Symantec IGA

Can Policy Xpress pull data from our IDM SQL db tables and create an Action Rule to execute a SOAP calls to idm to perform an admin task?

I already have working soap messages to create roles and account templates.

-Mahad

Hi Mahad Farah,

1. How to connect Policy Express to SQL Server data source and work with tables, stored procedures and functions?

Is treated into the following tech doc:
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec530732.aspx

2.

Since IM 12.6.4 Policy XPress Supports SOAP and REST Web Services.
Policy XPress is enhanced to support Web Services SOAP (with basic authentication method) and REST (with basic authentication, proxy authentication, and OAuth authentication methods) such that it can be integrated with external applications that provide a web service interface.

See https://support.ca.com/cadocs/0/CA%20Identity%20Manager%2012%206%204-ENU/Bookshelf_Files/HTML/idocs/2303074.html

Hoping that can help you.

Regards,

Philippe.

The SOAP message im trying to send is to IDM - I created three data elements and tested they all could connect but I'm having trouble setting up the action rule:

Action Rule Condition:

if one of the data elements (getDelta equals 1)

Add Action:

Category: Soap Queries

Type: Soap Queries

Funciton: Anonymous Auth Invoke

WSDL URL: https://IDMURL:443/iam/im/TEWS6/teamdev

SOAP ACtion: Left it blank

Soap version: 1.1

Soap Request Message: I put the soap message xml that I tested worked from SoapUI - starts with

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">

   <soapenv:Header/>

   <soapenv:Body>

      <wsdl:TaskContext>........

I would say first try with SOAP UI. This will make sure you have correct settings for SOAP calls.

I have - and it works in Soap UI but I think when I set the data elements in the message something breaks.

This is all I get from the error logs:

16:34:52,400 ERROR [ims.policyxpress.PxController] (ajp-/10.237.104.86:8009-2) ENVIRONMENT error occured while running flow. Throwing exception. : com.ca.identitymanager.policyxpress.exceptions.PxEnvironmentException: Failed running web service

16:34:52,383 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (ajp-/10.237.104.86:8009-2) Interceptor for {http://test/}HelloWebService#{http://cxf.apache.org/jaxws/dispatch}Invoke has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: Could not send Message.

Ok. It means your settings are good for SOAP call. Next thing I would recommend is try same SOAP request from PX without any data element 

Hi Mahad Farah,

I did not encounter any issues sending into a PX a SOAP request including data elements in my lab.

As Praveen I suggest you to test without the data elements. Try the Test button as following:

Edit your PX action which sends a SOAP request and since Parameters cannot contain any data elements as they cannot be evaluated within the context during the test is run,

then replace the data elements by hard coded values into the SOAP Request Message and click on the Test button.

Does it work?

Philippe.

I've done that and I get:

The test has failed to run with following error: "Failed running web service " which was caused by "Could not send Message.;IOException invoking https://idm-dev-it1.test.fake.org/iam/im/TEWS6/fakedev: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 503 Service Unavailable";Unable to tunnel through proxy. Proxy returns "HTTP/1.1 503 Service Unavailable"".

Could it be tied to the fact that my function in the PX Action rule is: Anonymous Auth Invoke?

In Management Console my configurations for web services is:

Please share your SOAP request and PX SOAP call screenshot

Which version of IM are you using?

At this point I would recommend enable "admin password is required " in management console setting and pass admin password in SOAP request from PX.

Where are the settings configured besides the enabling the setting in the management console?

Management console is the only place where you configure web services setting. Please try with admin password option that I suggested earlier 

Still no luck - thanks for your suggestions Praveen

What version of IM are you using?

12.6 sp5

If you still getting the error, I would say open a support ticket.

I was able to generate it using port 8080 and the physical address of the application server rather than the vips address I was using before; Thanks for your help Praveen.

Hi Mahad,

Do you know why you were not able to invoke TEWS WS via application VIP? Iam also in the same situation, it works with server url (http://servername:port/iam/im//TEWS6/abc but doesnt works with IDM VIP URL. Another concern is that this is a non-secure SOAP URL. Ideally we would like the TEWS traffic to come via VIP on HTTPS  

Thanks

Abraham