Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
615 replies Latest Post - ‏2015-04-27T17:07:57Z by gverma
gverma
gverma
233 Posts
ACCEPTED ANSWER

Pinned topic Web Services Wrappers for ITIM API

‏2008-11-04T19:54:19Z |
This thread is for questions and comments on Web Services Wrappers for ITIM API.

http://www-01.ibm.com/software/brandcatalog/portal/opal/details?catalog.label=1TW10IM12

Updated on 2013-04-05T12:36:16Z at 2013-04-05T12:36:16Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2008-12-18T09:38:47Z  in response to gverma
    Hi,

    I am currently trying to get the provided clients to work with the ITIM API WebService.
    I've installed the Web Service using the extracted option and deploying the .ear file manually as it is a clustered ITIM environment.
    the ITIMWebService.ear deploys and starts fine with no errors.

    When calling the WebService I get the following error:

    >> java.lang.InstantiationException: com.ibm.itim.ws.services.WSSessionService
    The error seems to occur when the client attempts to instantiate the WSSessionService from the factory, the code i'm using to call this is:

    >> WSSession session = sessionService.login(admin_userid, admin_password);

    I am also experiencing the same problem whether I'm using a custom axis webservice client, or the ITIM Rich Client, which leads me to believe there is something wrong with the web service itself.
    • SystemAdmin
      SystemAdmin
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2008-12-18T09:57:46Z  in response to SystemAdmin
      Full error trace:
      
      AxisFault faultCode: 
      {http:
      //schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: java.lang.InstantiationException: com.ibm.itim.ws.services.WSSessionService faultActor: faultNode: faultDetail: 
      {http:
      //xml.apache.org/axis/}hostname:ITIM5DC   java.lang.InstantiationException: com.ibm.itim.ws.services.WSSessionService at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source) at javax.xml.parsers.SAXParser.parse(Unknown Source) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) at org.apache.axis.Message.getSOAPEnvelope(Message.java:435) at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at com.ibm.itim.ws.services.WSSessionServiceSoapBindingStub.login(WSSessionServiceSoapBindingStub.java:359) at com.decipherworks.itim.ws.password.PasswordClient.main(PasswordClient.java:40)
      
  • SenKan
    SenKan
    6 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-01-26T19:57:07Z  in response to gverma
    I am getting exactly the same error while trying calling the login method of WSSessionService. Dave, if you were able to solve this prolem please let me know what was the solution to this problem.

    Code:
    =====

    ITIMWebServiceFactory webServiceFactory = new ITIMWebServiceFactory(serverAddress);
    WSSessionService sessionService = webServiceFactory.getWSSessionService();
    WSSession session = sessionService.login(userID, password); ///Error is thrown at this line.

    Error Log :
    ===========

    1/26/09 14:42:56:803 EST 000000f9 SystemErr R AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: java.lang.NullPointerException
    faultActor:
    faultNode:
    faultDetail:
    {http://xml.apache.org/axis/}hostname:<<my host name>>

    1/26/09 14:42:56:803 EST 000000f9 SystemErr R java.lang.NullPointerException
    1/26/09 14:42:56:803 EST 000000f9 SystemErr R at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
    1/26/09 14:42:56:803 EST 000000f9 SystemErr R at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
    1/26/09 14:42:56:803 EST 000000f9 SystemErr R at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown S
    ource)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.axis.client.Call.invoke(Call.java:2767)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.axis.client.Call.invoke(Call.java:2443)
    1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.axis.client.Call.invoke(Call.java:2366)
    1/26/09 14:42:56:805 EST 000000f9 SystemErr R at org.apache.axis.client.Call.invoke(Call.java:1812)
    1/26/09 14:42:56:805 EST 000000f9 SystemErr R at com.ibm.itim.ws.services.WSSessionServiceSoapBindingStub.login(WSSessionServiceSoapBindingStub.jav
    a:359)

    Any help from anyone in this forum is highly appreciated.

    Thanks.
    SenKan
  • SenKan
    SenKan
    6 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-01-26T21:24:41Z  in response to gverma
    I would like to correct my previous post. It is not exactly the same error that Dave has posted but looks like related. Both are Axis exceptions. Any help is appreciated.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-01-26T21:48:59Z  in response to SenKan
      SenKan and DaveHong,

      Could you post what version of ITIM are you deploying the Web Services Wrappers on? Please post the Websphere version as well. DaveHong mentioned he was deploying in a clustered WAS. What about SenKan's deployment?
      • gverma
        gverma
        233 Posts
        ACCEPTED ANSWER

        Test jar for testing connection to ITIM Web Services

        ‏2009-01-28T22:02:09Z  in response to gverma
        For those having connection issues when connecting to ITIM web services from a client, here is a simple self contained test jar. This test jar is for ITIM Web Services 1.2, please ensure that you have v1.2 before attempting to run this test jar. You can verify your version of ITIM Web Services as follows by navigating to webservice.properties and looking at webServices.version property. The webservice.properties file is located at

        ITIM 4.6:

        Navigate to WAS_ROOT/installedApps/NODENAME/ITIMWebServicesEAR.ear/ITIMWebServices.war/WEB-INF/classes/resourceBundle

        ITIM 5.x

        WAS_ROOT/profiles/PROFILENAME/installedApps/CELLNAME/ITIMWebServicesEAR.ear/ITIMWebServices.war/WEB-INF/classes/resourceBundle

        If you are running an older version of ITIM Web Services, this test jar will not work. You will need to upgrade to ITIM Web Services v1.2. The ITIM Web Services upgrade does not affect or upgrade the underlying ITIM product other than running on the same Websphere server.

        After ascertaining you have ITIM Web Services v1.2 installed, copy the attached testClient1.2.jar to your client system, make sure you have a JVM in your path (at least v 1.4.x for 4.6, v 1.5 for ITIM 5.x), change directory to the folder where you placed the jar file, and type

        java -jar testClient1.2.jar ServerAddress UserName Password

        where ServerAddress is the serverAddress URL of ITIM Web Services written as http://YOURHOST:YOURPORT. The UserName and Password values should be valid on ITIM. If the username or password values have spaces, enclose in double quotes.

        Please note that testClient1.2.jar is not a part of the delivery of Web Services Wrapper for ITIM, and is only provided here for testing purposes.

        Here is sample output from the testClient1.2.jar

        java -jar testClient1.2.jar http://greenserver:9080 gverma xxxxxx

        Trying connection to ITIMWebServices
        Communication successful, the ITIM Web Services Wrapper version is 1.2
        The ITIM version is 5.0
        Trying authentication for user gverma
        User id gverma logged in succesfully to http://greenserver:9080
        User name from ITIM is Girish Verma
        Trying to get list of accounts owned by Girish Verma
        Found 5 accounts for Girish Verma
        9b0123896 on service LDAP base service
        gverma on service Windows Local
        gverma on service ITIM Service
        user1 on service LDAP base service
        user2 on service LDAP base service
        End of test

        Girish.
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Test jar v 1.2.1 for testing connection to ITIM Web Services v1.2.1

          ‏2009-02-03T04:22:34Z  in response to gverma
          For those having connection issues when connecting to ITIM web services from a client, here is a simple self contained test jar. This test jar is for ITIM Web Services 1.2.1 only, please ensure that you have v1.2.1 before attempting to run this test jar. You can verify your version of ITIM Web Services as follows by navigating to webservice.properties and looking at webServices.version property. The webservice.properties file is located at

          ITIM 4.6:

          Navigate to WAS_ROOT/installedApps/NODENAME/ITIMWebServicesEAR.ear/ITIMWebServices.war/WEB-INF/classes/resourceBundle

          ITIM 5.x

          WAS_ROOT/profiles/PROFILENAME/installedApps/CELLNAME/ITIMWebServicesEAR.ear/ITIMWebServices.war/WEB-INF/classes/resourceBundle

          IMPORTANT: If the webServices.version property value is 1.2.1, please change the value to 1.21 and restart Websphere.

          If you are running an older version of ITIM Web Services, this test jar will not work. You will need to upgrade to ITIM Web Services v1.2.1. The ITIM Web Services upgrade does not upgrade the underlying ITIM product or affect it other than running on the same Websphere server.

          After ascertaining you have ITIM Web Services v1.2.1 installed, copy the attached testClient1.2.jar to your client system, make sure you have a JVM in your path (at least v 1.4.x for 4.6, v 1.5 for ITIM 5.x), change directory to the folder where you placed the jar file, and type

          java -jar testClient1.2.1.jar ServerAddress UserName Password

          where ServerAddress is the serverAddress URL of ITIM Web Services e.g. http://YOURHOST:YOURPORT. The UserName and Password values should be valid on ITIM. If the username or password values have spaces, enclose in double quotes.

          Please note that testClient1.2.1.jar is not a part of the delivery of Web Services Wrapper for ITIM API, and is only provided here for testing purposes.
          • SystemAdmin
            SystemAdmin
            233 Posts
            ACCEPTED ANSWER

            Re: Test jar v 1.2.1 for testing connection to ITIM Web Services v1.2.1

            ‏2009-02-10T23:39:10Z  in response to gverma
            Thanks Girish, the test jar is very helpful for my test on ITIM 4.6 FP40. Is it possible that you upload the source for the test jar?

            Regards,

            Jin
            • gverma
              gverma
              233 Posts
              ACCEPTED ANSWER

              Re: Test jar v 1.2.1 for testing connection to ITIM Web Services v1.2.1

              ‏2009-02-11T02:53:53Z  in response to SystemAdmin
              Jin (and anyone else who wants the source of the test client),

              The source for TestClient.java is attached. You should have all the jars from the client folder of the ITIM Web Services installation directory in your classpath when you compile / run this class. These jars are:

              axis.jar
              commons-discovery-0.2.jar
              commons-logging-1.0.4.jar
              ITIMWebServicesClient.jar
              ITIMWebServicesClientUtils.jar
              jaxrpc.jar
              saaj.jar
              wsdl4j-1.5.1.jar

              The source code of TestClient.java is provided on an AS-IS basis for reference purposes to those users who can follow it. It is not part of the delivery of Web Services Wrapper for ITIM API.
              • This reply was deleted by FR5F_Neville_Mendonca 2014-04-12T03:38:45Z. Reason for deletion: Posted at the wrong place. Will repost
    • SystemAdmin
      SystemAdmin
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-09-01T10:11:11Z  in response to SenKan
      > SenKan wrote:
      > I would like to correct my previous post. It is not exactly the same error that Dave has posted but looks like related. Both are Axis exceptions. Any help is appreciated.

      Hi SenKan, out of curiosity what was the fix for the Null Pointer error when you invoked a login via the WSSessionService ?

      > SenKan wrote:
      > ITIMWebServiceFactory webServiceFactory = new ITIMWebServiceFactory(serverAddress);
      > WSSessionService sessionService = webServiceFactory.getWSSessionService();
      > WSSession session = sessionService.login(userID, password); ///Error is thrown at this line.
      >
      > Error Log :
      > ===========
      >
      > 1/26/09 14:42:56:803 EST 000000f9 SystemErr R AxisFault
      > faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
      > faultSubcode:
      > faultString: java.lang.NullPointerException
      > faultActor:
      > faultNode:
      > faultDetail:
      > {http://xml.apache.org/axis/}hostname:<<my host name>>
      >
      > 1/26/09 14:42:56:803 EST 000000f9 SystemErr R java.lang.NullPointerException
      > 1/26/09 14:42:56:803 EST 000000f9 SystemErr R at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
      > 1/26/09 14:42:56:803 EST 000000f9 SystemErr R at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
      > 1/26/09 14:42:56:803 EST 000000f9 SystemErr R at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
      > 1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
      > 1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
      > 1/26/09 14:42:56:804 EST 000000f9 SystemErr R at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown S

      Thanks,
      Dave.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-02-21T01:00:09Z  in response to gverma
    Do you have any additional sample code that I could look at? The connectivity test is great. Currently I need to assign a uid to a TIM identity (and probably erAliases as well), then add a role to the identity (which with your prior was successful), and lastly submit a password change that synchronizes all of the accounts assigned to the TIM identity. Thanks - Matt.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-02-23T20:08:41Z  in response to SystemAdmin
      Matt,

      I also received your email with your code sample and replied to it regarding uid assignment and role / access provisioning. There was an issue in your code sample for uid modification - your code was inserting extraneous values into the DN. Removing that will fix the issue.

      If you are using Web Services Wrapper on ITIM 5.0, the download has a reference UI application called the ITIM Web Services Rich Client with complete source code. You can use this as a reference on how to use the Web Services Wrapper API. See the Design and Deployment doc for v 1.2.1, page 64 for details. You do not need to run the Rich Client application, only install it to access its source code.

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-03-03T18:53:59Z  in response to gverma
    Hi,

    I'm attempting to utilize the ITIM web services wrapper via a Netbeans project. I have no problem executing an operation such as getChallengeQuestions(), but I'm having a bit of trouble dealing with the WSSession object that is returned from login() and lostPasswordLoginDirectEntry().

    Basically, when I execute login(), passing it a valid user and password, the sessionID returned is always 0 and the clientSession is always null. What is interesting is that I can change my test user id to something non-existent and I will get a login exception, which tells me that the user is being authenticated, but something is wrong with my returned WSSession.

    I can execute a login() request with the same credentials using soapUI and I will receive a proper sessionID and clientSession, so I know that the ITIM API is properly setup.

    I know this isn't a Netbeans forum, but I will include a bit of code in case I'm doing something wrong.

    {code}
    try {
    WSSessionServiceService service = WSSessionServiceService();
    WSSessionService port = service.getWSSessionService();

    String principal = "sad4039";
    String credential = "xxxxx";

    WSSession result = port.login(principal, credential);

    System.out.println("clientSession: " + result.getClientSession()); // returns 'null'
    System.out.println("sessionID: " + result.getSessionID()); // returns 0
    System.out.println("enforceChallengeResponse: " + result.isEnforceChallengeResponse()); // returns false

    } catch (Exception ex) {
    System.out.println("ERROR: " + ex.toString());
    }
    {/code}

    Any help would be greatly appreciated.

    -Scott
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-03-05T20:11:06Z  in response to SystemAdmin
      Scott,

      The sample code you posted is not clear, e.g.

      try {
      WSSessionServiceService service = WSSessionServiceService();
      WSSessionService port = service.getWSSessionService();

      The first line you posted under the try clause is invalid, WSSessionServiceService is an interface.

      A few questions will help in getting information:
      1. Did you generate your own client stubs from the WSDL or are you using the pre-generated client supplied with the download?
      2. When you say you "I can execute a login() request with the same credentials using soapUI and I will receive a proper sessionID and clientSession", can you elaborate what API did you use?

      If you are using the pre generated Java client supplied with the web services donwload, you can leverage the web service factory class to get a web service. Add all the client jars to your application's classpath (the client jars are under the client folder where you installed/extracted the web services download). You should now be able to leverage the web services factory class to get a reference to a web service:

      Sample code
      ITIMWebServiceFactory webServiceFactory = new ITIMWebServiceFactory("http://YourHost:YourPort");
      WSSessionService sessionService = webServiceFactory.getWSSessionService();
      WSSession session = sessionService.login("username","password");
      -end sample code

      See the ITIM_WS_DOC.pdf chapter 6 for more code examples on web services. Depending on the state saving method you are using, the clientSession property of session may be null. Reference the state saving method section in the document.
      Girish.
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-03-06T14:18:48Z  in response to gverma
        Girish,

        Thank you for your reply. First things first, let me try to answer your questions. Please bear with me though, as I'm just picking this stuff up as I go along...

        1) Yes, I generated my own artifacts using the wizards provided by Netbeans, which utilize JAX_WS 2.1 (wsimport). The code I posted earlier was auto-generated by Netbeans when I dragged the login method to my code. It appears that JAX-WS generates the WSSessionServiceService as a class rather than an interface. I tested this by generating artifacts with JAX-WS from a command line (outside of Netbeans) and have posted that file to this message.

        2) soapUI (www.soapui.org) is a web service testing utility that we use extensively here. We have found that it can handle just about anything we throw at it. I just created a project pointed at the ITIM SessionService WSDL and executed the login() operation. With a valid user/pass I am able to get a sessionID and clientSession returned, something I haven't been able to do with my Netbeans stubs. I'm not sure what soapUI uses to create its artifacts, because from the user side all you provide is a WSDL location.

        I took your suggestion of trying the client jars and login worked as expected: I was able to get a session and clientSession returned to me. With that as my backup plan, I'll be doing more research and testing to try and get Netbeans/JAX-WS to work. I will post back with my results.

        -Scott
        • kkovach
          kkovach
          17 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2009-04-30T13:28:47Z  in response to SystemAdmin
          Hello Scott,

          I'm seeing the same behavior you described where I get a non-zero sessionID from the login operation with the SOAPUI utility, but a zero sessionID with the JAX-WS client created by NetBeans. I was wondering if you have a solution or any hints as to how to correct this issue with the NetBeans stubs? Thanks.

          • Kevin
  • blacksmith
    blacksmith
    3 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-03-26T13:51:42Z  in response to gverma
    Hi really nice work on this. It was much needed and is much appreciated!

    My question is in regard to setting a user defined challenge response question and answer using the ITIM webservices. I understand that WSChallengeResponseInfo()can bring back the CR information that has already been set. And that a defined answer can be pulled back and evaluated against user input. What is not immediately apparent is if I actually set challenge question and answer. Is there method for this using the webservice wrappers? I'm sure there must be, I'm perhaps not looking in the right place? If not, knowing that would be great so as I don't waste a bunch of time trying to force something that won't work :)

    Again, really nice job and thanks for the effort!
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-03-26T15:34:09Z  in response to blacksmith
      Pat,

      Yes, you can set a user's challenge questions and answers using the ITIM Web Services. This is System User (ITIM account) information, and you can use the WSSystemUserService's setChallengeResponseInfo method. It inputs an array of WSChallengeResponseInfo objects that contain the new question answer pairs. See the Javadoc for WSSystemUserService for method signatures.

      Girish.
      • blacksmith
        blacksmith
        3 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-04-06T13:51:09Z  in response to gverma
        Girish,

        Thank you for the response. I didn't make myself clear in the first message (my apologies). At issue is the capability to set a challenge response question and answer on behalf of the user as the itim admin principal. The webservices call will be made outside the user web session context, even though we are using TAM in a SSO configuration to ITIM, we have no means of offering the principal name AND credential in the subsequent WSSystemUserService constructor, nor withing the SetChallengeResponseQuestion method specifically. If we had a mechanism like string personDN = "something" such as is offered within getSystemUserforPerson this could probably be done, but it doesn't look as though SetChallengeResponseQuestion can work that way.

        To boil all this down, we are looking for a way to set the user Challenge Response question and answer on behalf of the user using the ITIM administrator prinicpal using the webservices. If you could let me know if this is possible I would be grateful. Thank you again for the hard work on this and taking the time to answer my questions...

        Pat
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2009-04-06T16:53:38Z  in response to blacksmith
          If ITIM is SSO enabled and protected behind TAM, and the real user is available in the HTTP headers (inserted by TAM), your client app can extract the real userid from the HTTP headers and use it create a web services session by supplying the real userid as the principal with a null credential. Use this WS session to create the password challenge questions. This behavior is similar what you would see using the ITIM Java API in an SSO enabled ITIM. BTW, if you have ITIM in an SSO configuration protected behind TAM, then protect ITIM Web Services URLs also behind TAM to complete your security model.

