CA Service Management

 View Only
  • 1.  CA ITPAM - Invoke SOAP Method operator with .pfx certificate

    Broadcom Employee
    Posted Jan 17, 2022 02:54 AM
    Team,
    we're implementing an integration that uses SOAP WS API that uses a certificate.

    I'm able to call the methods using SOAPUI without any problems using these settings:





    But I'm not able to make any call in the ITPAM. I'm not sure where to put the certificate and the password in the ITPAM Invoke SOAP Method operator. I thought this is the right place, but it doesn't work...



    I alwas get this error message:
    SOAP invocation failed: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed.

    Any suggestions?

    Thank you,
    Jakub



  • 2.  RE: CA ITPAM - Invoke SOAP Method operator with .pfx certificate

    Posted Jan 18, 2022 01:01 PM
    Hi Jakub,
    First, I think you should be posting this in the ITPAM community.

    I see that you have specified the path to the keystore and the password to open it but a keystore can hold many keys. I think you also need to specify the Alias of the key in the keystore.

    Cheers,
    Lindsay

    ------------------------------
    Lindsay Estabrooks
    Principal Consultant
    IT-EDU Consultants LLC
    ------------------------------



  • 3.  RE: CA ITPAM - Invoke SOAP Method operator with .pfx certificate

    Broadcom Employee
    Posted Jan 24, 2022 08:56 AM
    Hi @Lindsay Estabrooks,
    thank you for your reply. The certificate contains only one key and also for the SOAPUI the alias wasn't needed. But I've tried to fill the certificate alias to both signature and encryption parameters.

    I always get an error message.

    SOAP invocation failed: Unable to encrypt the SOAP message.null

    The ITPAM documentation says that this should mean I have provided a bad encryption algorithm.

    https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/4-3-1/reference/operators-reference/operator-overview/web-services-operators/invoke-soap-method-operator.html

    I tried to let the encryption algorithm blank (in this case the algorithm should be taken from the cert) and also all combinations of the algorithms PAM provides.

    A friend of mine who implemented some other integrations for the same external system sent me this piece of code in Java that should do the encryption part.

    X509Certificate2 cert = new X509Certificate2(System.Configuration.ConfigurationManager.AppSettings["cert_path"], System.Configuration.ConfigurationManager.AppSettings["cert_pwd"], X509KeyStorageFlags.MachineKeySet);
    sd_tmcz.ClientCertificates.Add(cert);
    System.Net.ServicePointManager.ServerCertificateValidationCallback = SDUtils.ValidateServerCertificate;
    Do you have any idea what should be set in PAM? Does PAM support all the encryption algorithms or is there a way how to extend the number of supported algorithms?

    Thank you for your help and support,
    Jakub​


  • 4.  RE: CA ITPAM - Invoke SOAP Method operator with .pfx certificate

    Broadcom Employee
    Posted 5 days ago
    Just to update the latest status.

    I gave up and implemented the calls in powershell which was quite easy.

    Jakub