How to Restrict Web Services Logins to Only Go Through PKI "loginServiceManaged()"?
search cancel

How to Restrict Web Services Logins to Only Go Through PKI "loginServiceManaged()"?

book

Article ID: 50135

calendar_today

Updated On:

Products

CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service CA Service Desk Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Description:

The document gives a detailed step-by-step procedure to disable the web services logon for Service Desk Manager, so that all of the web service calls go through the Public Key Infrastructure(PKI) using "loginServiceManaged()".

Solution:

This document is different than requiring a secure login as described in the Implementation Guide.

The Implementation Guide covers steps for requiring a login() and loginService() web methods to be called with a secure protocol, such as https.

For more information on that, please refer to the "Web Services Configuration" on page 439 of the 12.5 CA SDM Implementation Guide.

This document covers the steps to force all logins to go through PKI.

To disable the Web Services logon for Service Desk Manager, follow these steps:

  1. Make a backup of the following file on all servers - the primary server as well as all secondary servers:

    SD_or_CMDB_install_directory\sdk\websvc\R11\deploy.wsdd

    Note: the above file is for windows install and for UNIX/Linux install, it will be
    $NX_ROOT/sdk/websvc/R11/deploy.wsdd

  2. Edit the file, deploy.wsdd, in a text editor.

  3. Search for the following text string: handler type="USDSecurity65"

  4. Remove the comment character strings, "<!--" and "-->", from the following section:
    <!--<handler type="USDSecurity65" />-->
    The result is:
    <handler type="USDSecurity65" />
  5. Save the file.

  6. Run "pdm_configure" on all servers - the primary server as well as the secondary servers.

  7. Start Service Desk Manager Proctor Daemon Service on all secondary servers.

  8. Start the Service Desk Manager Daemon Service on the primary server.

Once the steps have been followed, Service Desk Manager no longer accepts calls made to the "login()" and "loginService()" Web Service methods.

Any calls to "login()" return: 'GLOBAL EXCEPTION: User logon disabled'. Calls to "loginServiceManaged()", which uses PKI, are accepted.

For more information, please refer to the CA Service Desk Implementation Guide r12.5 CA SDM.

Figure 1. Before changing deploy.wsdd.

<Please see attached file for image>

Figure 1

Figure 2. After changing deploy.wsd.

<Please see attached file for image>

Figure 2

Environment

Release:
Component: ARGIS

Attachments

1558698645076000050135_sktwi1f5rjvs16od0.gif get_app
1558698642966000050135_sktwi1f5rjvs16ocz.gif get_app
Powered by Wolken Software