          The newer version of ITIM Web Services (v1.3) which will be released on OPAL in about two months can be configured to automatically extract TAM header variables to retrieve the userid and establish a web services session. Backward compatibility will be maintained with v1.21.
          • blacksmith
            blacksmith
            3 Posts
            ACCEPTED ANSWER

            Re: Web Services Wrappers for ITIM API

            ‏2009-04-06T18:46:32Z  in response to gverma
            Girish,

            Thank you again for the reply! We are proceeding as you have suggested and will be trying again presently. I look forward to the next version of the ITIM webservices as this implementation has proven invaluable to both my team and the customer we are working at!

            Pat
            • gverma
              gverma
              233 Posts
              ACCEPTED ANSWER

              Re: Web Services Wrappers for ITIM API

              ‏2009-04-06T22:29:39Z  in response to blacksmith
              Pat,

              Can you email me at gverma@us.ibm.com?

              Girish.
      • RiyaKhanna
        RiyaKhanna
        2 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2013-05-24T05:20:01Z  in response to gverma

        Hi Girish,

        I am facing problem retrieving user defined challenges using ITIM WebServices API.The situation is that the itim administrator earlier had defined 2 as the Number of challenges user must define,so user already has answered 2 questions.But now it is changed to three.So,if we use getChallengeQuestions() method it returns null since I guess it only gives the challenge response answers once all are set.In ITIM 4.6 APIs we used to get the earlier set challenges using

        challengeresponses = challengeResponseManager.getChallengesAndResponses();

        userChallenges = challengeresponses.getChallenges();
         

        So,is there any way to get the user-defined challenges using ITIM Web Services API?

         

         

  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-04-07T14:14:50Z  in response to gverma
    Is it possible to setup security for ITIM Web Service only Authenticated users should have access to the ITIM webservice which is deployed in WAS?
    Please let me know if anyone modified ITIM webservice to configure security.

    Thanks in advance.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-04-07T15:44:35Z  in response to SystemAdmin
      srpt -

      Point # 3 below has a link that shows how to setup security using Tivoli Access Manager without requiring any change in the web services server side code. Points 1 and 2 have additional info on the ITIM Web Services security setup.

      1. ITIM Web Service uses a threaded conversation model which requires the client to first establish a session by authenticating to ITIM via the session service, and to subsequently use the session handle in all subsequent web services calls. Calls without a valid session will throw an exception. The only exceptions to this are calls to methods that return the version info, or password challenge related calls which are an alternate authentication mechanism.

      2. You can secure ITIM Web Services behind Tivoli Access Manager so that unauthenticated users will cause an ITAM challenge that is not expected by the client, resulting in an exception and access denial.

      3. You can secure ITIM Web Services using Tivoli Access Manager so that the WS client can supply TAM credentials to gain access to the web services. There is a developerWorks article at http://www.ibm.com/developerworks/tivoli/library/t-ssl/ that describes this. Note that you will need to install and configure TAM and SSL which is beyond the scope of this forum.

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-04-08T04:38:20Z  in response to gverma
    I deployed ITIM WebService wrapper in WAS along with ITIM API.I am invoking the ITIM WebServices Wrapper using plain java code and in the same code I am getting the pricipal by calling ITIM API. I secured the ITIM WebService so that only authenticated users have access to invoke it. I modified the itimconnection.properties and WebService.properties files so that it will overwrite enRole.properties file. When I use blank id as ejbuser.principal value in itimconnection.properties file, getting an exception saying user guest not found. I wonder from where guest user is coming from?Is there a way so that I can use thread Id which is coming from the java client to pass it to ITIM API?

    Thanks in advance.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-04-08T14:12:35Z  in response to SystemAdmin
      srpt,

      Your post is not very clear on your setup whether you are using the ITIM API or Web Services or both. When you say "When I use blank id as ejbuser.principal value in itimconnection.properties file, getting an exception saying user guest not found", what are you using when the error occurs?

      Is there a specific reason why you decided to use your own itimConnection.properties instead of enRole.properties - do you need different values for the properties that are not specified by enRole.properties? If your WAS is security enabled, you need to specify enrole.appServer.ejbuser.principal and credential property values. In most cases your enRole.properties and itimConnection.properties should have the same property values.

      Your last point "Is there a way so that I can use thread Id which is coming from the java client to pass it to ITIM API?" - the web services client is running in your local JVM, not the ITIM websphere JVM, so each has its own threads. You can reuse the authenticated Subject object between your web services session and ITIM API calls by reusing the clientSession property of the WSSession object. You will also need to modify webservice.properties to set the webServices.encryptClientState to false and webServices.stateSavingMethod to client. I would not recommend this since it passes unencrypted authenticated objects over your network, unless you have established HTTPS as your web service protocol. Send me an email at gverma@us.ibm.com to describe your scenario.

      You should consider sending a request on this forum to include whatever you are using via the ITIM API into the Web Services Wrapper, this may eliminate your need to use both.

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-04-20T12:53:00Z  in response to gverma
    Hi,

    I am trying to develop a custom WebService to be able to read locale specific challenge questions. Below the steps implemented.

    Step 1: A java class with a method that uses API to read locale specific challenge questions.
    Step 2: The API method requires us to pass platform and subject.
    Step 3: Needed WSPlatformContext and WSUtils classes for getting platform and subject respectively.
    Step 4: So i have bundled their classes as jar and placed in lib.(Classes obtained from ITIMWebservicesEar.ear, which we got after installing the ITIM5_WS1.2.1_Installer)
    Step 5: Through WSSessionservice, got the session and have used this session to get subject. but failing with InvocationTargetException.
    Step 6: Able to set the env through itimconnection.properties(placed under src in my RAD workspace). It is failing to get the platformcontext.

    Attached my source code.
    IWAV0055I Java Bean com.michelin.itim.ws.WSLogin started with the main method
    Inside readchallengequestions............
    sessioncom.ibm.itim.ws.model.WSSession@3154836f
    env{enrole.appServer.ejbuser.credentials=Wipro123, enrole.appServer.url=iiop://10.145.174.251:2809, enrole.platform.contextFactory=com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory, enrole.appServer.ejbuser.principal=itim manager}
    Logging configuration file is not found. All the logging information will be sent to the console.
    2009-04-20 17:13:44.187+05:30 com.ibm.itim.util.I18NMessage <init>(Locale, String) D-182699 IP Error loading I18NMessage.
    java.util.MissingResourceException: Can't find bundle for base name tmsMessages, locale en_US
    at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:853)
    at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:822)
    at java.util.ResourceBundle.getBundle(ResourceBundle.java:593)
    at com.ibm.itim.util.I18NMessage.<init>(I18NMessage.java:175)
    at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:126)
    at com.ibm.itim.exception.ITIMException.getLocalizedMessage(ITIMException.java:100)
    at java.lang.Throwable.toString(Throwable.java:284)
    at java.lang.Throwable.printStackTrace(Throwable.java:220)
    at com.ibm.itim.exception.ITIMException.printStackTrace(ITIMException.java:172)
    at com.ibm.itim.exception.ITIMException.printStackTrace(ITIMException.java:165)
    at com.ibm.itim.ws.util.WSPlatformContext.getInstance(WSPlatformContext.java:62)
    at com.michelin.itim.ws.WSLogin.readChallengeQuestions(WSLogin.java:80)
    at com.michelin.itim.ws.WSLogin.main(WSLogin.java:43)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:615)
    at org.eclipse.ve.internal.java.vce.launcher.remotevm.JavaBeansLauncher.main(JavaBeansLauncher.java:79)

    2009-04-20 17:13:44.203+05:30 com.ibm.itim.util.I18NMessage getResourceBundle D-182699 IP Error loading resource bundle.
    java.util.MissingResourceException: Can't find bundle for base name tmsMessages, locale en_US
    at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:853)
    at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:743)
    at java.util.ResourceBundle.getBundle(ResourceBundle.java:593)
    at com.ibm.itim.util.I18NMessage.getResourceBundle(I18NMessage.java:480)
    at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:355)
    at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:322)
    at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:127)
    at com.ibm.itim.exception.ITIMException.getLocalizedMessage(ITIMException.java:100)
    at java.lang.Throwable.toString(Throwable.java:284)
    at java.lang.Throwable.printStackTrace(Throwable.java:220)
    at com.ibm.itim.exception.ITIMException.printStackTrace(ITIMException.java:172)
    at com.ibm.itim.exception.ITIMException.printStackTrace(ITIMException.java:165)
    at com.ibm.itim.ws.util.WSPlatformContext.getInstance(WSPlatformContext.java:62)
    at com.michelin.itim.ws.WSLogin.readChallengeQuestions(WSLogin.java:80)
    at com.michelin.itim.ws.WSLogin.main(WSLogin.java:43)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:615)
    at org.eclipse.ve.internal.java.vce.launcher.remotevm.JavaBeansLauncher.main(JavaBeansLauncher.java:79)

    IWAV0052E Invocation Target Exception creating com.michelin.itim.ws.WSLogin
    java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:615)
    at org.eclipse.ve.internal.java.vce.launcher.remotevm.JavaBeansLauncher.main(JavaBeansLauncher.java:79)
    Caused by: java.lang.NullPointerException
    at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:360)
    at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:322)
    at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:127)
    at com.ibm.itim.exception.ITIMException.getLocalizedMessage(ITIMException.java:100)
    at java.lang.Throwable.toString(Throwable.java:284)
    at java.lang.Throwable.printStackTrace(Throwable.java:220)
    at com.ibm.itim.exception.ITIMException.printStackTrace(ITIMException.java:172)
    at com.ibm.itim.exception.ITIMException.printStackTrace(ITIMException.java:165)
    at com.ibm.itim.ws.util.WSPlatformContext.getInstance(WSPlatformContext.java:62)
    at com.michelin.itim.ws.WSLogin.readChallengeQuestions(WSLogin.java:80)
    at com.michelin.itim.ws.WSLogin.main(WSLogin.java:43)
    ... 5 more
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-04-20T13:58:45Z  in response to SystemAdmin
      Pavithra,

      You are mixing web services server side code in your own client class. The WSUtils class is not published for use as you have used it - it has dependencies on web services server side properties files as well as ITIM server. The session object you are tying to access is on the web services server, not on your client, you only have the handle to it. The class cannot be dropped as a standalone into a client classpath. The same applies to the WSPlatformContext class which is an internal webservices server class.

      It looks like your intention is to use both the web services and regular ITIM API from your client, and you want to share a common Subject object for both API calls. Look at my post in response to "srpt" where the last paragraph discusses sharing a Subject between web services and ITIM API. The relevant section is

      "You can reuse the authenticated Subject object between your web services session and ITIM API calls by reusing the clientSession property of the WSSession object. You will also need to modify webservice.properties to set the webServices.encryptClientState to false and webServices.stateSavingMethod to client. I would not recommend this since it passes unencrypted authenticated objects over your network, unless you have established HTTPS as your web service protocol. "

      You can either use the above approach, or establish a new Subject for your ITIM API calls using the same credential that you use for web services session.

      ITIM Web Services v1.3 (to be released in about 6 weeks) will include support for passing in a client locale.

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-04-21T05:04:36Z  in response to gverma
    Hi,

    Thanks for suggestion. I have removed the unwanted classes from clientside and made changes in webservices.properties. Once i removed the WSUtils and WSPlatformContext, am unable to use these lines of code.
    PlatformContext platform = WSPlatformContext.getInstance();
    Subject subject = WSUtils.getSubjectFromSession(session);

    So i have modified my code to get the Platform through ITIM API.
    Attached the source code. Below the error in getting platform. Please suggest.
    If possible please send me a sample code for getting platform using itimwebservices to my maid id: padmashani.vidya@wipro.com

    IWAV0055I Java Bean com.michelin.itim.ws.WSLogin started with the main method
    Inside getPlatform..............
    appServerURLiiop://10.145.174.251:2809
    ejbUseritim manager
    platformContextFactorycom.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory
    ejbPwdWipro123
    env{enrole.appServer.ejbuser.credentials=Wipro123, enrole.appServer.url=iiop://10.145.174.251:2809, enrole.platform.contextFactory=com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory, enrole.appServer.ejbuser.principal=itim manager}
    IWAV0052E Invocation Target Exception creating com.michelin.itim.ws.WSLogin
    java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:615)
    at org.eclipse.ve.internal.java.vce.launcher.remotevm.JavaBeansLauncher.main(JavaBeansLauncher.java:79)
    Caused by: Logging configuration file is not found. All the logging information will be sent to the console.
    2009-04-21 10:01:45.031+05:30 com.ibm.itim.util.I18NMessage <init>(Locale, String) D-182699 IP Error loading I18NMessage.
    java.util.MissingResourceException: Can't find bundle for base name tmsMessages, locale en_US
    at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:853)
    at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:822)
    at java.util.ResourceBundle.getBundle(ResourceBundle.java:593)
    at com.ibm.itim.util.I18NMessage.<init>(I18NMessage.java:175)
    at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:126)
    at com.ibm.itim.exception.ITIMException.getLocalizedMessage(ITIMException.java:100)
    at java.lang.Throwable.toString(Throwable.java:284)
    at java.lang.String.valueOf(String.java:1475)
    at com.ibm.jvm.io.ConsolePrintStream.getNewlinedString(ConsolePrintStream.java:339)
    at com.ibm.jvm.io.ConsolePrintStream.getNewlinedString(ConsolePrintStream.java:323)
    at com.ibm.jvm.io.ConsolePrintStream.println(ConsolePrintStream.java:313)
    at java.lang.Throwable.printStackTrace(Throwable.java:231)
    at java.lang.Throwable.printStackTrace(Throwable.java:172)
    at org.eclipse.ve.internal.java.vce.launcher.remotevm.JavaBeansLauncher.main(JavaBeansLauncher.java:101)

    2009-04-21 10:01:45.046+05:30 com.ibm.itim.util.I18NMessage getResourceBundle D-182699 IP Error loading resource bundle.
    java.util.MissingResourceException: Can't find bundle for base name tmsMessages, locale en_US
    at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:853)
    at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:743)
    at java.util.ResourceBundle.getBundle(ResourceBundle.java:593)
    at com.ibm.itim.util.I18NMessage.getResourceBundle(I18NMessage.java:480)
    at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:355)
    at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:322)
    at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:127)
    at com.ibm.itim.exception.ITIMException.getLocalizedMessage(ITIMException.java:100)
    at java.lang.Throwable.toString(Throwable.java:284)
    at java.lang.String.valueOf(String.java:1475)
    at com.ibm.jvm.io.ConsolePrintStream.getNewlinedString(ConsolePrintStream.java:339)
    at com.ibm.jvm.io.ConsolePrintStream.getNewlinedString(ConsolePrintStream.java:323)
    at com.ibm.jvm.io.ConsolePrintStream.println(ConsolePrintStream.java:313)
    at java.lang.Throwable.printStackTrace(Throwable.java:231)
    at java.lang.Throwable.printStackTrace(Throwable.java:172)
    at org.eclipse.ve.internal.java.vce.launcher.remotevm.JavaBeansLauncher.main(JavaBeansLauncher.java:101)

    Exception in thread "main" java.lang.NullPointerException
    at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:360)
    at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:322)
    at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:127)
    at com.ibm.itim.exception.ITIMException.getLocalizedMessage(ITIMException.java:100)
    at java.lang.Throwable.toString(Throwable.java:284)
    at java.lang.String.valueOf(String.java:1475)
    at com.ibm.jvm.io.ConsolePrintStream.getNewlinedString(ConsolePrintStream.java:339)
    at com.ibm.jvm.io.ConsolePrintStream.getNewlinedString(ConsolePrintStream.java:323)
    at com.ibm.jvm.io.ConsolePrintStream.println(ConsolePrintStream.java:313)
    at java.lang.Throwable.printStackTrace(Throwable.java:231)
    at java.lang.Throwable.printStackTrace(Throwable.java:172)
    at org.eclipse.ve.internal.java.vce.launcher.remotevm.JavaBeansLauncher.main(JavaBeansLauncher.java:101)
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-04-21T14:40:38Z  in response to SystemAdmin
      Pavithra,

      You are asking me to look at your custom code that is not web services related. Let us limit this forum to discussing ITIM Web Services related topics. There are plenty of examples in the ITIM_HOME/extensions directory that have the code to create a PlatformContext to ITIM and create an authenticated Subject. Look at ITIM_HOME/extensions/examples/apps/src/examples/api directory, the Utils class has sample source code. You need to create a PlatformContext from your client's environment to ITIM using the JAAS framework if you want to use the ITIM API.

      To reiterate, WSPlatformContext and WSUtils are internal ITIM Web Services classes meant to be deployed on the ITIM Web Services server, not on the Web Services client. That is the reason they are not published as client classes.

      I have been getting some input from other developers in setting up a mechanism to share the authenticated Subject. Let me know if you need more information on this specific topic.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-04-21T13:40:48Z  in response to gverma
    Girish,

    We are planning to develop some custom webservice wrappers for ITIM Org API and deploy it as a separate ear file on the ITIM WAS. In some scenarios , we may end up using both custom Web Services and IBM ITIM Web Services as well and got a question on session usage.

    What is the recommended approach to share the authenticated session(i.e WSSession) between IBM ITIM Web Services and Custom Web Services ? Shall we use the same approach that you suggested to share the session between Web Service Calls and ITIM API? Or any new approach ?

    Thanks
    Nagendra
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-04-21T14:46:50Z  in response to SystemAdmin
      Nagendra,

      There is no "recommended" way to share the WSSession object between ITIM Web Services and any custom code you write. Remember that the WSSession object may only be a handle to a session object on the ITIM Web Services server, so your app has no visibility to it. Your custom app will have to setup its own PlatformContext to ITIM. You may be able to share the Subject using the approach I outlined earlier in response to "srpt"'s post. Send me an email at gverma@us.ibm.com if you need more info on that.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Web Services Wrappers for ITIM API

    ‏2009-04-28T05:07:07Z  in response to gverma
    Hi,

    I am trying to use the ITIM Web Services to change password. When the new password does not meet the Password Policy , i need to dispaly the error message to the calling application(It is a Portal Application in my case).

    I have a requirement to display language specific messages in the Portal Application.

    The ITIM GUI is able to retrieve messages in French,etc. I need to be able to do the same using ITIM Web Services.
    Can you suggest on what I should be doing?
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-04-28T12:45:22Z  in response to SystemAdmin
      RVP,

      ITIM Web Services 1.21 does not have language support, it defaults to English. Web Services 1.3 scheduled to release in 6 - 8 weeks will offer setting your client Locale to a supported language.

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-04-28T11:31:56Z  in response to gverma
    Hi,

    I am exploring the WebService call from the test client API that has been posted on this thread. Here are the steps that I followed:

    1. Installed ITIM5.0
    2. Installed ITIM5.0 WebService wrapper.
    3. Copied the TestClient zip file and ran the command: java -jar testClient1.2.jar http://xxxserver:9080 "ITIM Manager" xxxxxx

    I am getting the following error stack.

