Configuring SSL for ITAM Web Services WSDL
search cancel

Configuring SSL for ITAM Web Services WSDL

book

Article ID: 36958

calendar_today

Updated On:

Products

CA IT Asset Manager ASSET PORTFOLIO MGMT- SERVER CA Service Management - Asset Portfolio Management

Issue/Introduction

‘Server error in /APIService application http 404 The resource cannot be found ‘ error is returned when trying to access the Asset Portfolio Management web service via the  WSDL URL with SSL enabled.

ie. Trying to access  https://<ServerNamewith FQDN>APIService/Gen/BAAAAAC/B/Service.svc/basic.wsdl)

returns the following error:

‘Server error in /APIService application http 404 The resource cannot be found ‘

Environment

ITAM v14.1 and higher

Component:  Asset Portfolio Management-Asset Configuration

Cause

When Secure Socket Layer (SSL)  is configured on the Asset Portfolio Management app\web server, additional configuration needs to be done to the Windows Communication Foundation (WCF) web.config.

Resolution

Make the below changes in the web.config file of the WCF Service on the CA APM server:

1.      Open the web.config with note pad at  \Program Files (x86)\CA\ITAM\WCF Service

2.      Search for <basicHttpBinding>  change the key from <security mode=”None”> to< security mode=”Transport”

Original text:

      <basicHttpBinding>
        <binding name="BasicHttp" transferMode="Buffered">
          <security mode="None">
            <transport clientCredentialType="None"/>
          </security>
        </binding>
      </basicHttpBinding>

Revised text (change highlighted in bold):

      <basicHttpBinding>
        <binding name="BasicHttp" transferMode="Buffered">
          <security mode="Transport">
            <transport clientCredentialType="None"/>
          </security>
        </binding>
      </basicHttpBinding>

 

3.      Search for <wsHttpBinding> and change the key from <security mode=”None”>to <security mode=”Transport”

Original text:

      <wsHttpBinding>
        <binding name="WsHttp" messageEncoding="Text">
          <security mode="None">
            <transport clientCredentialType="None"/>
          </security>
        </binding>
      </wsHttpBinding>


Revised text (change highlighted in bold):

      <wsHttpBinding>
        <binding name="WsHttp" messageEncoding="Text">
          <security mode="Transport">
            <transport clientCredentialType="None"/>
          </security>
        </binding>
      </wsHttpBinding>

 

5.      Search for <serviceBehaviors> and change the line "<serviceMetadata httpGetEnabled="true"/>" to read as "<serviceMetadata httpsGetEnabled="true"/>"

This is a very subtle change as we are changing "httpGetEnabled" to "httpsGetEnabled"

Original text:

      <serviceBehaviors>
        <behavior name="CA.Applications.Web.WCF.IServiceBehavior">
          <!-- To avoid disclosing metadata information, 
          set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="false"/>
          <!-- To receive exception details in faults for debugging purposes, 
          set the value below to true.  Set to false before deployment 
          to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <ITAMServiceBehavior/>
        </behavior>
      </serviceBehaviors>

Revised text (change highlighted in bold):

      <serviceBehaviors>
        <behavior name="CA.Applications.Web.WCF.IServiceBehavior">
          <!-- To avoid disclosing metadata information,
          set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpsGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes,
          set the value below to true.  Set to false before deployment
          to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <ITAMServiceBehavior/>
        </behavior>
      </serviceBehaviors>

4.      Recycle IIS for the changes to take effect

 

Additional Information

ITAM Web Services relies on the WCF service (Windows Communication Foundation).  Information on configuring WCF Services in IIS for SSL are available here.

One may also need to remove the http port 99 binding in IIS and enable directory browsing on the APMWebSite

Removal of the http port 99 Binding:

Directory Browsing:

After making the above changes, recycle IIS, then download a new set of the wsdl files from ITAM to test again.  This step may help address an error such as “Web Services Error: The provided URI scheme 'https' is invalid; expected 'http'. (Parameter 'via')”. after making the above changes in IIS.

To download a new WSDL, from the main menu,

1.  Select Administration -> Web services. 
     In the left treeview, there will be link for 'WSDL download'. 
2.  Select the WSDL download link and it will prompt to save the wsdl zip file to a location on your local machine.

NOTE:  You must be logged in as a user with web services permissions to access the Administration -> Web services link. 

For more information on configuring ITAM for SSL, please review this article in the Service Management documentation: (Optional) Configure Secure Network Communication