How a Web Services SDK Application Gets a Password

Enterprise Administration Guide › Planning Your PUPM Implementation › Implementation Considerations › The PUPM SDK › How a Web Services SDK Application Gets a Password

How a Web Services SDK Application Gets a Password

The Web Services PUPM SDK lets you write Java applications that check in and check out privileged account passwords. You do not need to install CA Access Control on the endpoint on which the Web Services PUPM SDK application runs. However, unlike password consumer SDKs, the Web Services PUPM SDK does not cache passwords or authenticate users.

Web Services PUPM SDK applications use SOAP (Simple Object Access Protocol) and port 18080 to communicate directly with the Enterprise Management Server.

Important! We recommend that you use a strong authentication protocol such as NTLM to authenticate the connection between the application and the Enterprise Management Server.

The following process describes how a Web Services PUPM SDK application gets a password:

The application logs in to CA Access Control Enterprise Management.
The user name and password with which the application logs in are defined in the application.
The application requests the password for a privileged account.
CA Access Control Enterprise Management checks the privileged access role assigned to the user that represents the application.
One of the following happens:
- If users with that privileged access role can obtain the privileged account password, CA Access Control Enterprise Management sends the password to the application.
- If users with that privileged access role cannot obtain the privileged account password, CA Access Control Enterprise Management sends an error message to the application.
The application logs out of CA Access Control Enterprise Management.

More information:

How to Configure an Endpoint to Use a Web Services PUPM SDK Application