    ========================================================
    Apr 28, 2009 6:46:20 AM org.apache.axis.client.Call invoke
    SEVERE: Exception:
    org.xml.sax.SAXException: Invalid element in com.ibm.itim.ws.model.WSSession - clientSession
    at org.apache.axis.encoding.ser.BeanDeserializer.onStartChild(BeanDeserializer.java:258)
    at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)
    at org.apache.axis.message.SAX2EventRecorder.replay(SAX2EventRecorder.java:165)
    at org.apache.axis.message.MessageElement.publishToHandler(MessageElement.java:1141)
    at org.apache.axis.message.RPCElement.deserialize(RPCElement.java:236)
    at org.apache.axis.message.RPCElement.getParams(RPCElement.java:384)
    at org.apache.axis.client.Call.invoke(Call.java:2467)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at com.ibm.itim.ws.services.WSSessionServiceSoapBindingStub.login(WSSessionServiceSoapBindingStub.java:733)
    at com.ibm.itim.ws.test.TestClient.main(TestClient.java:68)
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: org.xml.sax.SAXException: Invalid element in com.ibm.itim.ws.model.WSSession - clientSession
    faultActor:
    faultNode:
    faultDetail:
    {http://xml.apache.org/axis/}stackTrace:org.xml.sax.SAXException: Invalid element in com.ibm.itim.ws.model.WSSession - clientSession
    at org.apache.axis.encoding.ser.BeanDeserializer.onStartChild(BeanDeserializer.java:258)
    at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)
    at org.apache.axis.message.SAX2EventRecorder.replay(SAX2EventRecorder.java:165)
    at org.apache.axis.message.MessageElement.publishToHandler(MessageElement.java:1141)
    at org.apache.axis.message.RPCElement.deserialize(RPCElement.java:236)
    at org.apache.axis.message.RPCElement.getParams(RPCElement.java:384)
    at org.apache.axis.client.Call.invoke(Call.java:2467)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at com.ibm.itim.ws.services.WSSessionServiceSoapBindingStub.login(WSSessionServiceSoapBindingStub.java:733)
    at com.ibm.itim.ws.test.TestClient.main(TestClient.java:68)

    {http://xml.apache.org/axis/}hostname:itimserver

    org.xml.sax.SAXException: Invalid element in com.ibm.itim.ws.model.WSSession - clientSession
    at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
    at org.apache.axis.client.Call.invoke(Call.java:2470)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at com.ibm.itim.ws.services.WSSessionServiceSoapBindingStub.login(WSSessionServiceSoapBindingStub.java:733)
    at com.ibm.itim.ws.test.TestClient.main(TestClient.java:68)
    Caused by: org.xml.sax.SAXException: Invalid element in com.ibm.itim.ws.model.WSSession - clientSession
    at org.apache.axis.encoding.ser.BeanDeserializer.onStartChild(BeanDeserializer.java:258)
    at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)
    at org.apache.axis.message.SAX2EventRecorder.replay(SAX2EventRecorder.java:165)
    at org.apache.axis.message.MessageElement.publishToHandler(MessageElement.java:1141)
    at org.apache.axis.message.RPCElement.deserialize(RPCElement.java:236)
    at org.apache.axis.message.RPCElement.getParams(RPCElement.java:384)
    at org.apache.axis.client.Call.invoke(Call.java:2467)
    ... 4 more
    ========================================================

    If I give wrong password, it throws "com.ibm.itim.ws.exceptions.WSInvalidLoginException: Login failed for user ITIM Manager: The information used to login is not correct.", that means the client is trying to authenticate, however could not able to start a session.

    Can any one on this forum help me, where the error could be?

    Thanks,
    Chandra.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-04-28T13:02:30Z  in response to SystemAdmin
      Chanquin,

      You used the wrong version of the client jar to connect to ITIM Web Services. This thread has test client jars for v1.2 (old) and v1.2.1. The current version of ITIM Web Services (if you downloaded after Jan 29, 2009) on OPAL is v1.2.1. On page 1 of this forum thread, look for the post titled "Test jar v 1.2.1 for testing connection to ITIM Web Services v1.2.1". Use the testClient1.2.1.jar attached to that post to run your test.

      Girish.
  • kkovach
    kkovach
    17 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-04-29T18:31:30Z  in response to gverma
    So, I've gone ahead and installed the latest ITIM Web Services API on a test system so I can take it for a spin. The installation seems to have gone well. I'm able to see a wsdl file at http://host:9080/ITIMWebServices/services/WSSessionService?wsdl I was able to get the testClient1.2.1jar to work.

    Next, I went ahead and create a simple Java application with a JAX-WS web service client using that wsdl URL, and tried to login through the web service with the following code...

    
    WSSessionServiceService manager = 
    
    new WSSessionServiceService(); WSRequestServiceService requestService = 
    
    new WSRequestServiceService(); WSSession session = 
    
    null; ArrayList<WSRequest> requests = 
    
    null; 
    
    try 
    { log.debug(
    "Logging into ITIM through web services api..."); session = manager.getWSSessionService().login(
    "uid", 
    "password"); log.debug(
    "Logged in! Session: " + session.getSessionID()); requests = (ArrayList<WSRequest>) requestService.getWSRequestService().getPendingRequests(session); 
    } 
    
    catch (WSInvalidLoginException ex) 
    { log.error(ex.getMessage()); 
    } 
    
    catch (WSLoginServiceException ex) 
    { log.error(ex.getMessage()); 
    } 
    
    catch (WSApplicationException ex) 
    { log.error(ex.getMessage()); 
    }
    

    The call to the login method runs without error, but the subsequent call to the getPendingRequest(session) method throws the following exception...

    com.ibm.itim.ws.exceptions.WSInvalidSessionException: getSubjectFromSession: Credentials not found in session, Please login

    Admittedly, I am not a web services expert. I'm using NetBeans to help me create the web service client. It seems to have gone smoothly outside the WSApplicationException.

    Any hints or tips would be appreciated. Thanks.
    • kkovach
      kkovach
      17 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-04-29T20:01:21Z  in response to kkovach
      I have a little more information that might help.

      I've loaded up a packet sniffer to watch the HTTP traffic, and it looks like I am actually getting a non-zero session ID returned to me <sessionID>-2378654898939900955</sessionID>, but when I try and print the session ID it looks like its 0. I'm not sure why that might be?
      • gverma
        gverma
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-04-29T21:48:56Z  in response to kkovach
        Kevin,

        I also replied to your email sent to my colleagues. I am repeating some of the response here for anyone else having similar issues:

        The Java stubs generated by NetBeans JAX-WS tooling from WSDL seem to be generating the SOAP request or parsing the SOAP response differently. Another user (unless it was you) reported that he could use soapUI client, and the pre generated Java client that ships with ITIM Web Services with no issues but encountered the same issue as yours when using stubs generated by NetBeans JAX-WS. I think he determined that the session id was parsed as zero. I don't have a NetBeans environment, and different web services tools have their own quirks in consuming / producing WSDL even though it is a standard. You should try and reply to the other user "srd74" whose posts appear on page 1 of the thread.

        Girish.
        • elibor
          elibor
          4 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2009-05-26T19:19:48Z  in response to gverma
          Hello Forum,
          Just started developing the WS ITIM client, which is ITDI Assembly Line. I am having the same issue with WSDL generated SOAP requests. I am looking for a solution on "No credentials" issue. I found that this problem is only with WSAccountService/creatAccount operation calls. All other work fine. The error I am getting is: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server.userException</faultcode><faultstring>com.ibm.itim.ws.exceptions.WSInvalidSessionException: getSubjectFromSession: Credentials not found in session, Please login</faultstring><detail><ns1:fault xmlns:ns1="http://services.ws.itim.ibm.com"/><ns2:hostname xmlns:ns2="http://xml.apache.org/axis/">idmdevw.wellsfargo.com</ns2:hostname></detail></soapenv:Fault></soapenv:Body>

          I found several solutions and examples when you need to incorporate credentials into your SOAP envelope Header. Do we know why? I tried this approach also, but I am not sure that I understand it or I am doing it right in case of using call to the ITIM WS wrapper.
          I am looking for any possible feedbacks or help on this matter at this point. Thank you.

          Eli Borovikov
          • gverma
            gverma
            233 Posts
            ACCEPTED ANSWER

            Re: Web Services Wrappers for ITIM API

            ‏2009-05-26T19:57:53Z  in response to elibor
            Eli,

            You don't need to incorporate credentials in the SOAP envelope header, since ITIM Web Services uses a session parameter in its calls, unless you have modified the deployment in some way to use WS Security.

            Are you deploying ITIM WS to a Websphere cluster? Change the state saving mechanism to client and see if that solves your issue. See section 5.2.2 in the ITIM Web Services Solution and Deployment Guide (ITIM_WS_Doc.pdf) for details on how to do this. Post back if you are still having the same issue.

            Girish.
            • elibor
              elibor
              4 Posts
              ACCEPTED ANSWER

              Re: Web Services Wrappers for ITIM API

              ‏2009-05-27T04:01:48Z  in response to gverma
              Girish,
              Thank you for your fast response. I am not using a Websphere cluster environment or WS security configuration in my testing. I also tried to change the state saving mechanism as you suggested. I tried all three - server, client and stateless, but I am still getting the same error in the request response. Any other suggestions are welcome. Could it be if WS wrapper version ids too old?
              Thank you.
              • gverma
                gverma
                233 Posts
                ACCEPTED ANSWER

                Re: Web Services Wrappers for ITIM API

                ‏2009-05-27T12:57:36Z  in response to elibor
                Eli,

                Is the Invalid Session error occuring only on the createAccount call or on all calls? Send me your ITDI config file at gverma@us.ibm.com.
                • elibor
                  elibor
                  4 Posts
                  ACCEPTED ANSWER

                  Re: Web Services Wrappers for ITIM API

                  ‏2009-05-27T17:13:54Z  in response to gverma
                  Girish,
                  It is only with the createAccount call. All others are working fine. I also try soapUI, and it is the same error, and it is only for accountCreate. I am sending my .xml and log file to you right now. Thank you.
                  • SystemAdmin
                    SystemAdmin
                    233 Posts
                    ACCEPTED ANSWER

                    Re: Web Services Wrappers for ITIM API

                    ‏2009-06-12T14:04:18Z  in response to elibor
                    Hi Girish,

                    I’d like to :
                    - be able to request some ITIM Relevant Data from the activity process ID (in a pending workflow), through Web Services.
                    - get these Relevant Data, do the job, then set some other Relevant Data to the workflow, through Web Services.

                    Do you intend to expose such ITIM workflow API with future versions of ITIM Web Services ?

                    Thank you.

                    Regards,
                    Vanik
                    • gverma
                      gverma
                      233 Posts
                      ACCEPTED ANSWER

                      Re: Web Services Wrappers for ITIM API

                      ‏2009-06-12T14:31:41Z  in response to SystemAdmin
                      Vanik,

                      The immediate next release v1.3 which is ready for release pending licensing reviews does not expose ITIM Relevant Data from workflow processes.

                      I will add your request to the enhancements queue.

                      Girish.
                      • SystemAdmin
                        SystemAdmin
                        233 Posts
                        ACCEPTED ANSWER

                        Re: Web Services Wrappers for ITIM API

                        ‏2009-06-12T14:42:39Z  in response to gverma
                        Hi Girish,

                        Thank you for the quick answer and for adding this to your queue.
                        Is there any release date as far as release 1.3 is concerned?

                        Thanks!

                        Regards,
                        Vanik
                        • gverma
                          gverma
                          233 Posts
                          ACCEPTED ANSWER

                          Re: Web Services Wrappers for ITIM API

                          ‏2009-06-12T14:46:31Z  in response to SystemAdmin
                          This part of the release process typically takes 4 - 6 weeks. It could be earlier but unlikely. I will post to this forum as soon as it is released.

                          Girish.
                          • SystemAdmin
                            SystemAdmin
                            233 Posts
                            ACCEPTED ANSWER

                            Re: Web Services Wrappers for ITIM API- How to use it from the .NET world?

                            ‏2009-06-16T14:43:13Z  in response to gverma
                            Folks,
                            I have tried to access the 'Web Services Wrappers for ITIM API' from the .NET world or using .NET technologies as in VS studio 2008/2005 and here is what I have found or learnt:

                            You could make 'Web Services Wrappers for ITIM API' work for you in the .NET world by tweaking of the WSDL files.

                            for framework 3.0/3.5 :

                            Here is what I did on 'Girish's' advice or example code sent on the same

                            Step 1. Import the WSDL file on the server(URL) from the project you would like to use the service from
                            as "Service reference'.(Web reference still available in VS2008 but under 'Advanced' tab-and will not work
                            this way)

                            Step 2. I try to use the function or methods in the 'Service reference1'or 'Web Services Wrappers for ITIM API'
                            just added in my code as below in my C# project

                            ServiceReference1.WSPerson[] persons;

                            ServiceReference1..WSItimServiceService service = new WSItimServiceService();

                            ServiceReference1.WSSession session = new WSSession();

                            /* create a session using the generic user and the pwd */

                            session = service.login("XXXXX", "YYYYY");
                            persons = service.searchPersonsFromRoot(session, uid, null);

                            Step 3. Compile the project or "Build' or 'Rebuild' the project and you would get '464' Errors
                            How many ? '464'
                            of the type below

                            The type 'CCSecurityMgr.ServiceReference1.WSSession' already contains a definition
                            for 'enforceChallengeResponseField' C:\Documents and Settings\AX0153\My Documents\Visual Studio 2008
                            \Projects\CCSecurityMgr\Backup\CCSecurityMgr\Service References\ServiceReference1\Reference.cs'

                            Step 4. In VS 2008/2005 click on the error and it will take you to a 'Partial class' by the name 'WSSession' as
                            in the name of the error.

                            Step 5. Comment out the code for the 'Partial class' 'WSSession' as below
                            /// <remarks/>
                            /*
                            http://System.SerializableAttribute()
                            http://System.Diagnostics.DebuggerStepThroughAttribute()
                            public partial class WSSession : object, System.ComponentModel.INotifyPropertyChanged {

                            private bool enforceChallengeResponseField;

                            private long sessionIDField;

                            /// <remarks/>
                            http://System.Xml.Serialization.XmlElementAttribute(Order=0)
                            public bool enforceChallengeResponse {
                            get {
                            return this.enforceChallengeResponseField;
                            }
                            set {
                            this.enforceChallengeResponseField = value;
                            this.RaisePropertyChanged("enforceChallengeResponse");
                            }
                            }

                            /// <remarks/>
                            http://System.Xml.Serialization.XmlElementAttribute(Order=1)
                            public long sessionID {
                            get {
                            return this.sessionIDField;
                            }
                            set {
                            this.sessionIDField = value;
                            this.RaisePropertyChanged("sessionID");
                            }
                            }

                            public event System.ComponentModel.PropertyChangedEventHandler PropertyChanged;

                            protected void RaisePropertyChanged(string propertyName) {
                            System.ComponentModel.PropertyChangedEventHandler propertyChanged = this.PropertyChanged;
                            if ((propertyChanged != null)) {
                            propertyChanged(this, new System.ComponentModel.PropertyChangedEventArgs(propertyName));
                            }
                            }
                            }
                            */
                            Step 6. 'Build' or 'Rebuild' the project and you will see that the Error from the 'WSsession' goes away.

                            Step 7. Repeat the same for all the Errors.

                            Step 8. You wouldn't have to do this 464 times ,'cause sometimes commenting a partial class takes away a bunch of
                            them. Around 10 to 15 tries should clean the imported Service reference class's.

                            Step 9. Once the project compiles for the errors from the added 'Service reference' classes you should be on your
                            way for using all the methods or functions from these classes for accessing the Web Service info.

                            Step 10. I have also tried to make it work for the 2.0 framework which i would talk in the next posting.Thanks
                            much to GIRISH VERMA for all his advices and help.

                            Hope some body could try use my leranings and wouldn't struggle from scratch!

                            Thanks All!
                            Ajay Surydewara
                            • SystemAdmin
                              SystemAdmin
                              233 Posts
                              ACCEPTED ANSWER

                              Re: Web Services Wrappers for ITIM API- How to use it from the .NET world?

                              ‏2009-07-27T14:09:07Z  in response to SystemAdmin
                              Hi ajays,

                              I´m trying to access the Web Services Wrappers for ITIM API using a C# code (framework 2.0).
                              I've access succesfully using a Java code (the proxy client was generated using axis), but when I try to connect using a C# code, the WS is returning a nulling session always.

                              Do you have any clue about how to solve this problems ?

                              Thanks in advantage,
                              Eduardo Ruela
                              • gverma
                                gverma
                                233 Posts
                                ACCEPTED ANSWER

                                Re: Web Services Wrappers for ITIM API- How to use it from the .NET world?

                                ‏2009-07-27T20:22:36Z  in response to SystemAdmin
                                Eduardo,

                                I don't have any C client stubs for web services - it looks like your generated artifacts are not able to parse the SOAP message. Were you able to connect and get a session back using soapUI test tooling? A message to user ajays may help your situation - he posted a detailed procedure to connect from the .NET world.

                                Girish.
                            • TivoliJ
                              TivoliJ
                              5 Posts
                              ACCEPTED ANSWER

                              Re: Web Services Wrappers for ITIM API- How to use it from the .NET world?

                              ‏2010-04-22T13:24:42Z  in response to SystemAdmin
                              Hi ajays,

                              We are trying to use the ITIM Web services v1.3 in .NET. We did not get any compilation errors due to partial classes, as u mentioned. Login and all went fine. But while we search a person using searchPersonsFromRoot() method in WSItimService, it returns result without person attributes. The WSAttribute array length is zero. Can you please tell us any idea if you had such a problem before. Any idea would be highly appreciated.

                              Thanks in advance
                              • lotim
                                lotim
                                2 Posts
                                ACCEPTED ANSWER

                                Re: Web Services Wrappers for ITIM API- How to use it from the .NET world?

                                ‏2010-10-18T12:29:39Z  in response to TivoliJ
                                Hi,

                                I too have problems with WSAttribute-array, creating a person works great but reading attributes seems to be a problem.
                                I am using the parsed webservicesfile: itimws_proxy_v12.cs but I do not know where to look for this problem.
                                Anybody had any luck with this?

                                /L
                              • ChrisHayes
                                ChrisHayes
                                3 Posts
                                ACCEPTED ANSWER

                                Re: Web Services Wrappers for ITIM API- How to use it from the .NET world?

                                ‏2011-10-13T17:48:51Z  in response to TivoliJ
                                I am try to work with the ITIM Web Service through Powershell and I was having the same problem with the searchPersonsFromRoot returning empty values for the .Net wsdl.exe generated file. After spending some time looking at the generated .cs file and results of the service call via SoapUI and eclipse I finally managed to get the attributes returned. The issues with the .Net wsdl.exe generated code are:

                                1. Namespaces must match "http://services.ws.itim.ibm.com" and the wsdl had some the mapped to model.itim.ibm.com (or something close) for some elements.
                                2. Sequences using the name "item" were not being returned as .Net expected.

                                For the WSObject the wsdl defined the name as "item" but running SoapUI shows it returns "attributes" in the XML response

                                So changing this line in public partial class WSObject got me the attributes returned.

                                Generated:

                                My change:
                                This did not get me the values for the attributes listed so I had to fix the WSAttribute class definition

                                Generated:

                                My change:

                                These changes got the .Net library to start returning attributes and values to my powershell script. I assume the rest of the
                                ""
                                for the other objects need to corrected to the variable name as well for the sequences to work correctly. I have attached my WSDL to the post.

