spec.SecretKeySpec").Init(keybytes,"HmacSHA256")>

    <cfset mac = createObject("java", "javax.crypto.Mac")>

    <cfset mac = mac.getInstance("HmacSHA256")>

    <cfset mac.init(secret)>

    <cfset digest = mac.doFinal(databytes)>

    <cfset theHash = BinaryEncode(digest, "Base64")>


    <cfhttp url="https://#session.domain##thePath#" method="#Method#" result="result" charset="utf-8" authType="Basic" username="#session.appID#" password="#theHash#" timeout="60" >

    <cfhttpparam type="header" name="X-SA-Ext-Date" value="#timeStamp#" />

    <cfhttpparam type="header" name="Accept-Encoding" value="" />




    <!--- VIEW OUTPUT RESULT --->

    <cfdump var="#result#">


    More information:

    SecureAuth API:


    SecureAuth GitHub:


    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.