Symantec IGA

Expand all | Collapse all

Policy Xpress to generate SOAP Call

Jump to Best Answer
  • 1.  Policy Xpress to generate SOAP Call

    Posted 03-24-2016 02:53 PM

    Can Policy Xpress pull data from our IDM SQL db tables and create an Action Rule to execute a SOAP calls to idm to perform an admin task?

    I already have working soap messages to create roles and account templates.

    -Mahad



  • 2.  Re: Policy Xpress to generate SOAP Call

    Broadcom Employee
    Posted 03-25-2016 11:28 AM

    Hi Mahad Farah,

     

    1. How to connect Policy Express to SQL Server data source and work with tables, stored procedures and functions?

    Is treated into the following tech doc:
    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec530732.aspx

     

    2.

    Since IM 12.6.4 Policy XPress Supports SOAP and REST Web Services.
    Policy XPress is enhanced to support Web Services SOAP (with basic authentication method) and REST (with basic authentication, proxy authentication, and OAuth authentication methods) such that it can be integrated with external applications that provide a web service interface.

    See https://support.ca.com/cadocs/0/CA%20Identity%20Manager%2012%206%204-ENU/Bookshelf_Files/HTML/idocs/2303074.html

     

    Hoping that can help you.

    Regards,

    Philippe.



  • 3.  Re: Policy Xpress to generate SOAP Call

    Posted 03-28-2016 03:33 PM

    The SOAP message im trying to send is to IDM - I created three data elements and tested they all could connect but I'm having trouble setting up the action rule:

     

    Action Rule Condition:

    if one of the data elements (getDelta equals 1)

     

    Add Action:

    Category: Soap Queries

    Type: Soap Queries

    Funciton: Anonymous Auth Invoke

     

    WSDL URL: https://IDMURL:443/iam/im/TEWS6/teamdev

    SOAP ACtion: Left it blank

    Soap version: 1.1

    Soap Request Message: I put the soap message xml that I tested worked from SoapUI - starts with

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">

       <soapenv:Header/>

       <soapenv:Body>

          <wsdl:TaskContext>........



  • 4.  Re: Policy Xpress to generate SOAP Call

    Broadcom Employee
    Posted 03-29-2016 10:43 AM

    I would say first try with SOAP UI. This will make sure you have correct settings for SOAP calls.



  • 5.  Re: Policy Xpress to generate SOAP Call

    Posted 03-29-2016 01:41 PM

    I have - and it works in Soap UI but I think when I set the data elements in the message something breaks.

    This is all I get from the error logs:

     

    16:34:52,400 ERROR [ims.policyxpress.PxController] (ajp-/10.237.104.86:8009-2) ENVIRONMENT error occured while running flow. Throwing exception. : com.ca.identitymanager.policyxpress.exceptions.PxEnvironmentException: Failed running web service

     

    16:34:52,383 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (ajp-/10.237.104.86:8009-2) Interceptor for {http://test/}HelloWebService#{http://cxf.apache.org/jaxws/dispatch}Invoke has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: Could not send Message.



  • 6.  Re: Policy Xpress to generate SOAP Call

    Broadcom Employee
    Posted 03-30-2016 02:41 AM

    Ok. It means your settings are good for SOAP call. Next thing I would recommend is try same SOAP request from PX without any data element 



  • 7.  Re: Policy Xpress to generate SOAP Call

    Broadcom Employee
    Posted 03-30-2016 10:24 AM

    Hi Mahad Farah,

    I did not encounter any issues sending into a PX a SOAP request including data elements in my lab.

    As Praveen I suggest you to test without the data elements. Try the Test button as following:

    Edit your PX action which sends a SOAP request and since Parameters cannot contain any data elements as they cannot be evaluated within the context during the test is run,

    then replace the data elements by hard coded values into the SOAP Request Message and click on the Test button.

    Does it work?

    Philippe.



  • 8.  Re: Policy Xpress to generate SOAP Call

    Posted 03-30-2016 10:57 AM

    I've done that and I get:

    The test has failed to run with following error: "Failed running web service " which was caused by "Could not send Message.;IOException invoking https://idm-dev-it1.test.fake.org/iam/im/TEWS6/fakedev: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 503 Service Unavailable";Unable to tunnel through proxy. Proxy returns "HTTP/1.1 503 Service Unavailable"".

     

    Could it be tied to the fact that my function in the PX Action rule is: Anonymous Auth Invoke?

    In Management Console my configurations for web services is:

     

    Enable Execution

    Enable WSDL Generation

    Enable admin_id (allow impersonation)

    Admin password is required

    SiteMinder Authentication

    (None)

    Basic Authentication

    Other

    WSS Username Token (Password Text)

    Generate WSDL in WS-I form (Note: your existing TEWS code may need to be modified).

    Generate Exception when No Items are found

     



  • 9.  Re: Policy Xpress to generate SOAP Call

    Broadcom Employee
    Posted 03-30-2016 10:59 AM

    Please share your SOAP request and PX SOAP call screenshot



  • 10.  Re: Policy Xpress to generate SOAP Call
    Best Answer

    Broadcom Employee
    Posted 03-30-2016 12:26 PM

    Which version of IM are you using?


    At this point I would recommend enable "admin password is required " in management console setting and pass admin password in SOAP request from PX.



  • 11.  Re: Policy Xpress to generate SOAP Call

    Posted 03-30-2016 01:55 PM

    Where are the settings configured besides the enabling the setting in the management console?



  • 12.  Re: Policy Xpress to generate SOAP Call

    Broadcom Employee
    Posted 03-30-2016 04:24 PM

    Management console is the only place where you configure web services setting. Please try with admin password option that I suggested earlier 



  • 13.  Re: Policy Xpress to generate SOAP Call

    Posted 03-31-2016 09:15 AM

    Still no luck - thanks for your suggestions Praveen



  • 14.  Re: Policy Xpress to generate SOAP Call

    Broadcom Employee
    Posted 03-31-2016 09:49 AM

    What version of IM are you using?



  • 15.  Re: Policy Xpress to generate SOAP Call

    Posted 03-31-2016 10:07 AM

    12.6 sp5



  • 16.  Re: Policy Xpress to generate SOAP Call

    Broadcom Employee
    Posted 03-31-2016 02:37 PM

    If you still getting the error, I would say open a support ticket.



  • 17.  Re: Policy Xpress to generate SOAP Call

    Posted 04-08-2016 09:52 AM

    I was able to generate it using port 8080 and the physical address of the application server rather than the vips address I was using before; Thanks for your help Praveen.



  • 18.  Re: Policy Xpress to generate SOAP Call

    Posted 12-11-2018 03:53 PM

    Hi Mahad,

     

    Do you know why you were not able to invoke TEWS WS via application VIP? Iam also in the same situation, it works with server url (http://servername:port/iam/im//TEWS6/abc but doesnt works with IDM VIP URL. Another concern is that this is a non-secure SOAP URL. Ideally we would like the TEWS traffic to come via VIP on HTTPS  

     

    Thanks

    Abraham