                                How to compile library on Windows 7

                                1. Update the URL in the file to your ITIM web service location.

                                C:\Windows\Microsoft.NET\Framework\v3.5\csc /target:library .\WSItimServiceServices.cs
                                Example of Powershell usage to change a password:

                                user="youruser"
                                $pass="your_pass"
                                http://Reflection.Assembly::LoadFile(“WSItimServiceService.dll.dll")
                                $service=new-object emi.itimwsproxy.v13.b147.WSItimServiceService
                                $session=$service.login($user,$pass)
                                $service.searchPersonsFromRoot($session, "(uid=testuser1)",$null)
                                $accounts=$service.getAccountsByOwner($session, $user[0].itimDN)
                                $accdns=@()
                                $accounts | % { $accdns+=$_.itimDN }
                                $pass=$service.generatePassword($session, $accdns)
                                $request=$service.changePassword($session, $accdns, $pass)
                                • ChrisHayes
                                  ChrisHayes
                                  3 Posts
                                  ACCEPTED ANSWER

                                  Re: Web Services Wrappers for ITIM API- How to use it from the .NET world?

                                  ‏2011-10-13T17:50:02Z  in response to ChrisHayes
                                  Sorry I missed name the object in new-object so here is the corrected code:

                                  user="youruser"
                                  $pass="your_pass"
                                  http://Reflection.Assembly::LoadFile(“WSItimServiceService.dll.dll")
                                  $service=new-object WSItimServiceService
                                  $session=$service.login($user,$pass)
                                  $service.searchPersonsFromRoot($session, "(uid=testuser1)",$null)
                                  $accounts=$service.getAccountsByOwner($session, $user[0].itimDN)
                                  $accdns=@()
                                  $accounts | % { $accdns+=$_.itimDN }
                                  $pass=$service.generatePassword($session, $accdns)
                                  $request=$service.changePassword($session, $accdns, $pass)
                                • ChrisHayes
                                  ChrisHayes
                                  3 Posts
                                  ACCEPTED ANSWER

                                  Re: Web Services Wrappers for ITIM API- How to use it from the .NET world?

                                  ‏2011-10-13T19:45:38Z  in response to ChrisHayes
                                  I am reposting without the brackets

                                  WSObject class

                                  Generated:

                                  [System.Xml.Serialization.XmlArrayItemAttribute("item", Namespace="http://services.ws.itim.ibm.com", IsNullable=false)]

                                  My change:

                                  [System.Xml.Serialization.XmlArrayItemAttribute("attributes", Namespace="http://services.ws.itim.ibm.com", IsNullable=false)]

                                  This did not get me the values for the attributes listed so I had to fix the WSAttribute class definition

                                  WSAttributes

                                  Generated:

                                  [System.Xml.Serialization.XmlArrayItemAttribute("item", Namespace="http://services.ws.itim.ibm.com", IsNullable=false)]

                                  My change:

                                  [System.Xml.Serialization.XmlArrayItemAttribute("values", Namespace="http://services.ws.itim.ibm.com", IsNullable=false)]
                  • gverma
                    gverma
                    233 Posts
                    ACCEPTED ANSWER

                    Re: Web Services Wrappers for ITIM API

                    ‏2009-06-12T14:26:48Z  in response to elibor
                    To close out this post (for those who are interested), it was a data issue. Once the set of attributes were fixed, the issue was resolved.
                  • SenKan
                    SenKan
                    6 Posts
                    ACCEPTED ANSWER

                    Re: Web Services Wrappers for ITIM API

                    ‏2009-08-12T00:36:58Z  in response to elibor
                    Hi 'elibor',

                    From some of the forum messages we understand that you have been successful in the recent past in implementing ITIM Webservice calls from within the ITDI. We are currently validating a couple of approaches available for us for a particular use case and calling ITIM Webservices from ITDI is one among them. Though we know it is theoretically possible, we are looking for some evidence or supporting information to rely on this approach. If you don't mind, can you please let me know your mail ID so that I can send you the details?

                    Thanks
                    SenKan
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-05-08T19:07:33Z  in response to gverma
    Hi Girish,

    We are facing a slightly curious problem using ITIM webservices. We have configured TIM to accept 3 sets of Challenge Questions and answers and 1 pair of QA for validating the user. From our custom commerce application user is setting 3 pairs of Challenge Question and answers. When user has forgotten password, he has to answer only one question out of set of 3. While doing this, what we are experiencing, is that even if the first try is correct, we are getting back login exception, which we assume as unsuccessful try. But with the same answer ( which is correct), user is successful in 2nd or 3rd attempt. This gives us the feeling that the QA validation is returning consistent result, possibly we are setting something wrong through web services and we are trying hard to figure the problem is at which end. Here is the code snippet we are using :

    WSSession session = null;
    boolean temp = true;
    WSSessionServiceProxy sessionServicestub = new WSSessionServiceProxy();
    sessionServicestub.setEndpoint(sessionEndPt);
    WSSessionService wsSessionService = sessionServicestub
    .getWSSessionService();

    try {
    session = wsSessionService
    .lostPasswordLoginDirectEntry(userID, crInfos);
    } catch (WSLoginServiceException e) {
    //catch the exception and set the flag as false
    if (log.isDebugEnabled()) {
    log.debug(methodName + " Exception in calling Challenge: QA" + e.toString());
    }
    temp = false;
    }
    if (log.isDebugEnabled()) {
    log.debug(methodName + " User Id ( email address ) : " + userID);
    }

    And we are setting the Challenge QA as :
    Collection criList = new ArrayList(); // List to hold each
    // challenge Q and A

    WSChallengeResponseInfo cri = new WSChallengeResponseInfo();
    cri.setQuestion(strChallengeQuestion.trim());
    cri.setAnswer(strChallengeAnswer.trim().toLowerCase());

    if (LOG.isDebugEnabled()) {
    LOG.debug(methodName + " ChallengeAnswer>>> "
    + strChallengeAnswer.toLowerCase());
    }

    criList.add(cri);
    Initial setting of Challenge QA from application as :

    Collection criList = new ArrayList();
    WSChallengeResponseInfo res = new WSChallengeResponseInfo();
    res.setQuestion(securityQ1.trim());
    res.setAnswer(securityA1.trim().toLowerCase());
    criList.add(res);
    res = new WSChallengeResponseInfo();
    res.setQuestion(securityQ2.trim());
    res.setAnswer(securityA2.trim().toLowerCase());
    criList.add(res);
    res = new WSChallengeResponseInfo();
    res.setQuestion(securityQ3.trim());
    res.setAnswer(securityA3.trim().toLowerCase());
    criList.add(res);
    Thought you might help us identifying this odd behaviour.

    Thanks
    -Deb
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-05-13T12:35:08Z  in response to SystemAdmin
      Deb,

      I don't see the part of the code that is setting up the challenge response for the user, nor the code that is getting the challenges before submitting the answer. When authenticating with challenge responses, you should use the WSSessionService's getChallengeQuestions to get the list of questions from ITIM and show the user. If you have defined a 1 out 3 type scenario, ITIM will randomly choose one of the three questions and send it you.

      A brief primer:
      There are two separate activities in ITIM associated with the "forgotten password" functionality. The first is setting the challenges and responses for an ITIM user. This is a function of the SystemUser object (ITIM service account) and is represented in web services by WSSystemUser service. The operation "getChallengeResponseConfiguration" will get you the information on how the challenge response is setup by the ITIM administrator. The operation "getExistingChallengeResponseInfo will retrieve the existing challenge response info - you can retrieve all the existing questions and set new answers for them, or add new questions and answers. The "setChallengeResponseInfo" operation will set these on ITIM. A user will typically only need to set the questions and answers once unless the configuration is changed by the ITIM administrator.

      The second activity associated with the "forgotten password" functionality is using the challenge questions, providing answers and authenticating to ITIM. This is a function of the WSSessionService. You should first get the set of questions from ITIM using the getChallengeQuestions. Subsequently, use the "lostPasswordLoginDirectEntry" and "lostPasswordLoginResetPassword" operations to authenticate. You use one of them to authenticate to ITIM. This choice depends on whether your ITIM is configured to allow a login after challenges are authenticated, or forces a password reset after the challenges are authenticated. In the latter case, the user must use the password delivery mechanism to retrieve his/her new password and use that to perform a normal login.
      • SenKan
        SenKan
        6 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-07-23T22:42:38Z  in response to gverma
        Hi Girish,

        ITIM Version: 5.0.0.4
        Build number: 200812050153
        Maintenance level: FP0004
        Environment - .NET
        WS Stubs - Client has generated through .NET infrastructrue.

        Our current customer is facing an issue with ITIM Webservices while accessing them from the .NET environment. The issue as described by the client is attached as a word document. I want to put it simple here as follows :

        Config Setting :
        - ITIM is configured to allow admin to define challenges and allows user to set 2 questions and expected to answer 1 out of 2 correctly. (Last choice selected - No, user answers a subset of questions system provides =1)

        Scenario :
        • User is allowed to set challenge response questions and password through a custom UI. The system returns 2 questions, user sets answers for both.
        • User now tries the forgotten password functionality from the UI, system returns 1 random question.
        • User answers this question in the UI, the code sets the answers for the challenges and calls the lostPasswordLoginDirectEntry webservvice.
        • Issue : The login fails and succeeds randomly through multiple attempts. When it fails, it logs "incorrect response" in the server log.

        Customer claims that the webservice is returning a random question for the user but later uses a different question to authenticate in the background. Please help us understand what could be the cause of this behavior.

        I would also like to add that the login is consistently successful whenever we configure equal number of 'user questions' and 'required correct answers'. eg : 1 & 1 for last two input boxes in the config page.
        Note: I find this issue simialr to the one faced by the Webservices forum user by name 'DebaJyoti'. If you had helped them solve the issue, please let us know the same fix. I believe it will apply to our scenario as well.
        Thanks.
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2009-07-24T21:02:36Z  in response to SenKan
          SenKan,

          I duplicated the issue in my environment. I will fix it and release the fix as part of Web Services v1.3. In the meantime, the workaround would be to have an equal number of user questions and required answers.

          Girish.
          • SenKan
            SenKan
            6 Posts
            ACCEPTED ANSWER

            Re: Web Services Wrappers for ITIM API

            ‏2009-07-25T16:43:20Z  in response to gverma
            Hi Girish,

            Thanks for confirming the issue. I appreciate your response. We look forward for the new release.

            Thanks
            SenKan
            • gverma
              gverma
              233 Posts
              ACCEPTED ANSWER

              Re: Web Services Wrappers for ITIM API

              ‏2009-07-27T20:16:23Z  in response to SenKan
              I have sent out a bug fix - it was emailed to Eric.

              Girish.
              • SenKan
                SenKan
                6 Posts
                ACCEPTED ANSWER

                Re: Web Services Wrappers for ITIM API

                ‏2009-07-29T08:10:31Z  in response to gverma
                Hi Girish,

                We got the fix and installed it. Client side development team modified the webservice calls (related to issue) with WSLocale parameter and tested the forgot password functionality. Everything is working fine and customer is happy. Thanks for your efforts. We appreciate your help.

                Thanks
                SenKan
  • garou
    garou
    15 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-05-19T16:58:00Z  in response to gverma
    Hi,

    We are using the ITIM ws interface to validate user input against policy and to assign UIDs, passwords, etc. The ws calls properly return any error/warning/information messages that may be generated.

    However, I must localize the UI in front of these calls in 4 languages: en, es, pl, zh.

    Is it possible, in the ws call, to specify the language for any returned text? (Or, do I need to trap every possible return value and provide texts myself?)

    Thanks for any guidance.
    Jeff
    • streetglide
      streetglide
      81 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-05-19T17:28:41Z  in response to garou
      Please refer to post 20

      Dave
      • streetglide
        streetglide
        81 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-05-19T17:30:41Z  in response to streetglide
        Sorry, that want't the post number. In any case here is the post:
        ITIM Web Services 1.21 does not have language support, it defaults to English. Web Services 1.3 scheduled to release in 6 - 8 weeks will offer setting your client Locale to a supported language.

        Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-05-22T16:06:35Z  in response to gverma
    Hi Girish,

    We want to set the challenge responses for users on ITIM using Web Services Wrappers. Unfortunately in our case to build a session , neither SSO is enabled to build a user session just with principal nor login password is available . We have a custom application (i.e. Portal ) , which actually authenticates the user and provides option to set the CRs . As portal authenticates the user, we will not be able to get the password straight.

    Do you have any solution or thought to set challenge responses for a given user , using a proxy id (i.e Dedicated ID with Admin Capabilities ) or something else ?

    Thanks
    Nagendra
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-05-22T20:26:17Z  in response to SystemAdmin
      Nagendra,

      This is not strictly a Web Services question but an ITIM implementation architecture question. However - what does Portal authenticate against? If you want to integrate ITIM into your Portal architecture so that you can set ITIM CR from Portal, or make other calls from a portal application, you must make available either a common authentication architecture, or enable SSO in conjunction with access control like WebSeal or similar.

      The ITIM API, as published, does not allow a proxy user to set the CR for another user.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-05-27T10:40:44Z  in response to gverma
    Hi Girish, Dave, All,

    I verfied all configurations/versions etc as per this thread to solve a LOGIN problem using the "rich client" but still getting the following error in the rich-client console. Please help.

    Thanks,
    Jatin

    Rich Client Console:

    05/27/2009 15:40:46ERROR: An Error Occured While attempting to login:
    ; nested exception is:
    org.xml.sax.SAXException: Invalid element in com.ibm.itim.ws.model.WSSession - clientSession

    Running testClient1.2.1.jar gives the following output:

    C:\Documents and Settings\jatin_vaidya>java -jar d:\opt\ibm\ITIMWebServices\testClient1.2.1.jar http://localhost:9081 "itim manager" pass1234
    Trying connection to ITIMWebServices
    May 27, 2009 3:49:57 PM org.apache.axis.utils.JavaUtils isAttachmentSupported
    WARNING: Unable to find required classes (javax.activation.DataHandler and javax
    .mail.internet.MimeMultipart). Attachment support is disabled.
    Communication successful, the ITIM Web Services Wrapper version is 1.21
    The ITIM version is 5.0
    Trying authentication for user itim manager
    User id itim manager logged in succesfully to http://localhost:9081
    User name from ITIM is System Administrator
    Trying to get list of accounts owned by System Administrator
    Found 1 accounts for System Administrator
    ITIM Manager on service ITIM Service
    End of test

    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-05-27T12:53:45Z  in response to SystemAdmin
      Jatyn,

      Unfortunately the web services download package on OPAL did not contain the correct version of the Rich Client. If you have access to IBM GSA, I can authorize you to download the correct version of the Rich Client. If not, email me at gverma@us.ibm.com to discuss alternatives.

      That being said, you should be able to use the ITIM Web Services Wrapper - it has no dependencies on the Rich Client. The Rich Client is a reference implementation of a client using web services to communicate with ITIM and is provided with full source code to illustrate web services calls, so you can still use the source code as a reference. You can use the pre generated Java client in your code to call ITIM Web Services, or you can generate your own client using the WSDL files.
  • bfellfeworks
    bfellfeworks
    7 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-06-23T20:26:49Z  in response to gverma
    We're using the Web Services Wrappers to create a custom registration application but seem to not be able to get back the list pre-defined challenge questions using the web service API. The code is slightly modified from the example found on page 79 of the "ITIM Web Services Solution Design & Deployment Guide" but isn't yielding the expected results (there are 5 challenge questions defined). Are there additional steps required to expose the admin defined challenge questions to the Web Service API?

    Code:

    
    WSSystemUserService suService = getWebServiceFactory().getWSSystemUserService(); WSChallengeResponseConfiguration crConfig = suService.getChallengeResponseConfiguration(session); 
    // Check if challenge response is enabled System.out.println(
    "Challenge response enabled: " +crConfig.isChallengeResponseEnabled()); 
    // Check if user can define challenge questions System.out.println(
    "User defined challenges allowed: " +crConfig.isUserDefined()); 
    // Display how many challenges are required System.out.println(
    "Number of challenges required: " +crConfig.getNumberRequiredChallenges()); 
    // Get the admin defined challenges                       String[] challenges = crConfig.getAdminChallenges(); System.out.println(
    "Challenge questions - count = " + challenges.length);
    


    Result:

    
    SystemOut     O Challenge response enabled: 
    
    true SystemOut     O User defined challenges allowed: 
    
    false SystemOut     O Number of challenges required: 3 SystemOut     O Challenge questions - count = 0
    


    Thanks in advance,
    Brian
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-06-24T18:19:36Z  in response to bfellfeworks
      Brian,

      I am trying to repeat your issue? What version of ITIM are your web services running on?

      Girish.
      • gverma
        gverma
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-06-24T18:20:37Z  in response to gverma
        Brian,

        Ignore the previous post, it posted inadvertently. I am trying to replicate your issue. What version of ITIM are you using?
        • bfellfeworks
          bfellfeworks
          7 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2009-06-24T20:17:45Z  in response to gverma
          Girish,

          Thanks for your quick response - I'm using ITIM 5.0 (specifically Version: 5.0.0.0, Build number: 1484) and version 1.2.1 of the Web Services Wrappers.

          Brian
          • gverma
            gverma
            233 Posts
            ACCEPTED ANSWER

            Re: Web Services Wrappers for ITIM API

            ‏2009-06-26T03:34:33Z  in response to bfellfeworks
            Brian,

            ITIM Web Services are a wrapper for ITIM API that ships with the product, and I determined that the underlying ITIM API has a bug when getting admin defined challenge questions using a locale. That is how the ITIM API is called in the web services wrapper. The bug does not manifest itself when getting admin defined questions without specifying a locale, using the ITIM API.

            I am in the process of releasing Web Services v1.3, pending license files for its distribution on OPAL. You have two options at this point a) Wait for v1.3 to be published on OPAL b) Send me an email at gverma@us.ibm.com to explore getting an early release that uses the other ITIM API without a locale for this specific functionality only.

            Girish
            • bfellfeworks
              bfellfeworks
              7 Posts
              ACCEPTED ANSWER

              Re: Web Services Wrappers for ITIM API

              ‏2009-06-26T04:26:33Z  in response to gverma
              Thanks again for looking into this and finding the solution. I'll follow up in the next few days about potentially getting an early release version. Depending on the viablity of getting that early release there is another option that I may explore which is to do an LDAP query to get back the erchallenges objectclass that contains the questions as attributes, my suspicion is that approach probably isn't encouraged but does it raise any red flags?

              Thanks,
              Brian
              • gverma
                gverma
                233 Posts
                ACCEPTED ANSWER

                Re: Web Services Wrappers for ITIM API

                ‏2009-06-26T04:49:55Z  in response to bfellfeworks
                Brian,

                "Not encouraged" is the operative term.

                Girish.
              • gverma
                gverma
                233 Posts
                ACCEPTED ANSWER

                Re: Web Services Wrappers for ITIM API

                ‏2009-06-26T15:09:46Z  in response to bfellfeworks
                Brian,

                I think I may have found your issue. On a closer look, you have probably set up your admin defined challenge questions in ITIM with the Locale set to "Any". Change that to "English" in ITIM, and retry your web services code.

                Apparently if you specify a Locale of Any when setting up the questions, then try retrieving them with Locale set to English, the API does not return the questions.

                Girish.
                • bfellfeworks
                  bfellfeworks
                  7 Posts
                  ACCEPTED ANSWER

                  Re: Web Services Wrappers for ITIM API

                  ‏2009-06-26T17:21:22Z  in response to gverma
                  Girish,

                  That did it - thanks so much!

