2.0 Enabling Basic Authentication for Web Services
Product: CA Access Control Enterprise Edition
Release: 12.5.x, 12.6, 12.6.01
OS: All
This scenario describes how to configure Basic Authentication for the [assign the pupm variable value for your book] web services SDK.
This Knowledge Base Article constitutes a portion of the official CA product documentation for this CA product. This Knowledge Base Article is subject to the following notices, terms and conditions.
The Web Services PUPM SDK lets you write applications that check in and check out privileged account passwords. You do not need to install CA Access Control to use the Web Services PUPM SDK.
To ensure that only authorized users access the Web Services programs, you can enable basic authentication on the Enterprise Management Server.
The following diagram illustrates how you enable basic authentication for Web Services programs:
<Please see attached file for image>
Follow these steps:
When you install the Enterprise Management Server for the first time, the CA Identity Manager Management Console option is disabled. To enable the CA Identity Manager Management Console, change the default settings.
Important!: Complete the following procedure only if you selected to use Active Directory or the embedded user store during installation.
Follow these steps:
JBoss_HOME/server/default/deploy/IdentityMinder.ear/management_console.war/WEB-INF
AccessFilter
The CA Identity Manager Management Console is enabled.
You use the CA Identity Manager Management Console to enable the basic authentication mode.
Follow these steps:
http://enterprise_host:port/idmmanage
After you enable the basic authentication mode, you modify the JBoss application server settings to support the authentication mode.
Follow these steps:
JBoss_HOME/server/default/dpeloy/IdentityMinder.ear/user_console.war/WEB-INF
<security-constraint> <display-name>require valid user</display-name> <web-resource-collection> <web-resource-name>internal application</web-resource-name> <!-- secure only admin pages--> <url-pattern>/TEWS6/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <!--Admin pages secured only for admin--> <role-name>admin</role-name> </auth-constraint> </security-constraint>
<!-- For BASIC authentication--> <login-config> <auth-method>BASIC</auth-method> <realm-name>domain_name</realm-name> </login-config>
<!--<security-domain>java:/jaas/<WebApplicationName></security-domain>--><security-domain>java:/jaas/auth</security-domain>
JBoss_HOME/server/default/conf
<!-- Used by clients within the application server VM such as mbeans and servlets that access EJBs. -->
<application-policy name = "auth"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">users.properties</module-option> <module-option name="rolesProperties">roles.properties</module-option> </login-module> </authentication></application-policy>
JBoss_HOME/server/default/conf
<username>=<password>For example: admin=Passw0rd
<rolename>=<user>For example: admin=admin
You have successfully configured the JBoss application server for basic authentication mode.
After you have configured basic authentication, you can use a SOAP (Simple Object Access Protocol) utility to verify that the basic authentication mode protects access to the [assign the pupm variable value for your book] Web Services.
Example: Use SOAPUI to verify basic authentication
The following example shows you how to verify basic authentication using soapUI utility.
Follow these steps:
http://<HOST_NAME>:port/iam/TEWS6/ac?wsdlExample: http://ENTM_server:18080/iam/TEWS6/ac?wsdl
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl"> <soapenv:Header/>In this example, you specified that users can check out privileged accounts of type Disconnected (<wsdl:Namespace>Disconnected</wsdl:Namespace>), from an endpoint TestEndpoint (<wsdl:EndpointName>TestEndpoint</wsdl:EndpointName>) and the privileged account testaccount (wsdl:AccountName>testaccount</wsdl:AccountName>)
<soapenv:Body>
<wsdl:TaskContext>
<!--You may enter the following 11 items in any order-->
<!--Optional:-->
<wsdl:admin_id>superadmin</wsdl:admin_id>
</wsdl:TaskContext>
<wsdl:CheckOutAccount>
<!--Optional:-->
<wsdl:CheckOutAccountcheckOutAccountPasswordTewsTab>
<!--Optional:-->
<wsdl:Namespace>Disconnected</wsdl:Namespace>
<!--Optional:-->
<wsdl:EndpointName>TestEndpoint</wsdl:EndpointName>
<!--Optional:-->
<wsdl:AccountName>testaccount</wsdl:AccountName>
<!--Optional:-->
<wsdl:Container>Accounts</wsdl:Container>
</wsdl:CheckOutAccountcheckOutAccountPasswordTewsTab>
</wsdl:CheckOutAccount>
</soapenv:Body>
</soapenv:Envelope>
You have verified the basic authentication mode.
This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the "Documentation") is for your informational purposes only and is subject to change or withdrawal by CA at any time.
This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. This Documentation is confidential and proprietary information of CA and may not be disclosed by you or used for any purpose other than as may be permitted in (i) a separate agreement between you and CA governing your use of the CA software to which the Documentation relates; or (ii) a separate confidentiality agreement between you and CA.
Notwithstanding the foregoing, if you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise make available a reasonable number of copies of the Documentation for internal use by you and your employees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproduced copy.
The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed.
TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
The use of any software product referenced in the Documentation is governed by the applicable license agreement and such license agreement is not modified in any way by the terms of this notice.
The manufacturer of this Documentation is CA.
Provided with "Restricted Rights." Use, duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or their successors.
Copyright ? 2012 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.