How To Get Fedauth And Rtfa From Sharepoint Using Postman

Getting FedAuth and RTFA from SharePoint Using Postman

This guide will walk you through the process of obtaining FedAuth and RTFA cookies from SharePoint using Postman, empowering you to efficiently test your SharePoint APIs.

1. Understanding FedAuth and RTFA

FedAuth stands for Federated Authentication. It’s a security protocol used by SharePoint to authenticate users and grant access to resources. RTFA (Request Token for Access) is a cookie that is generated after successful FedAuth authentication. It’s used to allow access to SharePoint resources after the initial authentication process.

2. Setting up Postman

Install Postman: If you haven’t already, download and install the latest version of Postman from https://www.postman.com/.
Open a New Request: Create a new request in Postman by clicking the “New” button.

3. Crafting the Authentication Request

Set the Request Details:
- Request Type: POST
- URL: Replace [your-sharepoint-url] with your actual SharePoint site URL.
```
[your-sharepoint-url]/_forms/default.aspx?wa=wsignin1.0
```
Add Headers:
- Content-Type: application/x-www-form-urlencoded
- Accept: text/html, application/xhtml+xml, */*
- X-RequestDigest: (Obtain the value from the next step)
Obtain X-RequestDigest:
- Make a GET request to [your-sharepoint-url]/_api/contextinfo to retrieve the X-RequestDigest value.
- Access the X-RequestDigest value from the response body using the JSON extractor or by copying it manually.

4. Obtaining FedAuth and RTFA Cookies

Setting the Request Body:
- Form Data: Add the following key-value pairs in the body of the POST request:
  - wa: wsignin1.0
  - wctx: [your-sharepoint-url]/ (Replace with your actual SharePoint site URL)
  - username: your-username@your-domain.com
  - password: your-password
Send the Request: Click the “Send” button to execute the request.
Extract FedAuth and RTFA Cookies:
- FedAuth: The server will set the FedAuth cookie. Locate the FedAuth cookie in the Response Headers tab.
- RTFA: The server will redirect you to the [your-sharepoint-url] URL. Inspect this redirection URL in the Response Headers tab, it will contain the RTFA cookie in the query string.

5. Using the Cookies for API Testing

Add the Cookies to Subsequent Requests:
- Add Cookies: Copy the FedAuth and RTFA cookies from the response headers and add them as Cookie headers to all your subsequent requests to SharePoint APIs. You can use the built-in cookie management feature in Postman to store these cookies.
Testing SharePoint APIs:
- After successfully setting the FedAuth and RTFA cookies, you can use Postman to test any SharePoint API that requires authentication.
- The following example demonstrates requesting information about the current user:
```
GET: [your-sharepoint-url]/_api/web/currentUser
Headers:
  Authorization: Bearer [AccessToken]
  Cookie: FedAuth=[FedAuthCookie]; RTFA=[RTFCookie]
```
  - Replace [your-sharepoint-url], [AccessToken], [FedAuthCookie], and [RTFCookie] with your actual values.

6. Additional Tips

Security: When testing with real user credentials, be mindful of security best practices. Use a separate account dedicated to testing and avoid storing sensitive information in the Postman workspace.
Error Handling: Be prepared for potential errors during authentication. If the request fails, review the response body and headers to understand the reason for the failure.
Environment Variables: Optimize your workflow by using Postman environment variables to store sensitive information like your username, password, and URLs. This keeps your requests cleaner and simplifies management.

This guide provides a comprehensive framework for getting FedAuth and RTFA cookies from SharePoint using Postman, enabling you to confidently test SharePoint APIs. Remember to handle these credentials securely and consult your project’s security guidelines. Happy testing!