                  Brian
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Web Services Wrappers for ITIM API Through .Net

    ‏2009-07-01T13:36:35Z  in response to gverma
    Hi
    We are trying to access ITIM web services through .Net , But We are facing some issue, Our Motive is to login to ITIM , Get the Session and Reset the password for the users, The code is mention below

    {Code}
    string[] Accountid=new string10;
    Accountid[0]="xxxxxxxxx";
    WSSessionServiceService SessionSer = new WSSessionServiceService();
    WSSession session = SessionSer.login("xxxxxxxx", "xxxxxxxxx");
    WSPasswordServiceService PassService=new WSPasswordServiceService();
    PassService.changePassword(session, Accountid, "NewPassword");
    {code}

    Exception That we are getting :

    com.ibm.itim.ws.exceptions.WSInvalidSessionException: getSubjectFromSession: Credentials not found in session, Please login
    Early response will be highly appreciated
    Gourav Gandhi
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API Through .Net

      ‏2009-07-01T14:02:33Z  in response to SystemAdmin
      Gourav,

      ITIM Web Services WSDL conforms to the interoperability standards as tested via WS-I, so it is upto you to use a client that meets the interoperability standard of web services. That being said, page 4 of this thread has a posting by user "ajays" that discusses ways to use ITIM WS from one of the .NET environments. The post is titled:

      Posted by user: ajays
      "Re: Web Services Wrappers for ITIM API- How to use it from the .NET world? "
      Posted: Jun 16, 2009 10:43:13 AM

      Girish.
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API Through .Net

        ‏2009-07-02T05:45:35Z  in response to gverma
        Hi Girish

        we have seen the issue posted by ajay , Here we are not getting any error(as ajay posted) till now , but getting a exception as after login with correct userid and password we are not getting anything in session object thats why we are getting exception while changing password of other user

        The line on which we are getting exception in previous written post code is

        PassService.changePassword(session, Accountid, "NewPassword");

        And we are getting exception as session object is null

        We are using the almost same code that ajay was using

        Exception already written in previous post.
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API Through .Net

          ‏2009-07-06T22:07:43Z  in response to SystemAdmin
          Gourav,

          I saw your post after the Jul 4th weekend. It is likely your .NET client stubs are not correctly parsing the SOAP message that comes back from ITIM Web Services. Also, have you checked that you can get back a session from ITIM Web Services at all - you can use the test jar I posted earlier on page 1 of this thread. The post is titled "Test jar v 1.2.1 for testing connection to ITIM Web Services v1.2.1". Ensure you are using v1.2.1 before running the test. The posting has information on how to ascertain your version.

          Alternatively you can use a SOA standard toolset like soapUI http://www.soapui.org to import the WSDL and run the login operation. The soapUI interface will show you the SOAP message that comes back and ascertain whether ITIM Web Services is passing back a session or not.
          • SystemAdmin
            SystemAdmin
            233 Posts
            ACCEPTED ANSWER

            Re: Web Services Wrappers for ITIM API Through .Net

            ‏2009-07-07T10:59:02Z  in response to gverma
            Hi Girish

            See the Following code
            
            WSSessionServiceService SessionSer = 
            
            new WSSessionServiceService(); WSSession session = SessionSer.login(
            "xxxxxxxx", 
            "xxxxxxxxx"); 
            
            float Version = SessionSer.getItimVersion();
            


            Here I use 2 Method from WSSessionServices.
            While using login method I am getting null/0 values for the all the properties of WSSession class object
            But when i am calling getItimVersion() method , I am getting return value '5.0'.

            I have tried all possible method in .Net Enviourment to call this WebService, But every Case I am getting null

            Through SoapUI i am getting sucessfully Session object

            Is there interoperatability issue B/w .Net & Java, Please Suggest any Solution
            • gverma
              gverma
              233 Posts
              ACCEPTED ANSWER

              Re: Web Services Wrappers for ITIM API Through .Net

              ‏2009-07-07T16:10:47Z  in response to SystemAdmin
              Gourav,

              Other .NET developers have gotten this to work. I am not a .NET person, I suggest that you reply to to user "ajays" post to see how he generated his .NET artifacts. Like I mentioned before, ITIM Web Services WSDL has been tested using WS-I http://www.ws-i.org/ for interoperability conformity.

              Girish.
              • SystemAdmin
                SystemAdmin
                233 Posts
                ACCEPTED ANSWER

                Re: Web Services Wrappers for ITIM API Through .Net

                ‏2009-07-08T05:30:17Z  in response to gverma
                Hi Girish

                We tried some other method to call Login method of WSSessionService

                But Now we are getting some Login Exception Given Below

                com.ibm.itim.ws.exceptions.WSInvalidLoginException: Login failed for user XXXXXXXX: CTGIMM030E The tenant cannot be found.

                There is no issue with UserId and Password

                We also getting same Exception we we try to access this method from SoapUI

                Any Help Regarding this Issue
            • Arnush
              Arnush
              1 Post
              ACCEPTED ANSWER

              Re: Web Services Wrappers for ITIM API Through .Net

              ‏2009-11-19T18:53:33Z  in response to SystemAdmin
              I am using aspx (VB.NET) to call this webservice and I am getting null values in the session object as well.

              Where you able to get this working? Here is my code, I have stored the credentials in principal and pwd variable.
              If I pass a wrong password, it throws that login id error, which means I am hitting the Webservice successfully. Just does not return me the session ID.

              Dim iwsSessionService As New itimSession.WSSessionServiceService()

              Dim iwsSession As New itimSession.WSSession()

              iwsSession = iwsSessionService.login(principal, pwd)

              I would appreciate your help on this.

              Thanks,
              Arun
              • nikb
                nikb
                1 Post
                ACCEPTED ANSWER

                Re: Web Services Wrappers for ITIM API Through .Net

                ‏2009-11-19T20:01:42Z  in response to Arnush
                It seems like the standard ways of using soap/wsdl with .NET has problems with the ITIM Web Services. I tried to get it working with Powershell and used several methods with the same results that Arnush describes. The problem seems to be that .NET is not able to parse the results when values are nested. This is what i did (several month ago so my memory might be a little inaccurate):

                Calling login got me an empty result, but if i sniffed the ip packets i could see that the web service was returning values. I copied the results from the packets to the PS object (the sessionid especially) and was able to call other services with this. But again complex results was returned with null values (the sniffer again showed that the web services returned correct values). But simple requests with single value responses worked fine (sorry i cant remember which services that was). My conclusion was that the .NET could not parse these complex value sets but never found a workaround. But it would be real cool and increase my street cred. amongst the other technicians if I could deliver a PowerShell commandlets to interact with TIM :-) So if any find a way of getting .NET to work i am all ears.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-07-14T07:58:35Z  in response to gverma
    Hi Girish,

    Kindly see the last post by Gourav.

    Could there be a possibility that the way Web Services Wrapper for ITIM has been installed in an environment, may lead to non availability / incorrect functionality of few methods?

    Also, our basic concern is to be able to perform password reset for the user accounts through a web service. Currently, our approach is as following:

    1. Using the WSSessionService - login method, login to TIM (Using an administrator credentials)
    2. Then using the WSPasswordService - changePassword method, change the password of a normal user account. (Please note the user for which the password needs to be changed, is different from the one which the session has been created).

    We are able to login through the web service and maintain a valid session object. But when the same object is used in the changePassword method, we get couple of exceptions, and the operation does not completes.

    We need you expert opinion on the approach we are taking. Kindly let us know the way out of this issue.

    Regards,

    Prasenjit Bose
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-07-14T07:59:04Z  in response to gverma
    Hi Girish,

    Kindly see the last post by Gourav.

    Could there be a possibility that the way Web Services Wrapper for ITIM has been installed in an environment, may lead to non availability / incorrect functionality of few methods?

    Also, our basic concern is to be able to perform password reset for the user accounts through a web service. Currently, our approach is as following:

    1. Using the WSSessionService - login method, login to TIM (Using an administrator credentials)
    2. Then using the WSPasswordService - changePassword method, change the password of a normal user account. (Please note the user for which the password needs to be changed, is different from the one which the session has been created).

    We are able to login through the web service and maintain a valid session object. But when the same object is used in the changePassword method, we get couple of exceptions, and the operation does not completes.

    We need you expert opinion on the approach we are taking. Kindly let us know the way out of this issue.

    Regards,

    Prasenjit Bose
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-07-14T15:18:13Z  in response to SystemAdmin
      Presenjit,

      Let me know what is the exception you are seeing - otherwise it is difficult to determine what the issue is. Post the change password code snippet, or email to me at gverma@us.ibm.com. Post only the relevant lines of code.

      Girish.
  • Goda
    Goda
    6 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-07-16T19:33:30Z  in response to gverma
    I got a problem, I cant figure this out.
    Im using *.jar files supplied with this and not calling this via .wsdl files(and axis-soap etc.).

    Stuff like this works fine:
    server = "http://localhost:9080";
    webfactory = Packages.com.ibm.itim.ws.services.facade.ITIMWebServiceFactory(server);
    itimservice = webfactory.getWSItimService();
    session = itimservice.login("itim manager", "123");
    t = itimservice.getAccountProfileForService(session, "erglobalid=3822578606769589879,ou=services,erglobalid=00000000000000000000,ou=test,o=test,c=hr");
    I get profile, things are working fine.

    I got problem with WSAttribute thing. When I call create account I need to pass wsattribute.

    From javadocs:
    WSRequest createAccount(WSSession session, java.lang.String serviceDN, WSAttribute[] wsAttrs, java.util.Date date)

    Ok I read itim_ws doc.pdf and there is example for Create Person:

    Collection attrList = new ArrayList();
    wsPerson.setProfileName("BluePerson"); // IMPORTANT: Set the correct profile name. This
    // example uses a custom person entity called
    // BluePerson.

    // Populate the custom blueId attr
    WSAttribute wsAttr = new WSAttribute("blueId", new String[] {"Blue-1022"});

    // Populate the mandatory cn and sn attributes
    wsAttr = new WSAttribute("cn", new String[] {"Ben Franklin"});
    attrList.add(wsAttr);
    wsAttr = new WSAttribute("sn", new String[] {"Franklin"});
    attrList.add(wsAttr);

    // Add any more attrs to the Collection attrList, and set attributes on person object.
    WSAttribute] wsAttrs = (WSAttribute[)attrList.toArray(new WSAttributehttp://attrList.size());
    wsPerson.setAttributes(wsAttrs);

    They are using Arraylist and populte it with WSAttribute and then right before they do "wsPerson.setAttributes(wsAttrs); " they are using JAVA cast to convert that ArrayList to WSAttribute array.

    Now im not JAVA expert and I would like to know how to do that in TDI when I only can call JAVA with Packages.... and I cannot find CAST class in standard java docs.
    How to work with WSAttribute in this case, how to populate it correctly and send it to createaccount.

    thank you
    • Goda
      Goda
      6 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-07-16T19:37:13Z  in response to Goda
      Sorry I just copy/paste it from TDI forum so I forgot to mention that I got problem regarding Web SErvices from Tivoli Directory Integrator. As far as I know I can only call java classes and methods using x = Packages.com.ibm.someclass (); and x.callmethod("123");
      I cant use JAVA CAST and that kind of stuff.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-07-17T00:48:42Z  in response to Goda
      Goda,

      The example given in the documentation uses an ArrayList as a coding convenience before creating an array of WSAttribute objects from it. BTW, the code is not using Cast to convert the ArrayList to an array, it is creating an array of objects and casting it to an array of WSAttribute objects. You have to evaluate your environment and code to create an array of WSAttribute objects.

      In ITDI Javascript, provided you have created a jar by using the complex types generator and added it to the ITDI jars folder, you can create your array of WSAttribute objects by:

      var wsAttr = Packages.com.ibm.itim.ws.model.WSAttribute();
      var arrayLength = 4; // if you want to create 4 attributes.
      var wsAttrArray = java.lang.reflect.Array.newInstance(wsAttr.getClass(), arrayLength);

      // Now create WSAttribute objects, and set them elements of the wsAttrArray

      Please note that this is not a forum to discuss language skills or ITDI skills. The ITDI install folder has an examples/ws_tutorial folder that you can reference to get information.

      Girish.
      • Goda
        Goda
        6 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-07-18T20:22:59Z  in response to gverma
        Thank you for a quick java 101 course. Sorry about that, my JAVA skills are not that great. Well that worked fine but now I got another problem which is forum related. Before that, please tell me when executing create account, how does WS knows what person account I'm creating. That goes by using "erparent" attribute and setting that to DN of person I want to apply that? If no what then please?

        Here is code:
        u = "itim manager";
        p = "cruoiun";
        // Get the ITIMWebServiceFactory
        server = "http://localhost:9080";
        webfactory = Packages.com.ibm.itim.ws.services.facade.ITIMWebServiceFactory(server);
        itimservice = webfactory.getWSItimService();
        session = itimservice.login(u,p);
        var wsAttr = Packages.com.ibm.itim.ws.model.WSAttribute();
        var arrayLength = 3; // if you want to create 4 attributes.
        var wsarr = Packages.java.lang.reflect.Array.newInstance(wsAttr.getClass(), arrayLength);
        ar = new Array ();
        ar[0] = "Pera Djetlic";
        wsa = Packages.com.ibm.itim.ws.model.WSAttribute("cn", ar);
        wsarr[0] = wsa;

        ar = new Array ();
        ar[0] = "eruidjepera";
        wsa = Packages.com.ibm.itim.ws.model.WSAttribute("eruid", ar);
        wsarr[1] = wsa;

        ar = new Array ();
        ar[0] = "erglobalid=4152465444990301318,ou=0,ou=people,erglobalid=00000000000000000000,ou=test,o=test,c=hr";
        wsa = Packages.com.ibm.itim.ws.model.WSAttribute("erparent", ar);
        wsarr[2] = wsa;

        sdn = "erglobalid=3822578606769589879,ou=services,erglobalid=00000000000000000000,ou=test,o=test,c=hr";

        da = Packages.java.util.Calendar.getInstance();

        request = itimservice.createAccount(session, sdn, wsarr, da);

        08:56:21 test2 CTGDIS809E handleException - cannot handle exception , script
        AxisFault
        faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
        faultSubcode:
        faultString: com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.apps.AuthorizationException:You are not authorized to perform this operation.
        faultActor:
        faultNode:
        faultDetail:
        {http://services.ws.itim.ibm.com}fault1:null
        {http://xml.apache.org/axis/}hostname:tim

        com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.apps.AuthorizationException:You are not authorized to perform this operation.
        at java.lang.Class.newInstanceImpl(Native Method)
        at java.lang.Class.newInstance(Class.java:1263)
        at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:104)
        at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:90)
        at com.ibm.itim.ws.exceptions.WSApplicationException.getDeserializer(WSApplicationException.java:75)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:615)
        at org.apache.axis.encoding.ser.BaseDeserializerFactory.getSpecialized(BaseDeserializerFactory.java:154)
        at org.apache.axis.encoding.ser.BaseDeserializerFactory.getDeserializerAs(BaseDeserializerFactory.java:84)
        at org.apache.axis.encoding.DeserializationContext.getDeserializer(DeserializationContext.java:464)
        at org.apache.axis.encoding.DeserializationContext.getDeserializerForType(DeserializationContext.java:547)
        at org.apache.axis.message.SOAPFaultDetailsBuilder.onStartChild(SOAPFaultDetailsBuilder.java:157)
        at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)
        at org.apache.xerces.parsers.AbstractSAXParser.startElement(Unknown Source)
        at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source)
        at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown Source)
        at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
        at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
        at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
        at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
        at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
        at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
        at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
        at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
        at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
        at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
        at org.apache.axis.client.Call.invoke(Call.java:2767)
        at org.apache.axis.client.Call.invoke(Call.java:2443)
        at org.apache.axis.client.Call.invoke(Call.java:2366)
        at org.apache.axis.client.Call.invoke(Call.java:1812)
        at com.ibm.itim.ws.services.WSItimServiceSoapBindingStub.createAccount(WSItimServiceSoapBindingStub.java:3318)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:615)
        at com.ibm.jscript.types.JavaAccessObject.call(JavaAccessObject.java:220)
        at com.ibm.jscript.types.FBSObject.call(FBSObject.java:129)
        at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:146)
        at com.ibm.jscript.ASTTree.ASTAssign.interpret(ASTAssign.java:98)
        at com.ibm.jscript.ASTTree.ASTProgram.interpretEx(ASTProgram.java:95)
        at com.ibm.jscript.ASTTree.ASTProgram.interpretEx(ASTProgram.java:86)
        at com.ibm.jscript.JSExpression.interpretExpression(JSExpression.java:476)
        at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:324)
        at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:335)
        at com.ibm.jscript.JSInterpreter.interpret(JSInterpreter.java:51)
        at com.ibm.di.script.ScriptEngine.interpret(Unknown Source)
        at com.ibm.di.script.ScriptEngine.interpret(Unknown Source)
        at com.ibm.di.server.ScriptComponent.add1(Unknown Source)
        at com.ibm.di.server.ScriptComponent.add(Unknown Source)
        at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(Unknown Source)
        at com.ibm.di.server.AssemblyLine.executeMainStep(Unknown Source)
        at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source)
        at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source)
        at com.ibm.di.server.AssemblyLine.executeAL(Unknown Source)
        at com.ibm.di.server.AssemblyLine.run(Unknown Source)
        ...
        ...

        08:56:22 CTGDIS100I Printing the Connector statistics.
        08:56:22 test2 (No statistics for script component.)
        08:56:22 CTGDIS104I Total: Errors:2.
        08:56:22 CTGDIS101I Finished printing the Connector statistics.
        08:56:22 CTGDIS077I Failed with error: com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.apps.AuthorizationException:You are not authorized to perform this operation..
        08:56:22 CTGDIS281E Error caused by: com.ibm.jscript.InterpretException: Script interpreter error, line=120, col=23
        Error calling method 'createAccount(com.ibm.itim.ws.model.WSSession, string, [Lcom.ibm.itim.ws.model.WSAttribute;, java.util.GregorianCalendar)' on java class 'com.ibm.itim.ws.services.WSItimServiceSoapBindingStub'.
        08:56:22 CTGDIS078I AssemblyLine AssemblyLines/test failed with error: com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.apps.AuthorizationException:You are not authorized to perform this operation.

        Thank you
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2009-07-19T20:52:48Z  in response to Goda
          If you are using Web Services Wrappers v1.2, the createAccount is a self service operation - the request is for the session holder. The next version of Web Services Wrappers v1.3 allows you to create this for another person by specifying the owner attribute. The version is ready and is going thru licensing before being published.

          For your other question, the error stack shows exactly the error you are getting - "You are not authorized to perform this operation" which means a) You are not authorized to create the account in ITIM or b) You are passing in an attribute on the create account operation that you are not authorized to pass in an API call. (Take out the erparent attribute).

          Girish.
          • Goda
            Goda
            6 Posts
            ACCEPTED ANSWER

            Re: Web Services Wrappers for ITIM API

            ‏2009-07-20T06:01:58Z  in response to gverma
            Please, soon I will need to work on a API for customer and I don't want the case where I cannot do something (like now I can't with createaccount). Let say I decide to go with WS and in the middle I realize, damn I cannot do this with WS, I must switch to JAVA API and start all from begining. No one would like something like that. You said 1.3 will enhance that, great, please will it enhance getDefaultAccountAttributes as well, so we can get info for some other persons account other than session account?
            Don't get me wrong , I really like WS idea, this is great stuff, just great, I was sooo happy when I saw alternative to JAVA API, and so easy to work with but I would really like to know (and I think lot of other folks) when you release 1.3, will there still be things that are crucial for account/person manipulation and that still cannot be done in 1.3. You got the bigger picture, can you name things that in 1.3 would not be possible to do (I'm not talking like you cannot modify workflows with WS and something like that , I'm pointing to "basic" things like createaccount).

