CA Service Management

Team,
we're implementing an integration that uses SOAP WS API that uses a certificate.

I'm able to call the methods using SOAPUI without any problems using these settings:





But I'm not able to make any call in the ITPAM. I'm not sure where to put the certificate and the password in the ITPAM Invoke SOAP Method operator. I thought this is the right place, but it doesn't work...



I alwas get this error message:
SOAP invocation failed: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed.

Any suggestions?

Thank you,
Jakub

Hi Jakub,
First, I think you should be posting this in the ITPAM community.

I see that you have specified the path to the keystore and the password to open it but a keystore can hold many keys. I think you also need to specify the Alias of the key in the keystore.

Cheers,
Lindsay

------------------------------
Lindsay Estabrooks
Principal Consultant
IT-EDU Consultants LLC
------------------------------

Original Message:
Sent: Jan 17, 2022 02:53 AM
From: Jakub Kolacny
Subject: CA ITPAM - Invoke SOAP Method operator with .pfx certificate

Team,
we're implementing an integration that uses SOAP WS API that uses a certificate.

I'm able to call the methods using SOAPUI without any problems using these settings:





But I'm not able to make any call in the ITPAM. I'm not sure where to put the certificate and the password in the ITPAM Invoke SOAP Method operator. I thought this is the right place, but it doesn't work...



I alwas get this error message:
SOAP invocation failed: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed.

Any suggestions?

Thank you,
Jakub

Hi @Lindsay Estabrooks,
thank you for your reply. The certificate contains only one key and also for the SOAPUI the alias wasn't needed. But I've tried to fill the certificate alias to both signature and encryption parameters.

I always get an error message. 

SOAP invocation failed: Unable to encrypt the SOAP message.null

The ITPAM documentation says that this should mean I have provided a bad encryption algorithm.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/4-3-1/reference/operators-reference/operator-overview/web-services-operators/invoke-soap-method-operator.html

I tried to let the encryption algorithm blank (in this case the algorithm should be taken from the cert) and also all combinations of the algorithms PAM provides.

A friend of mine who implemented some other integrations for the same external system sent me this piece of code in Java that should do the encryption part.

Do you have any idea what should be set in PAM? Does PAM support all the encryption algorithms or is there a way how to extend the number of supported algorithms?

Thank you for your help and support,
Jakub​
Original Message:
Sent: Jan 18, 2022 01:01 PM
From: Lindsay Estabrooks
Subject: CA ITPAM - Invoke SOAP Method operator with .pfx certificate

Hi Jakub,
First, I think you should be posting this in the ITPAM community.

I see that you have specified the path to the keystore and the password to open it but a keystore can hold many keys. I think you also need to specify the Alias of the key in the keystore.

Cheers,
Lindsay

------------------------------
Lindsay Estabrooks
Principal Consultant
IT-EDU Consultants LLC

Original Message:
Sent: Jan 17, 2022 02:53 AM
From: Jakub Kolacny
Subject: CA ITPAM - Invoke SOAP Method operator with .pfx certificate

Team,
we're implementing an integration that uses SOAP WS API that uses a certificate.

I'm able to call the methods using SOAPUI without any problems using these settings:





But I'm not able to make any call in the ITPAM. I'm not sure where to put the certificate and the password in the ITPAM Invoke SOAP Method operator. I thought this is the right place, but it doesn't work...



I alwas get this error message:
SOAP invocation failed: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed.

Any suggestions?

Thank you,
Jakub

Just to update the latest status.

I gave up and implemented the calls in powershell which was quite easy.

Jakub
Original Message:
Sent: Jan 24, 2022 08:55 AM
From: Jakub Kolacny
Subject: CA ITPAM - Invoke SOAP Method operator with .pfx certificate

Hi @Lindsay Estabrooks,
thank you for your reply. The certificate contains only one key and also for the SOAPUI the alias wasn't needed. But I've tried to fill the certificate alias to both signature and encryption parameters.

I always get an error message.

SOAP invocation failed: Unable to encrypt the SOAP message.null

The ITPAM documentation says that this should mean I have provided a bad encryption algorithm.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/4-3-1/reference/operators-reference/operator-overview/web-services-operators/invoke-soap-method-operator.html

I tried to let the encryption algorithm blank (in this case the algorithm should be taken from the cert) and also all combinations of the algorithms PAM provides.

A friend of mine who implemented some other integrations for the same external system sent me this piece of code in Java that should do the encryption part.

X509Certificate2 cert = new X509Certificate2(System.Configuration.ConfigurationManager.AppSettings["cert_path"], System.Configuration.ConfigurationManager.AppSettings["cert_pwd"], X509KeyStorageFlags.MachineKeySet);

sd_tmcz.ClientCertificates.Add(cert);

System.Net.ServicePointManager.ServerCertificateValidationCallback = SDUtils.ValidateServerCertificate;

Do you have any idea what should be set in PAM? Does PAM support all the encryption algorithms or is there a way how to extend the number of supported algorithms?

Thank you for your help and support,
Jakub​
Original Message:
Sent: Jan 18, 2022 01:01 PM
From: Lindsay Estabrooks
Subject: CA ITPAM - Invoke SOAP Method operator with .pfx certificate

Hi Jakub,
First, I think you should be posting this in the ITPAM community.

I see that you have specified the path to the keystore and the password to open it but a keystore can hold many keys. I think you also need to specify the Alias of the key in the keystore.

Cheers,
Lindsay

------------------------------
Lindsay Estabrooks
Principal Consultant
IT-EDU Consultants LLC

Original Message:
Sent: Jan 17, 2022 02:53 AM
From: Jakub Kolacny
Subject: CA ITPAM - Invoke SOAP Method operator with .pfx certificate

Team,
we're implementing an integration that uses SOAP WS API that uses a certificate.

I'm able to call the methods using SOAPUI without any problems using these settings:





But I'm not able to make any call in the ITPAM. I'm not sure where to put the certificate and the password in the ITPAM Invoke SOAP Method operator. I thought this is the right place, but it doesn't work...



I alwas get this error message:
SOAP invocation failed: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed.

Any suggestions?

Thank you,
Jakub