Previous Topic: Managing OrganizationsNext Topic: Updating Organizations

RiskMinder Web Services Developer's GuideManaging OrganizationsCreating Organizations

Creating Organizations

When you deploy Administration Console, an organization is created by default. This out-of-the-box organization is referred to as Default Organization (DEFAULTORG). For a single organization setup, instead of creating an organization you can rename this default organization, change its configurations, and then continue to use it.

For a multi-organization setup, you must create additional organizations. You can do this either by using Administration Console or by using Web services.

This section walks you through the following steps for creating organization:

Note: After you create an organization, you must refresh the system cache for the new organization to take effect. See "Refreshing the Organization Cache" for more information on how to refresh the cache.

Preparing the Request Message

The createOrgRequest message is used to create organizations in the RiskMinder database. The following table lists the elements of this request message.

Element

Mandatory

Description

orgName

Yes

The unique name of the organization that you want to create. This name will be used to log in to Administration Console.

displayName

Yes

A descriptive name for the organization.

keyLabel

No

The label for the key used to encrypt the sensitive organization data.

Setting the key label is a one-time operation. After you set this value, you cannot modify it.

Note: If this value is not specified, then the Master Key is used as the key label.

repositoryType

No

The repository where the accounts of the users who belong to the organization will reside. This repository can be one of the following:

  • ARUSER:
    Indicates that the user accounts will be created in a Relational Database Management System (RDBMS). RiskMinder supports MS SQL, MySQL, and Oracle Database.
  • LDAP:
    Indicates that the user accounts existing in your directory service will be used.
    Note: If you choose this option, then ensure that you have successfully deployed User Data Service (UDS) and configured it to connect to your directory service.

ldapDetails

No

 

Required only if repositoryType =LDAP

The details of the directory service where the user information is available:

  • host
    The host name of the system where your directory service is available.
  • port
    The port number at which the directory service is listening.
  • schemaName
    The LDAP schema used by the directory service. This schema specifies the types of objects that a directory service can contain, and specifies the mandatory and optional attributes of each object type.
    Typically, the schema name for Active Directory is user and for SunOne Directory, it is inetorgperson.
  • baseDN
    The name-value key pairs of the base Distinguished Name (DN) of the directory service. This value indicates the starting node in the LDAP hierarchy to search in the directory service.
    For example, to search or retrieve a user with a DN of cn=rob laurie, ou=sunnyvale, o=arcot, c=us, you must specify the base DN as the following:
    ou=sunnyvale, o=arcot, c=us
    Typically, these values are case sensitive and search all sub-nodes under the specified base DN.

connectionCredential

No

 

Required only if repositoryType =LDAP

The information required to connect to the directory service:

  • ssl
    The type of connection to be established with the directory service:
    TCP: Indicates that the directory service will listen to incoming requests over TCP.
    1WAY: Indicates that the directory service will listen to incoming requests over one-way SSL.
    2WAY: Indicates that the directory service will listen to incoming requests over two-way SSL.
  • loginName
    The complete distinguished name of the LDAP repository user who has the privilege to log in to the repository sever and manage the base DN.
    For example,
    uid=gt,dc=arcot,dc=com
  • loginPassword
    The password of the user provided in loginName.
  • (Optional) serverTrustCert
    The base64-encoded trusted root certificate of the server that issued the SSL certificate to the directory service.
    This parameter is required only if ssl is set to 1WAY or 2WAY.
  • (Optional) clientKeyStore
    The password for the client key store and the base64-encoded root certificate of UDS.
    This parameter is required only if ssl is set to 2WAY.

redirectSearchSchema

No

 

Required only if repositoryType =LDAP

The schema to be used when searching for values whose attributes are in a different node.

redirectSearchAttribute

No

 

Required only if repositoryType =LDAP

The value of the attribute to be searched in redirectSearchSchema.

repositoryattribute

No

 

Required only if repositoryType =LDAP

The user attribute in the directory service that has to be mapped to the RiskMinder attribute. Based on this mapping, UDS searches for the user in the directory service.

arcotattribute

No

 

Required only if repositoryType =LDAP

The RiskMinder attribute to which the directory service attribute must be mapped.

For example, you can map the UID attribute in the directory service to the USERNAME RiskMinder attribute.

status

No

The status of the organization in the database:

  • INITIAL
    Indicates that the organization is not yet activated and cannot be used for any operations.
  • ACTIVE
    Indicates that the organization has been successfully created and activated. You can perform any supported operation on the organization.
  • INACTIVE
    Indicates that the organization has been deactivated. To perform any further operation, you must first activate the organization.
  • DELETED
    Indicates that the organization has been deleted and cannot be used anymore.

    Note: If you do not set the status element for the organization, then the organization is created with the INITIAL state.

description

No

A description for the organization that helps the administrators managing the organization to easily identify the organization.

customAttribute

No

Name-value pairs that you can use to set any additional user or organization information.

clientTxId

No

Unique transaction identifier that your calling application can include. This identifier helps in tracking related transactions.

Invoking the Web Service

To create organizations:

  1. (Optional) Include the authentication and authorization details in the header of the createOrg operation.

    See "Managing Web Services Security" for more information on the header elements.

  2. Use the createOrgRequest elements to set the organization information, as listed in the table.
  3. Use the createOrgRequest message and construct the input message by using the details specified in the preceding step.
  4. Invoke the createOrg operation of the ArcorUserRegistryMgmtSvc service to create the organization.

    This operation returns the createOrgResponse message that includes the transaction identifier and the authentication token. See the following section for more information on the response message.

Interpreting the Response Message

The response message, createOrgResponse, returns the transaction identifier and the authentication token in the SOAP envelope header. These elements are explained in the following table.

The SOAP body returns a success message if the operation was performed successfully. If there are any errors, then the Fault response is returned. See appendix, "Exceptions and Error Codes" for more information on the SOAP error messages

Element

Description

udsTransactionID

The unique identifier of the transaction performed by using UDS.

authToken

The authentication token that is returned if the credential verification to access the Web service was successful. This token eliminates the need for you to present the authentication credential for successive access to the Web service.

By default, the authentication token is valid for one day, after which you need to authenticate again.