            Thank you for your kind support and TIM WS, thank you.
            • gverma
              gverma
              233 Posts
              ACCEPTED ANSWER

              Re: Web Services Wrappers for ITIM API

              ‏2009-07-20T22:59:56Z  in response to Goda
              Goda,

              I have attached the pre release notes of v1.3 to this post. Please go thru and set expectations accordingly.

              1. The documentation of v1.21 you are using clearly states that the API is targeted for self service usage.
              2. v1.3 offers "on behalf of" usage for the existing web services operations (if the underlying ITIM Java API permits it), so that you can submit requests for other persons if you are authorized in ITIM.
              3. Please refrain from using unprofessional descriptions or emotions on this forum. This is a forum for professionals using ITIM Web Services.

              Girish.
      • Goda
        Goda
        6 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-08-04T08:17:16Z  in response to gverma
        Hi again,
        Please do you have information when will 1.3 be out. Next week I need to start working on some integration and really need new create account features. Is there maybe a way to somehow receive beta 1.3 version?

        thank you.
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2009-08-04T23:27:32Z  in response to Goda
          Goda,

          You can have your IBM rep (Sales Engineer or Services person) contact me at gverma@us.ibm.com to see if you can receive a beta version of ITIM Web Services v1.3.

          Girish.
          • Goda
            Goda
            6 Posts
            ACCEPTED ANSWER

            Re: Web Services Wrappers for ITIM API

            ‏2009-08-14T08:30:46Z  in response to gverma
            Girish,
            Please I sent you an email and my sales sent you but still no reply.

            Thank you.
            • gverma
              gverma
              233 Posts
              ACCEPTED ANSWER

              Re: Web Services Wrappers for ITIM API

              ‏2009-08-15T02:09:07Z  in response to Goda
              Goda,

              I am creating a new beta release and will post to your IBM rep in a couple of days.

              Girish.
              • gverma
                gverma
                233 Posts
                ACCEPTED ANSWER

                Re: Web Services Wrappers for ITIM API

                ‏2009-08-18T15:25:16Z  in response to gverma
                Goda,

                Please check with your IBM Tivoli rep Damir Bacalja to obtain the Web Services v1.3 beta for evaluation.

                Girish.
                • SystemAdmin
                  SystemAdmin
                  233 Posts
                  ACCEPTED ANSWER

                  Re: Web Services Wrappers for ITIM API

                  ‏2009-08-19T10:42:49Z  in response to gverma
                  Hi Girish,

                  searchPersonFromRoot method takes really long time to return a result in an almost empty ITIM server (just a few users). It can take up to 40 seconds to return a result.
                  Steping into the code, I can see that this happens when searchPersonFromRoot invokes ITIM Web Service (line 1378 in WSPersonServiceSoapBindingStub).

                  Is there anything one can do to improve response time on ITIM web service side?

                  I ran my tests on an ITIM cluster configuration with 2 nodes. The servers are ok.

                  Thank you.

                  Kind Regards,
                  Vanik
                  • gverma
                    gverma
                    233 Posts
                    ACCEPTED ANSWER

                    Re: Web Services Wrappers for ITIM API

                    ‏2009-08-20T22:30:07Z  in response to SystemAdmin
                    Vanik,

                    The searchPersonsFromRoot operation is a wrapper for an ITIM person search - it does not run any separate queries as part of the web services operation. Look at the filter you are passing in, and check if the attributes are indexed. How many results are you getting back in the query? That part may contribute to the overhead as Java objects are encoded to SOAP to pass over the wire to the client. However, I have not come across other users complaining of a significant performance hit due to serialization/deserialization.

                    Girish.
      • naresh.mistry
        naresh.mistry
        1 Post
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2014-10-30T10:01:08Z  in response to gverma
        Hi Girish,
        We are developing a TDI connector as client to ISIM Web Services. Initially we use the itim_ws_model and itim_ws_client jars to write the ISIM WS wrappers to further develop the connector. But we were  
        getting NullpointerException at WSSessionService.login() method. So we decided to try another approach, to use TDI ComplexTypeGenerator FC to generate individual jar from the ISIM WS wsdl's. These jars, 
        we are using to write ISIM java wrappers. In this approach we got the session but we are getting the exeception "org.xml.sax.SAXException: Invalid element in com.ibm.itim.ws.model.WSAttribute - operation".
        while using WSOrganizationContainerService wsdl to search the container by name "searchContainerByName()". 
        We tried to resolve the issue using wsdl2java option "-w" for TDI ComplexTypeGenerator FC  to get the unwrapped java classes. But still we are facing the same issue. when We investigate the 
        wsdl, the 'operation' field is available in all WSAttribute class but in WSOrganizationContainerService wsdl there is no 'operation' field available in WSAttribute class.
        We tried one more approach,to merge the itim_ws_model jar with jar generated using TDI. But still the issue persist.To overcome this merging problem we tried to use wsdl2java option '-x' 
        to exclude the models namespace while generating the jar using TDI ComplexTypeGenerator FC.But TDI is not supporting the option 'x'. 
        Please let us know if this is a bug in the WSDL. Also please suggest the best approach to invoke ISIM Web Services using TDI.
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2014-10-30T13:05:26Z  in response to naresh.mistry

          Naresh,

          For support on ISIM 6 web services issues or questions, open a regular IBM PMR. Web services are part of the ISIM product starting with ISIM V6.

          Girish.

  • bfellfeworks
    bfellfeworks
    7 Posts
    ACCEPTED ANSWER

    Issue with PersonService:searchPersonsFromRoot()

    ‏2009-07-17T13:13:46Z  in response to gverma
    We have an LDAP class that extends inetOrgPerson and have created a corresponding entity in ITIM to map to this class for the purpose of creating users with custom attributes.

    User creation using PersonService:createPerson() works perfectly, however when I try to query for this user using PersonService:searchPersonsFromRoot() I get no results back. When I change the profileName on the WSPerson object that I am passing to PersonService:createPerson() to 'Person' I am able to get results using PersonService:searchPersonsFromRoot().

    Is there additional setup that needs to be done with the custom entity in ITIM to expose this 'Person' type to searchPersonsFromRoot()? If querying for this custom entity type is not possible using searchPersonsFromRoot() is there a recommended workaround?

    Thanks,
    Brian
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Issue with PersonService:searchPersonsFromRoot()

      ‏2009-07-18T05:09:37Z  in response to bfellfeworks
      Brian,

      Make sure that the session holder has the authority to search the custom person entity. The session holder may have ACIs that allow him to search inetOrgPerson entities but no ACIs to grant visibility to the custom person entity. Can you search this person by logging in as the same user as the WS session holder? Or can the person be found if if you use an adminstrator id to login in web services and then carry out the searchPersonsFromRoot operation?

      Girish.
      • bfellfeworks
        bfellfeworks
        7 Posts
        ACCEPTED ANSWER

        Re: Issue with PersonService:searchPersonsFromRoot()

        ‏2009-07-18T05:22:00Z  in response to gverma
        Girish,

        Thanks for the quick response. In our dev environment, I've used the itim manager account as the session holder during creation and execution of searchPersonsFromRoot and had the same result. When logged into the ITIM console as itim manager I can do a user search to bring back the custom person entity.

        I'm sure its late where you are and I'm not up working on this issue so don't feel like I'm under pressure to get this resolved tonight. As always, thanks for the assistance.

        Brian
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Issue with PersonService:searchPersonsFromRoot()

          ‏2009-07-22T22:20:33Z  in response to bfellfeworks
          Brian,

          I cannot duplicate your issue in my environment - I can search for custom person entities by specifying a valid filter, same as searching for the built in inetOrgPerson entity. As a sanity check - is the LDAP filter valid (I am sure you have checked but just to be sure). Send me the line of code where you make the call to search, may be that will throw up something.

          Girish.
          • bfellfeworks
            bfellfeworks
            7 Posts
            ACCEPTED ANSWER

            Re: Issue with PersonService:searchPersonsFromRoot()

            ‏2009-07-23T00:29:56Z  in response to gverma
            Girish,

            I had an idea about what the issue could be and it looks like it's the case - we built the custom entity based on the "Business Partner Person" type instead of the "Person" type, I rebuilt the entity as a "Person" type and the search worked. There are a few other changes that have been made but I'm fairly confident that this was the issue - does that sound reasonable to you?

            Thanks,
            Brian
            • gverma
              gverma
              233 Posts
              ACCEPTED ANSWER

              Re: Issue with PersonService:searchPersonsFromRoot()

              ‏2009-07-23T01:32:38Z  in response to bfellfeworks
              Brian,

              Yes, your assumption is correct. The searchPersonsFromRoot operation searches for Person category person entities.

              Girish.
  • kkovach
    kkovach
    17 Posts
    ACCEPTED ANSWER

    SPML?

    ‏2009-07-29T21:06:26Z  in response to gverma
    I apologize if this is too far off topic, but I believe it's the most obvious place for me to get some information. I've checked other forums first, but I have yet to find anything useful.

    I have a need to create a SPML web service for synchronizing passwords with ITIM and it's managed resources. I was wondering if anyone else has explored this, and if anyone has any information they can share. Just a general direction/approach for getting from SPML to ITIM. Any links or advice would be appreciated. Thanks.

    • Kevin
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: SPML?

      ‏2009-07-31T15:03:39Z  in response to kkovach
      Kevin,

      Broadly speaking, you can leverage ITDI to act as a SPML PSP wrapped in a web service provider. ITDI provides an SPML parser that you can use to parse the request, and in turn use the ITIM Web Services to communicate with ITIM using ITDI's inbuilt web services componentry. The web services folder has

      Girish.
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: SPML?

        ‏2009-08-03T14:44:25Z  in response to gverma
        Hi Girish,

        It seems like getProcess(WSSession session, long processId) method (in ITIM Web Services WSRequestService class) returns this exception everytime it is called, even for existing processes :

        com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.apps.ApplicationException:CTGIMO020E The transaction is rolled back.
        Detail: org.omg.CORBA.TRANSACTION_ROLLEDBACK: javax.transaction.TransactionRolledbackException: ; nested exception is:
        javax.ejb.EJBException: nested exception is: com.ibm.itim.workflow.model.type.MissingEntity: CTGIMA416E The following process cannot be found in the database.
        Process ID: 7346131241433083904 vmcid: 0x0 minor code: 0 completed: No ; org.omg.CORBA.TRANSACTION_ROLLEDBACK: javax.transaction.TransactionRolledbackException: ; nested exception is:
        javax.ejb.EJBException: nested exception is: com.ibm.itim.workflow.model.type.MissingEntity: CTGIMA416E The following process cannot be found in the database.
        Process ID: 7346131241433083904 vmcid: 0x0 minor code: 0 completed: No
        Do you have an exemple of how to lookup processes from an ITIM process ID?

        Thanks!

        Kind Regards,
        Vanik
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: SPML?

          ‏2009-08-03T18:30:41Z  in response to SystemAdmin
          Vanik,

          Here is a snippet of using the getProcess operation:

          WSRequestService requestService = webServiceFactory.getWSRequestService();
          WSRequest request = requestService.getProcess(session, 7007570781162078110L);
          System.out.println("processid=" + request.getRequestId()+", status: " + request.getStatusString() +
          ", state:" + request.getProcessStateString() + ", processType: " + request.getProcessType()+
          ", processTypeStr: "+request.getProcessTypeString());

          If you are getting a process not found error, you may be passing in an activity id instead of the process id. Where are you sourcing the process id from?

          Girish.
          • SystemAdmin
            SystemAdmin
            233 Posts
            ACCEPTED ANSWER

            Re: SPML?

            ‏2009-08-03T21:23:40Z  in response to gverma
            Hi Girish,

            Thanks for your answer.
            Actually, I'm running my code from within a TDI script component.

            Something like :
            (...)
            myProcessID = new java.lang.long(700757078116207811);
            //myProcessID = 700757078116207811; // this also failed
            requestService = webServiceFactory.getWSRequestService();
            request = requestService.getProcess(session, 700757078116207811);
            (...)

            I get no type mismatch error as far as the processID parameter is concerned when calling getProcess.
            I guess I have to specify the L suffix to my long anyway, I'll do the test tomorrow and tell you the result.

            And yes, I provide a process ID, not an activity ID.

            Thanks.

            Kind Regards,
            Vanik
      • kkovach
        kkovach
        17 Posts
        ACCEPTED ANSWER

        Re: SPML?

        ‏2009-08-05T14:39:27Z  in response to gverma
        Hello Girish,

        Thank you for your response, but it looks like your post might have been cut short? You start to mention a web services folder? Are you talking about ITIM or ITDI? Is there an example specific to SPML?

        There is very little information on the SPML parser in ITDI. If anyone has an example of parsing SPML with ITDI, or can point me to another forum where I might find information on parsing SPML with ITDI that would be appreciated. Thanks.

        • Kevin
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-04T17:41:35Z  in response to gverma
    Hi Girish,
    I was trying to deploy the ITIMWebServices.ear from the v1.3
    beta and I get the following error:
    ncaught exception thrown in one of the service methods of the servlet: AxisServlet. Exception thrown : java.lang.NoClassDefFoundError: com.ibm.itim.apps.ApplicationException

    Any suggestions?
    Thanks,
    Runa
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-04T18:13:44Z  in response to SystemAdmin
      Runa,

      Are you deploying on the WAS that runs ITIM 5.0? This error indicates that the web services app could not find the ITIM jars, or the shared library called WS_ITIM_LIB did not get created properly. Can you use the WAS admin console to check if the shared library called WS_ITIM_LIB was created, and if the ITIMWebServicesEAR has it associated?

      Girish.
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-08-04T20:19:25Z  in response to gverma
        Girish,
        I installed the ear from the ITIM v1.3 beta that you sent yesterday. I am not sure of the ITIM version I have.
  • kkovach
    kkovach
    17 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-11T20:37:06Z  in response to gverma
    Is there a fixpack prerequisite for ITIM 4.6 and the Web Service Wrappers?

    The site http://www-01.ibm.com/software/brandcatalog/portal/opal/details?catalog.label=1TW10IM12 says "4.6.x on any supported platform", but doesn't mention any fixpack level. Thanks.
  • kkovach
    kkovach
    17 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-12T14:37:35Z  in response to gverma
    Hello,

    I just downloaded the Web Services Wrapper for ITIM 4.6 from OPAL and when I unzipped it realized that it only contains a .exe and a docs zip file. Where can I get a version of the Web Services Wrapper for linux/unix for ITIM 4.6? Thanks.

    • Kevin
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-12T14:41:09Z  in response to kkovach
      Kevin,

      Run the exe on your Windows workstation which will extract the artifacts after you accept the license terms. The artifacts contain the EAR file that you can install on your Linux/Unix environment. This is also documented in the Solution and Deployment Guide.

      Girish.
  • kkovach
    kkovach
    17 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-18T13:26:02Z  in response to gverma
    I am currently in the process of developing an ITDI assembly line to use the ITIM Web Services. My first step of course is to login. That seems to be working fine. I get a session from the login with a clientSession and sessionID. Next, I am trying to call the getPrincipalPerson operation. Before doing so, I am calling setSession(session) on the getPrincipalPerson object where session is the session I get from the login.

    This all looks good to me, but when ITDI tries to call the service and deserialize the GetPrincipalPerson object I am getting the following error...

    08:39:53 GetPrincipalPerson CTGDIZ613I About to call web service...
    08:39:54 Exception:
    org.xml.sax.SAXException: SimpleDeserializer encountered a child element, which is NOT expected, in something it was trying to deserialize.
    at org.apache.axis.encoding.ser.SimpleDeserializer.onStartChild(SimpleDeserializer.java:145)
    at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)
    at org.apache.axis.message.SAX2EventRecorder.replay(SAX2EventRecorder.java:165)
    at org.apache.axis.message.MessageElement.publishToHandler(MessageElement.java:1141)
    at org.apache.axis.message.RPCElement.deserialize(RPCElement.java:236)
    at org.apache.axis.message.RPCElement.getParams(RPCElement.java:384)
    at org.apache.axis.client.Call.invoke(Call.java:2467)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at com.ibm.di.fc.webservice.AxisEasyInvokeSoapWS.perform(Unknown Source)
    at com.ibm.di.server.FunctionComponent.callreply(Unknown Source)
    at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(Unknown Source)
    at com.ibm.di.server.AssemblyLine.executeMainStep(Unknown Source)
    at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source)
    at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source)
    at com.ibm.di.server.AssemblyLine.executeAL(Unknown Source)
    at com.ibm.di.server.AssemblyLine.run(Unknown Source)

    I'm not sure what might be in this object that it's not expecting? I've tried creating a new WSSession object and filling it with the values from the session returned from my login as well. That didn't change anything.

    If anyone has any thoughts or ideas that might help it would be appreciated. Thanks.

    Kevin
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-21T13:38:58Z  in response to kkovach
      Kevin,

      Were you able to get your ITDI assembly line working? I cannot go into each client environment and debug issues, but send me your ITDI config and any supporting artifacts and I will take a look and see if something stands out.

      Girish.
    • yn2000
      yn2000
      2 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-10-17T14:45:04Z  in response to kkovach
      Hi Kevin,
      Would you mind sharing some tips on how you configure the ITDI's Assembly Line consuming the 'login' operation?
      I am using ITDI v7's AxisEasyInvokeSoapWS function and getting connection refused error.
      I believe it is caused by the value or syntax that I put in the 'Operation parameters'
      Note: There is no problem with the ITIM Web Services, because RichClient1.21.exe and testClient1.2.1.jar work
      Thanks. YN.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-21T05:46:21Z  in response to gverma
    Recently installed ITIM web service wrapper on ITIM 4.6. Currently getting connection issues while trying to login.
    The testClient jar seems to indicate that the service can't locate the "Properties.properties" file. ITIM admin has verified that the file exist.

    Getting the error below using the WSSessionService.login and WSItimService.login calls

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
    <soapenv:Fault>
    <faultcode>soapenv:Server.userException</faultcode>
    <faultstring>com.ibm.itim.util.EncryptionException: CTGIMO030E An error occurred while retrieving the encryption configuration properties.</faultstring>
    <detail>
    <ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">fl1gt1xtim2.medco.com</ns1:hostname>
    </detail>
    </soapenv:Fault>
    </soapenv:Body>
    </soapenv:Envelope>
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-21T13:34:32Z  in response to SystemAdmin
      rjay,

      It looks like the shared library WS_ITIM_LIB was not properly defined when you installed Web Services. Using the Websphere Admin Console, review the Websphere shared library WS_ITIM_LIB that you defined as part of installing ITIM Web Services for 4.6. The WS_ITIM_LIB shared library for 4.6 installations is described on page 54 of the Solution and Deployment Guide. The last line in the shared library definition should be ${ITIM_HOME}/data and you should insert a blank line after it as documented. Save the Websphere configuration after making any changes and restart the ITIMWebServicesEAR application.

      If you use ITIM 5.0 the creation of the shared library WS_ITIM_LIB is automated as part of the installation.

