Previous Topic: loginServiceManaged (Policy, Encrypted_Policy)

Next Topic: Configuration for the PKI Authentication Type

Managing Web ServicesExternal SpecificationsPublic Key Infrastructure (PKI) AuthenticationloginServiceManaged (Policy, Encrypted_Policy)Implement loginServiceManaged in Java

Implement loginServiceManaged in Java

The following shows how to generate Certificates and then use these generated Certificates to access the CA SDM web services.

In the following example, the login process completes using the CA SDM Certificate and then performs two common web services calls. The getBopsid() web services method call allows you to obtain a token that is linked to a specific user. This token can be used to login to the CA SDM web interface as the linked user without being prompted for a password. This allows seamless integration to be enabled between different applications.

Important! The generated BOPSID token expires after 30 seconds, so it must be used promptly.

Note: Use the AXIS Tool known as WSDL2Java to generate the required stub classes. You can get this tool from http://ws.apache.org/.

Important! There is a known issue when using the 1.4 version of the AXIS tool. For more information, see the Release Notes.

To implement loginServiceManaged in Java

  1. Start the CA SDM service.
  2. Run pdm_pki -p DEFAULT.

    DEFAULT.p12 is created in the current directory. This policy will have the password equal to the policy name (in this case DEFAULT).

    Note: This command will also add the Certificate's public key to the field pub_key field (public_key attribute) in the sapolicy table/object.

  3. Log into CA SDM and select the Administration tab.

    Navigate to Web Services Policy, Policies.

    The Web Services Access Policy List appears.

  4. Click DEFAULT.

    The Update Web Services Access Policy appears.

  5. Complete the Proxy Contact field (in this example, ServiceDesk) and confirm that the DEFAULT policy record Has Key field displays "Yes."
  6. Copy DEFAULT.p12 (from the directory where command pdm_pki is executed), the JSP file called pkilogin.jsp and the HTML file called pkilogin.htm (from the $NX_ROOT\samples\sdk\websvc\java\test1_pki directory) to the following directory: 
    $NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\axis
  7. Open the HTML form (from the axis directory). For example, http://localhost:8080/axis/pkilogin.htm

    Complete the appropriate fields.

    Note: The Directory field identifies the location of the Certificate file. Modify the path to the correct location.

  8. Click Log me in!

    The results page opens.

  9. Click the BOPSID URL.

    Important! Click this immediately! The BOPSID has a limited life token of about 30 seconds.

    The format of a URL using a BOPSID is as follows:

    http://<server name>:<port>/CAisd/pdmweb.exe?BOPSID=<BOPSID value>

Note: In order to use the loginServiceManaged method for a Java client program running on AIX, you may need to replace a pair of security policy files within your JAVA_HOME. Go to http://www.ibm.com and search for "developerworks java technology security information AIX". In the "developerWorks : Java technology : Security" document, follow the link to "IBM SDK Policy files". Download the unrestricted policy files, local_policy.jar and US_export_policy.jar. Use these files to replace the original files in your JAVA_HOME/lib/security directory."