      Girish.
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-08-21T14:35:49Z  in response to gverma
        I have setup the WS_ITIM_LIB shared library again and receiving the same response from soapUI web service request.
        ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/itim_api.jar
        ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/itim_server.jar
        ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/app_ejb.jar
        ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/api_ejb.jar
        ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/jlog.jar
        ${ITIM_HOME}/lib/jffdc.jar
        ${ITIM_HOME}/lib/enroleagent.jar
        ${ITIM_HOME}/data
        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <soapenv:Body>
        <soapenv:Fault>
        <faultcode>soapenv:Server.userException</faultcode>
        <faultstring>com.ibm.itim.util.EncryptionException: CTGIMO030E An error occurred while retrieving the encryption configuration properties.</faultstring>
        <detail>
        <ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">fl1gt1xtim2.medco.com</ns1:hostname>
        </detail>
        </soapenv:Fault>
        </soapenv:Body>
        </soapenv:Envelope>
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-21T15:33:56Z  in response to gverma
    I reconfigured the WS_ITIM_LIB once again, but getting the same soapUI message.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
    <soapenv:Fault>
    <faultcode>soapenv:Server.userException</faultcode>
    <faultstring>com.ibm.itim.util.EncryptionException: CTGIMO030E An error occurred while retrieving the encryption configuration properties.</faultstring>
    <detail>
    <ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">fl1gt1xtim2.medco.com</ns1:hostname>
    </detail>
    </soapenv:Fault>
    </soapenv:Body>
    </soapenv:Envelope>


    Also, ran the testClientjar connection test and received the output below:

    Trying connection to ITIMWebServices
    Aug 21, 2009 10:42:12 AM org.apache.axis.utils.JavaUtils is AttachmentSupported
    WARNING: Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MemeMultipart). Attachment support is disabled.
    Communicaiton successful, the ITIM Web Services Wrapper version is 1.21
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: com.ibm.itim.ws.exceptions.WSApplicationException: java.io.FileNotFoundException: Properites.properties
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-21T15:55:27Z  in response to SystemAdmin
      rjay,

      There is something wrong in your ITIM configuration - look at the spelling of the properties file in the below trace:

      faultString: com.ibm.itim.ws.exceptions.WSApplicationException: java.io.FileNotFoundException: Properites.properties

      ITIM Web Services does not directly specify the ITIM properties file names, it uses the ITIM API which reads the ITIM properties files. What are the contents of your web services WSProperties.properties file, and your itimConnection.properties files? Send me those at gverma@us.ibm.com

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-21T16:03:06Z  in response to gverma
    gverma,
    I typed the output, sorry for the misstype.

    Trying connection to ITIMWebServices
    Aug 21, 2009 10:42:12 AM org.apache.axis.utils.JavaUtils is AttachmentSupported
    WARNING: Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MemeMultipart). Attachment support is disabled.
    Communicaiton successful, the ITIM Web Services Wrapper version is 1.21
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: com.ibm.itim.ws.exceptions.WSApplicationException: java.io.FileNotFoundException: Properties.properties
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-21T16:34:55Z  in response to gverma
    gverma,
    Here's the complete output from the testClientjar connection test.
    I'm waiting for the ITIM admin to edit the file by changing from 1.2.1 to 1.21.
    This was done yesterday after the initial install, but didn't seem to help.

    C:\Documents and Settings\p654rj\My Documents\Downloads>java -jar testclient121.
    jar http://fl1gt1xtim2.medco.com:9080 p654rj xxxx
    Trying connection to ITIMWebServices
    Aug 21, 2009 12:24:38 PM org.apache.axis.utils.JavaUtils isAttachmentSupported
    WARNING: Unable to find required classes (javax.activation.DataHandler and javax
    .mail.internet.MimeMultipart). Attachment support is disabled.
    Please edit the webservice.properties file and change the webServices.version fr
    om 1.2.1 to 1.21, then restart Websphere
    See IBM Tivoli Enablement Tools Forum thread at http://www-128.ibm.com/developer
    works/forums/thread.jspa?threadID=232419&tstart=0 for details
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: com.ibm.itim.ws.exceptions.WSApplicationException: java.io.FileNot
    FoundException: Properties.properties
    faultActor:
    faultNode:
    faultDetail:
    {http://services.ws.itim.ibm.com}fault:null
    {http://xml.apache.org/axis/}hostname:fl1gt1xtim2.medco.com

    com.ibm.itim.ws.exceptions.WSApplicationException: java.io.FileNotFoundException
    : Properties.properties
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Sou
    rce)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at java.lang.Class.newInstance0(Unknown Source)
    at java.lang.Class.newInstance(Unknown Source)
    at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer
    .java:104)
    at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer
    .java:90)
    at com.ibm.itim.ws.exceptions.WSApplicationException.getDeserializer(WSA
    pplicationException.java:76)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.axis.encoding.ser.BaseDeserializerFactory.getSpecialized(B
    aseDeserializerFactory.java:154)
    at org.apache.axis.encoding.ser.BaseDeserializerFactory.getDeserializerA
    s(BaseDeserializerFactory.java:84)
    at org.apache.axis.encoding.DeserializationContext.getDeserializer(Deser
    ializationContext.java:464)
    at org.apache.axis.encoding.DeserializationContext.getDeserializerForTyp
    e(DeserializationContext.java:547)
    at org.apache.axis.message.SOAPFaultDetailsBuilder.onStartChild(SOAPFaul
    tDetailsBuilder.java:157)
    at org.apache.axis.encoding.DeserializationContext.startElement(Deserial
    izationContext.java:1035)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startEle
    ment(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.
    emptyElement(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scan
    StartElement(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImp
    l$FragmentContentDriver.next(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(U
    nknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next
    (Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImp
    l.scanDocument(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(U
    nknown Source)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(U
    nknown Source)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown So
    urce)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Un
    known Source)
    at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.p
    arse(Unknown Source)
    at javax.xml.parsers.SAXParser.parse(Unknown Source)
    at org.apache.axis.encoding.DeserializationContext.parse(Deserialization
    Context.java:227)
    at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
    at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
    at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnders
    tandChecker.java:62)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:2443)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at com.ibm.itim.ws.services.WSSessionServiceSoapBindingStub.getItimVersi
    on(WSSessionServiceSoapBindingStub.java:478)
    at com.ibm.itim.ws.test.TestClient.main(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at com.simontuffs.onejar.Boot.run(Boot.java:306)
    at com.simontuffs.onejar.Boot.main(Boot.java:159)

    C:\Documents and Settings\p654rj\My Documents\Downloads>
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-21T16:49:17Z  in response to SystemAdmin
      rjay,

      It definitely looks like the ITIM artifacts are not associated with the web service application's classpath. Double check (thru WAS Admin Console) that the WS_ITIM_LIB shared library is associated with ITIMWebServicesEAR application. See page 56 onwards in the Solution and Deployment Guide for details. If it does not work, there is probably something wrong in the definition/association. If necessary, redo the shared library definition and re associate with ITIMWebServicesEAR, and restart WAS.

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-21T18:45:57Z  in response to gverma
    gverma,
    I have verified that the *.ear file is associated with the shared library WS_ITIM_LIB.

    I have also verified the entries for the shared lib.
    ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/itim_api.jar
    ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/itim_server.jar
    ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/app_ejb.jar
    ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/api_ejb.jar
    ${APP_INSTALL_ROOT}/fl1gt1xtim2/enRole.ear/jlog.jar
    ${ITIM_HOME}/lib/jffdc.jar
    ${ITIM_HOME}/lib/enroleagent.jar
    ${ITIM_HOME}/data

    Isn't there some specific logging that can help identify/correct this issue. I have spent the past day trying to setup this service and no successful connections as of yet.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-21T18:55:16Z  in response to SystemAdmin
      rjay,

      Why don't you contact me at gverma@us.ibm.com and send me contact info.

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-24T20:35:31Z  in response to gverma
    gverma,
    I'm trying to identify why the ITIM web service connection isn't working properly.
    What should be the "status" for the enrole application? It is currently showing "Unavailable".
    The testClient jar test shows the "Properties.properties" file not found.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-24T21:58:41Z  in response to SystemAdmin
      rjay,

      The enrole application is the ITIM application and it should be running so that ITIM Web Services can communicate with it.

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-27T17:53:36Z  in response to gverma
    gverma,
    We finally got the 1.21 web services working on the ITIM 4.6. The app server was running on port 9082 not 9080.
    The express GUI also indicated that the server wasn't running when it actually was up and running.

    I need the web service to change passwords and restore accounts that have been locked out. Any assist would be helpful.

    I have tried several web service calls after logging in and getting the sessionID and receiving the error below.
    Can you suggest how to resolve this issue?

    WSItimService.getPrincipalPerson
    Request:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.ws.itim.ibm.com" xmlns:mod="http://model.ws.itim.ibm.com">
    <soapenv:Header/>
    <soapenv:Body>
    <ser:getPrincipalPerson>
    <ser:session>
    <mod:sessionID>2433458910389769090</mod:sessionID>
    </ser:session>
    </ser:getPrincipalPerson>
    </soapenv:Body>
    </soapenv:Envelope>

    Response:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
    <soapenv:Fault>
    <faultcode>soapenv:Server.userException</faultcode>
    <faultstring>com.ibm.itim.ws.exceptions.WSInvalidSessionException: getSubjectFromSession(): Invalid authentication info supplied by client when using stateless method, null</faultstring>
    <detail>
    <ns1:fault3 xmlns:ns1="http://services.ws.itim.ibm.com"/>
    <ns2:hostname xmlns:ns2="http://xml.apache.org/axis/">fl1gt1xtim2.medco.com</ns2:hostname>
    </detail>
    </soapenv:Fault>
    </soapenv:Body>
    </soapenv:Envelope>
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-27T18:49:36Z  in response to SystemAdmin
      rjay,

      It looks like the web service server is setup for stateless communication but the client is passing in a session id. Change the state saving mechanism to "server" on the web service server. This is done by changing the webservice.properties - change the following property:

      webServices.stateSavingMechanism=server

      See section 5.2.2 of the Solution and Deployment Guide for details on how to do this.

      Girish.
    • CRUJ_Chris_Easterberg
      1 Post
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2011-06-22T17:03:41Z  in response to SystemAdmin
      As far as the issue:

      WARNING: Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MemeMultipart). Attachment support is disabled.
      Communication successful, the ITIM Web Services Wrapper version is 1.31 (In my case)
      AxisFault
      faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
      faultSubcode:
      faultString: com.ibm.itim.ws.exceptions.WSApplicationException: java.io.FileNotFoundException: Properties.properties.

      For me, the core issue was that ${ITIM_HOME}/data was not in my classpath (windows 2008 R2). The only way I could resolve it was by going into the JVM section under "Process Definition" for the application and adding ${ITIM_HOME}/data to the classpath.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-08-28T19:49:14Z  in response to gverma
    gverma,
    Thanks for the recent assist on troubleshooting the ITIM web services wrapper.

    Can you tell me where I can find references on the exact entries to:
    1. Reset ITIM passwords on Active Directory and RACF systems accounts?
    2. Restore accounts on Active Directory and RACF systems accounts?
    3. Lookup user IDs on Active Directory and RACF systems accounts?

    Were's using ITIM 4.6 and ITIM Web Service Wrapper 1.21. We're using soapUI 3.0 to test the web services.
    I have located the calls below and hope that can fulfull our requirements.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.ws.itim.ibm.com" xmlns:mod="http://model.ws.itim.ibm.com">
    <soapenv:Header/>
    <soapenv:Body>
    <ser:changePassword>*
    <ser:session>
    <mod:clientSession>XXXX</mod:clientSession>
    <mod:enforceChallengeResponse>XXXX</mod:enforceChallengeResponse>
    <mod:sessionID>XXXX</mod:sessionID>
    </ser:session>
    <!--1 or more repetitions:-->
    <ser:accountDNs>XXXX</ser:accountDNs>
    <ser:newPassword>XXXX</ser:newPassword>
    </ser:changePassword>
    </soapenv:Body>
    </soapenv:Envelope>

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.ws.itim.ibm.com" xmlns:mod="http://model.ws.itim.ibm.com">
    <soapenv:Header/>
    <soapenv:Body>
    * <ser:restoreAccount>*
    <ser:session>
    <mod:clientSession>XXXX</mod:clientSession>
    <mod:enforceChallengeResponse>XXXX</mod:enforceChallengeResponse>
    <mod:sessionID>XXXX</mod:sessionID>
    </ser:session>
    <ser:accountDN>XXXX</ser:accountDN>
    <ser:newPassword>XXXX</ser:newPassword>
    <ser:date>XXXX</ser:date>
    </ser:restoreAccount>
    </soapenv:Body>
    </soapenv:Envelope>
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-08-28T22:21:30Z  in response to SystemAdmin
      rjay,

      You would use the web services API like any other programmatic ITIM API. To change passwords on an account the WPasswordService provides the changePassword operation. To restore accounts, the WSAccountService provides the restoreAccount operation. To search for accounts the WSAccountService provides the searchAccounts operation. (To search for accounts on a service, you would set the search filter to (erservice=+serviceDN+). You can compound the filter as long as it is a valid LDAP filter). If you already have the person for whom you want to look up accounts, you can use the WSPersonService's getAccountsByOwner. A new operation getFilteredAccountsByOwner actually lets you use the service name in the filter.

      Some of the references to methods above may be for the v 1.30 release which is in a final beta but has not been released on OPAL. Please contact your IBM rep if you wish to participate in the v1.30 Beta.

      Girish.
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-09-01T09:57:02Z  in response to gverma
        Hi Girish,

        Great work and updates since I last played with 1.00.

        When will v1.30 of the WS Wrapper be released onto OPAL, is it still in beta?
        As I noticed there are problems with the RichClient packaged with 1.2.1.

        Mainly due to the included admin APIs that have been included and also an updated RichClient and deployment pdf.

        Is it possible to get a copy of 1.30?
        Thanks,
        Dave.
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2009-09-02T17:07:24Z  in response to SystemAdmin
          Dave,

          Unfortunately there was a packaging issue with the Rich Client application in v1.2.1. I do have have the correct version of the Rich Client available. You can ask your IBM rep (services/sales) to contact me at gverma@us.ibm.com and I will give them the way to download it.

          If you wish to participate in the 1.30 Beta, please ask your IBM rep to contact me.

          Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-09-01T17:27:37Z  in response to gverma
    gverma,
    The ITIM admin have reported noticeable slow downs on the system since the ITIM web wrapper 1.21 installation.
    Also, they believe possible memory leaks are occurring on the Linux system.
    What are the system configuration and minimum requirements to host this service?
    What can be done to monitor and control the resource use of this service?
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-09-02T17:20:49Z  in response to SystemAdmin
      rjay,

      The web services application is a wrapper around the ITIM Java API, so it does not perform any business logic, or any other work when it is not being called. Its processing consists of unwrapping web services requests, calling the corresponding Java API, and repackaging the results. When it is not being called, it is not performing any "heartbeat" driven processing.

      It does maintain state as session information on the server and you can cut down on that overhead as well as by switching the state saving mechanism to client.

      The minimum requirements to host the application are the same as that of the ITIM application.

      The application is deployed as a standard EAR into Websphere and can be monitored using Websphere's Monitoring and Tuning facilities provided in the WAS Admin Console.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-09-02T19:27:55Z  in response to gverma
    gverma,
    Where can I get access to the ITIM API files? Is there a download site?
    We had a meeting this morning with the IBM representatives to discuss our project and the availability of ITIM web wrapper 1.3. The tentative decision is to use the ITIM API to implement our project requirements.
    Thanks for the update.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-09-03T13:42:41Z  in response to SystemAdmin
      rjay,

      The ITIM Java API is exposed by and documented in the product, it is not a separate download. Contact IBM Support if you need more information.

      WS v1.3 is awaiting licenses for release. If you would like to participate in the WS v1.3 beta, ask your IBM rep to contact me at gverma@us.ibm.com.

      Girish.
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-09-03T17:24:45Z  in response to gverma
        gverma,
        We had a meeting yesterday at 1:00pm with IBM Thomas Hannan and Brian Matthie. We requested an early release of the ITIM Web Service Wrapper 1.3 product, but were told it wouldn't be available for several weeks.

        They also stated that the product isn't IBM supported, which will be a major factor in product development/support going forward. We need IBM support and were told the ITIM API is supported by IBM. Which seems ironic, since I believe the ITIM web wrapper 1.3 is actually the ITIM API with a web service wrapper.

        One other question, can the ITIM web service wrapper 1.3 reset passwords and unlock accounts on users that are not provisioned in ITIM using a single admin type user login? These users only have accounts on the host Active Directory or RACF systems and not in ITIM?

        Thanks for all the assistance that you've provided on this project.
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2009-09-03T21:50:12Z  in response to SystemAdmin
          rjay,

          ITIM Web Services wrappers are wrappers around the ITIM API and provide a web services transport to make calls similar to the ITIM API. Like the API, they only talk to ITIM, not to the end points directly.

          Girish.
  • anishIsOptimusPrime
    anishIsOptimusPrime
    4 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-09-05T04:25:45Z  in response to gverma
    Hi,

    I'm trying to deprovision accounts using the following call on ITIM 4.6 FP33 -

    WSRequest request = accountService.deprovisionAccount(session, account.getItimDN(), calendar);

    I can see the request being submitted but get "0" as request Status, "I" as ProcessState and "Not Started" as ProcessStateString.
    The calendar gets the immediate system timestamp and I can see it being converted successfully in TimeScheduled field ? The account still stays active under TIM, are there any examples (other than the ones listed in the doc) and expected results incase I'm doing something wrong.

    Thanks.
    • Anish
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-09-05T04:42:03Z  in response to anishIsOptimusPrime
      anish...

      Based on your post, the web service is submitting the request successfully to ITIM. ITIM is not executing the request (is the adapter responding, or are the queues overloaded with other requests?). Do you get the same behaviour if you submit the request thru the ITIM UI for the same account with the same login credential? This may be something for your ITIM admins to follow up.

      Girish.
  • anishIsOptimusPrime
    anishIsOptimusPrime
    4 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-09-05T06:44:47Z  in response to gverma
    Girish,

    You're right, the adpaters weren't responding. Thanks for the quick response!

    • Anish
  • anishIsOptimusPrime
    anishIsOptimusPrime
    4 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-09-07T04:30:25Z  in response to gverma
    Hi Girish,

    I'm trying to deprovision an account attribute by using the following call

    modifyAccount(session, accountDN, attributes[], calendar)

    where attributes is an array of type WSAttribute and consists of those account objects that I would want to revoke. On doing so, I get the following error response from TIM (listUsers is my main class where I'm calling the webservice api) -
    21:25:32,010 ERROR listUsers(main) com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.apps.SchemaViolationException:CTGIMS002E At least one attribute violates the schema.

    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.apps.SchemaViolationException:CTGIMS002E At least one attribute violates the schema.
    faultActor:
    faultNode:
    faultDetail:
    {http://services.ws.itim.ibm.com}fault1:null
    {http://xml.apache.org/axis/}hostname:itimserver

    com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.apps.SchemaViolationException:CTGIMS002E At least one attribute violates the schema.
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
    at java.lang.Class.newInstance0(Class.java:350)
    at java.lang.Class.newInstance(Class.java:303)
    at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:104)
    at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:90)
    at com.ibm.itim.ws.exceptions.WSApplicationException.getDeserializer(WSApplicationException.java:76)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at org.apache.axis.encoding.ser.BaseDeserializerFactory.getSpecialized(BaseDeserializerFactory.java:154)
    at org.apache.axis.encoding.ser.BaseDeserializerFactory.getDeserializerAs(BaseDeserializerFactory.java:84)
    at org.apache.axis.encoding.DeserializationContext.getDeserializer(DeserializationContext.java:464)
    at org.apache.axis.encoding.DeserializationContext.getDeserializerForType(DeserializationContext.java:547)
    at org.apache.axis.message.SOAPFaultDetailsBuilder.onStartChild(SOAPFaultDetailsBuilder.java:157)
    at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:533)
    at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:220)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:322)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1693)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368)
    21:25:32,014 INFO listUsers(main) Exiting application...
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1242)
    at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
    at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
    at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
    at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
    at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:2443)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at com.ibm.itim.ws.services.WSAccountServiceSoapBindingStub.modifyAccount(WSAccountServiceSoapBindingStub.java:657)
    at listUsers.main(listUsers.java:206)

    I don't understand what is that I'm doing wrong ? Isn't attributes[] supposed to contain list of account objects to be deprovisioned ?
    Thanks.

    • Anish
  • anishIsOptimusPrime
    anishIsOptimusPrime
    4 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-09-07T04:39:24Z  in response to gverma
    Girish,

    Is there a way I can alter the attributes, lets say remove an attribute from a user's account. If yes, could you post a snippet of the process, it'd be very helpful.

    Thanks.
    Anish
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-09-08T14:01:10Z  in response to anishIsOptimusPrime
      Anish,

      The LDAP schema violation you reported earlier is caused if you don't supply the mandatory attributes of an objectclass.

      Other users had also reported issues in trying to remove attributes from a data object. This has been fixed in v1.3 of the web services. The beta was released in April '09 and it is awaiting IBM Licensing for release on OPAL. Let me know if you want to participate in the beta by having your IBM rep (Sales or Services) send me an email at gverma@us.ibm.com.

      Girish.
      • gverma
        gverma
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-09-10T03:07:49Z  in response to gverma
        Anish,

        Further to my eralier post, have you tried to remove attributes from an account using the modifyAccount operation, and passing in the attribute with null values (to remove it from the account)?

        Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-09-09T15:46:32Z  in response to gverma
    gverma,
    We have spent development time and hours researching TDI, ITIM web wrapper 1.2 and currently ITIM API.
    The IBM representative recommended using the ITIM API because it is a supported product.
    I can't find any documentation or examples on how to use TDI with the ITIM API.
    We are trying to reset passwords and unlock accounts on the system.

    Examples are scarce or non existent.
    Could you please provide information on this topic or a source with examples to get our project started?

    Thanks
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-09-10T03:04:53Z  in response to SystemAdmin
      rjay,

      This is an Enablement forum specifically to share ideas and support ITIM Web Services to communicate with ITIM, including from ITDI. Contact IBM support directy for questions regarding the ITIM API and how to use it from ITDI. The ITIM API is a Java API that requires app server and ITIM artifacts on a client that needs to connect to ITIM. You will find general examples in the ITIM_HOME directory of your installation, inside the extensions folder.

      Girish.
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-09-21T18:15:11Z  in response to gverma
    Hi Girish,

    I am using ITIM websphere 6.1.0.23 and ITIM 5.0 FP 5. Websphere app server is deployed to run ITIM app as a cluster configuration with 1 node. I have dounloaded webservices.ear 1.2.1 and installed it as an enterprise application. I have ssl configured for my ITIM server i.e. we are using https://servername/itim/console as the URL for ITIM. However when I use https://servername/ITIMWebServices/services/WSSessionService, I am getting a http 404 error. Please let me know if I need to make any addtional changes in the WEB services configuration like wsdl file etc in order for it to work with SSL. Note I am not able to use webservices with or without https. Please suggest.

    Also I saw the following warnings in the SysOut.log

    9/18/09 15:26:22:773 EDT] 00000030 ArchiveDeploy W ADMA0091E: The resource WEB-INF/ibm-web-bnd.xmi that is defined in URI WEB-INF/ibm-web-bnd.xmi for module passwordsynch_web.war is not valid. The resource has a cross reference org.eclipse.jst.j2ee.webapplication.internal.impl.WebAppImpl@221a221a (eProxyURI: WEB-INF/web.xml#WebApp_ID) that cannot be resolved.
    9/18/09 15:26:22:775 EDT 00000030 ArchiveDeploy W ADMA0091E: The resource WEB-INF/ibm-web-bnd.xmi that is defined in URI WEB-INF/ibm-web-bnd.xmi for module app_web.war is not valid. The resource has a cross reference org.eclipse.jst.j2ee.webapplication.internal.impl.WebAppImpl@33f833f8 (eProxyURI: WEB-INF/web.xml#WebApp_ID) that cannot be resolved.
    9/18/09 15:26:22:813 EDT 00000030 ArchiveDeploy W ADMA0091E: The resource WEB-INF/ibm-web-ext.xmi that is defined in URI WEB-INF/ibm-web-ext.xmi for module passwordsynch_web.war is not valid. The resource has a cross reference org.eclipse.jst.j2ee.webapplication.internal.impl.WebAppImpl@12531253 (eProxyURI: WEB-INF/web.xml#WebApp_ID) that cannot be resolved.
    9/18/09 15:26:22:819 EDT 00000030 ArchiveDeploy W ADMA0091E: The resource WEB-INF/ibm-web-ext.xmi that is defined in URI WEB-INF/ibm-web-ext.xmi for module app_web.war is not valid. The resource has a cross reference org.eclipse.jst.j2ee.webapplication.internal.impl.WebAppImpl@26bf26bf (eProxyURI: WEB-INF/web.xml#WebApp_ID) that cannot be resolved.
    [
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-09-21T21:51:43Z  in response to SystemAdmin
      To ITIMWEBSERVICE,

      The errors you listed do not pertain to ITIM Web Services but to the ITIM application itself.

      No, you do not need to make changes to the WSDL or the application to make it work with SSL. The transport is provided by the application server (WAS), not the application. Check in your WAS Admin Console if the ITIMWebServicesEAR application is started. Check what is the default SSL port being used by WAS, since your front end HTTP server may not be configured with the WAS plugin after you installed WS. If for example your default WAS SSL port is 9443, try:

      https://servername:9443/ITIMWebServices/services/WSSessionService

      Girish.
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2009-09-22T16:53:40Z  in response to gverma
        Thanks Girish.

        The ports 9080 and 9443 are blocked for direct use and hence the URL you suggested didnt work either. Do I need to do any additional configuration in the http server component to make the web services work?

        Also in the deployment guide, it is mentioned:
        If you are installing on a Websphere configuration with multiple server instances, make sure that ITIMWebServices module is mapped to the same server instance as ITIM. This is especially relevant for clustered installations. This action should be carried out in the step titled “Map modules to servers”.

        We have ITIM deployed in the clustered mode with single node so that in future we can easily add the additional nodes. NOw when I isntall the ITIMWebServicesEAR as the enterprise application, should I see both ITIMcluster and http component under it?
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-09-24T09:42:18Z  in response to gverma
    HI all
    I am new for using ITIM webservice Now I try create person with code in example 6.2
    combine with testconnection code that provide
    So I use itim manager to create person
    this is a code
    WSOrganizationalContainerService containerService = webServiceFactory.getWSOrganizationalContainerService();
    WSPersonService personService2 = webServiceFactory.getWSPersonService();
    String containerProfile = WSObjectCategoryConstants.ORGUNIT;
    String containerName = "Audit Department";
    WSOrganizationalContainer[] wsContainers = containerService.searchContainerByName(session, null, containerProfile, containerName);
    if (wsContainers != null && wsContainers.length > 0)
    {
    System.out.println("Found "+ wsContainers.length " containers for " containerName);
    WSOrganizationalContainer parentContainer = wsContainers[0];
    WSPerson wsPerson = new WSPerson();
    Collection attrList = new ArrayList();
    wsPerson.setProfileName("BAYPerson");
    WSAttribute wsAttr = new WSAttribute("BAY",new String[]{"888888"});
    attrList.add(wsAttr);
    wsAttr = new WSAttribute("cn",new String[]{"SuperMan"});
    attrList.add(wsAttr);
    wsAttr = new WSAttribute("sn",new String[]{"Man"});
    attrList.add(wsAttr);
    WSAttribute] wsAttrs = (WSAttribute[)attrList.toArray(new WSAttributehttp://attrList.size());
    wsPerson.setAttributes(wsAttrs);
    Calendar calendar = Calendar.getInstance();
    calendar.setTime(new Date());
    WSRequest request = personService.createPerson(session, parentContainer, wsPerson, calendar);
    System.out.println("Submitted person create request id = "+ request.getRequestId());
    But the error say
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
    faultSubcode:
    faultString: com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.ws.services.WSPersonService.createPerson() () Error in creating person: com.ibm.itim.apps.AuthorizationException:You are not authorized to perform this operation.
    faultActor:
    faultNode:
    faultDetail:
    {http://services.ws.itim.ibm.com}fault1:null
    {http://xml.apache.org/axis/}hostname:bayidm-dev

    com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.ws.services.WSPersonService.createPerson() () Error in creating person: com.ibm.itim.apps.AuthorizationException:You are not authorized to perform this operation.
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
    at java.lang.Class.newInstance0(Class.java:355)
    at java.lang.Class.newInstance(Class.java:308)
    at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:104)
    at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:90)
    at com.ibm.itim.ws.exceptions.WSApplicationException.getDeserializer(WSApplicationException.java:76)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.axis.encoding.ser.BaseDeserializerFactory.getSpecialized(BaseDeserializerFactory.java:154)
    at org.apache.axis.encoding.ser.BaseDeserializerFactory.getDeserializerAs(BaseDeserializerFactory.java:84)
    at org.apache.axis.encoding.DeserializationContext.getDeserializer(DeserializationContext.java:464)
    at org.apache.axis.encoding.DeserializationContext.getDeserializerForType(DeserializationContext.java:547)
    at org.apache.axis.message.SOAPFaultDetailsBuilder.onStartChild(SOAPFaultDetailsBuilder.java:157)
    at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:501)
    at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:179)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:377)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2747)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
    at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
    at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
    at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
    at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
    at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
    at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:2443)
    at org.apache.axis.client.Call.invoke(Call.java:2366)
    at org.apache.axis.client.Call.invoke(Call.java:1812)
    at com.ibm.itim.ws.services.WSPersonServiceSoapBindingStub.createPerson(WSPersonServiceSoapBindingStub.java:799)
    at com.ibm.test.HelloWorld.main(HelloWorld.java:89)
    Anyone Please help
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-10-06T14:01:44Z  in response to SystemAdmin
      Athit,

      Are you sure that you are a) Using the session from the itim manager login and b) Passing in all the attributes necessary for the custom person entity?

      Girish.
  • girishS
    girishS
    12 Posts
    ACCEPTED ANSWER

    challenge/response questions and Locale bug

    ‏2009-10-06T17:04:58Z  in response to gverma
    I have seen on this forum that there is a bug in ITIM web services which does not handle challenge/response correctly if they are setup with "Any locale" in ITIM.

    I am running into this issue. We are running ITIM 5.0 FP5 and the challenge/response is setup using "any locale". The ITIM web services API for "forgot password" functionality gives "login error" when calling lostPasswordLoginResetPassword.

    I believe this is related to the "locale" bug.

    Changing the "any locale" to "English" in ITIM is a big deal, as I have 130,000 users in my system and all of them will be asked to re-enter their challenge/response questions next time they login ( when I switch the locale to English).

    When can we expect the 1.3 release of the ITIM web services wrappers?

    Thanks.
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: challenge/response questions and Locale bug

      ‏2009-10-06T17:54:11Z  in response to girishS
      This is not related to the bug you mention. The bug you mentioned is not in ITIM Web Services but is a behaviour of the ITIM API. That behaviour is that challenge questions may not be returned if you don't specify the correct locale. What you describe is a login error you encounter when you try to login with challenges and responses using a lostPasswordResetPassword operation.

      Web services 1.3 is ready but waiting for OPAL release. Have your IBM rep (Sales or Services) contact me at gverma@us.ibm.com if you want an early release copy.
      • girishS
        girishS
        12 Posts
        ACCEPTED ANSWER

        Re: challenge/response questions and Locale bug

        ‏2009-10-07T12:40:13Z  in response to gverma
        Thank you Girish for a quick reply.

        If this is not related to the bug, how can I get around the "login error".

        I will contact my sales rep any way to get the copy of ITIM web service wrappers 1.3.

        My code is:
        
        
        
        private 
        
        static 
        
        void challengeResp(String serverAddress, String userid, String password)
        { ITIMWebServiceFactory webServiceFactory =
        
        null; WSSession session = 
        
        null; WSPersonService personService = 
        
        null; 
        
        try 
        { System.out.println(
        "Trying connection to ITIMWebServices"); webServiceFactory = 
        
        new ITIMWebServiceFactory(serverAddress); WSSessionService manager = webServiceFactory.getWSSessionService(); String wrk_userid=
        "smithg2100"; Collection criList = 
        
        new ArrayList(); 
        // List to hold each challenge and response info. String[] challenges = manager.getChallengeQuestions(wrk_userid); 
        
        for (
        
        int i = 0; i < challenges.length; i++) 
        { WSChallengeResponseInfo cri = 
        
        new WSChallengeResponseInfo(); cri.setQuestion(challenges[i]); System.out.println(cri.getQuestion()); 
        // At this point, this example assumes that the answer is available in string variable 
        // “answer” thru user interaction. cri.setAnswer(
        "a"); criList.add(cri); 
        } WSChallengeResponseInfo[] crInfos = (WSChallengeResponseInfo[]) criList.toArray(
        
        new WSChallengeResponseInfo[criList.size()]); 
        //WSSession session = sessionService.lostPasswordLoginDirectEntry(userid, crInfos); 
        // Depending on what challenge response behavior is needed, the client can opt to reset the ITIM  
        // service password instead of direct login via Challenge Response. Uncomment the below line (and  
        // comment the above statement to get this behavior String requestId = manager.lostPasswordLoginResetPassword(wrk_userid, crInfos); 
        } 
        
        catch (WSInvalidLoginException e) 
        { e.printStackTrace(); 
        } 
        
        catch (WSLoginServiceException e) 
        { e.printStackTrace(); 
        } 
        
        catch (RemoteException e) 
        { e.printStackTrace(); 
        } 
        
        catch (IllegalArgumentException e) 
        { e.printStackTrace(); 
        } 
        
        catch (MalformedURLException e) 
        { e.printStackTrace(); 
        } 
        
        catch (ServiceException e) 
        { e.printStackTrace(); 
        } 
        }
        
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: challenge/response questions and Locale bug

          ‏2009-10-07T13:32:50Z  in response to girishS
          girishS,

          Once you obtain v1.3 via your IBM rep Install V1.3, install it and please post back if the error recurs.

          Girish.
          • girishS
            girishS
            12 Posts
            ACCEPTED ANSWER

            Re: challenge/response questions and Locale bug

            ‏2009-10-19T20:15:19Z  in response to gverma
            Hi Girish V,

            I got the ITIM web services code 1.3 and installed it. I am running ITIM 5.0 fp7.

            Things are worse than befoe ( version 1.21). The login method is now failing.

            
            ITIMWebServiceFactory webServiceFactory =
            
            null; WSSession session = 
            
            null; WSPersonService personService = 
            
            null; 
            
            try 
            { System.out.println(
            "Trying connection to ITIMWebServices"); webServiceFactory = 
            
            new ITIMWebServiceFactory(serverAddress); WSSessionService manager = webServiceFactory.getWSSessionService(); 
            
            try 
            { 
            
            float wsVersion = manager.getWebServicesVersion(); System.out.println(
            "Communication successful, the ITIM Web Services Wrapper version is " + manager.getWebServicesVersion()); 
            } 
            
            catch (Exception e) 
            { System.out.println(
            "Please edit the webservice.properties file and change the webServices.version from 1.2.1 to 1.21, then restart Websphere"); System.out.println(
            "See IBM Tivoli Enablement Tools Forum thread at http://www-128.ibm.com/developerworks/forums/thread.jspa?threadID=232419&tstart=0 for details"); 
            } System.out.println(
            "The ITIM version is " + manager.getItimVersion()); System.out.println(
            "Trying authentication for user " + userid); session = manager.login(userid, password); System.out.println(
            "User id " + userid + 
            " logged in succesfully to " + serverAddress); personService = webServiceFactory.getWSPersonService();
            


            I get an exception:
            AxisFault
            faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
            faultSubcode:
            faultString: java.lang.reflect.InvocationTargetException
            faultActor:
            faultNode:
            faultDetail:
            {http://xml.apache.org/axis/}hostname:hcs391tamlpa001

            java.lang.reflect.InvocationTargetException
            at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
            at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
            at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
            at oracle.xml.parser.v2.NonValidatingParser.parseElement(NonValidatingParser.java:1345)
            at oracle.xml.parser.v2.NonValidatingParser.parseRootElement(NonValidatingParser.java:362)
            at oracle.xml.parser.v2.NonValidatingParser.parseDocument(NonValidatingParser.java:308)
            at oracle.xml.parser.v2.XMLParser.parse(XMLParser.java:213)
            at oracle.xml.jaxp.JXSAXParser.parse(JXSAXParser.java:292)
            at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
            at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
            at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
            at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
            at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
            at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
            at org.apache.axis.client.Call.invoke(Call.java:2767)
            at org.apache.axis.client.Call.invoke(Call.java:2443)
            at org.apache.axis.client.Call.invoke(Call.java:2366)
            at org.apache.axis.client.Call.invoke(Call.java:1812)
            at com.ibm.itim.ws.services.WSSessionServiceSoapBindingStub.login(WSSessionServiceSoapBindingStub.java:809)
            at timper.testCreate.addNewUser(testCreate.java:354)
            at timper.testCreate.main(testCreate.java:92)
            AxisFault
            faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
            faultSubcode:
            faultString: java.lang.NullPointerException
            faultActor:
            faultNode:
            faultDetail:
            {http://xml.apache.org/axis/}hostname:hcs391tamlpa001

            java.lang.NullPointerException
            at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
            at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
            at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
            at oracle.xml.parser.v2.NonValidatingParser.parseElement(NonValidatingParser.java:1345)
            at oracle.xml.parser.v2.NonValidatingParser.parseRootElement(NonValidatingParser.java:362)
            at oracle.xml.parser.v2.NonValidatingParser.parseDocument(NonValidatingParser.java:308)
            at oracle.xml.parser.v2.XMLParser.parse(XMLParser.java:213)
            at oracle.xml.jaxp.JXSAXParser.parse(JXSAXParser.java:292)
            at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
            at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
            at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
            at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
            at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
            at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
            at org.apache.axis.client.Call.invoke(Call.java:2767)
            at org.apache.axis.client.Call.invoke(Call.java:2443)
            at org.apache.axis.client.Call.invoke(Call.java:2366)
            at org.apache.axis.client.Call.invoke(Call.java:1812)
            at com.ibm.itim.ws.services.WSOrganizationalContainerServiceSoapBindingStub.searchContainerByName(WSOrganizationalContainerServiceSoapBindingStub.java:597)
            at timper.testCreate.addNewUser(testCreate.java:392)
            at timper.testCreate.main(testCreate.java:92)

            On the server the exception is:

            10/19/09 16:03:10:320 EDT 0000002a SystemErr R AxisFault
            faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
            faultSubcode:
            faultString: Invalid request, WSSession not found as first parameter on Web Ser
            vice. Ensure that WSSessionis the first parameter in the web service definition
            faultActor:
            faultNode:
            faultDetail:
            {http://xml.apache.org/axis/}stackTrace:Invalid request, WSSession not f
            ound as first parameter on Web Service. Ensure that WSSessionis the first parame
            ter in the web service definition
            at com.ibm.itim.ws.handlers.WSSessionHandler.processRequest(WSSessionHan
            dler.java:146)
            at com.ibm.itim.ws.handlers.WSSessionHandler.invoke(WSSessionHandler.jav
            a:98)
            at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg
            y.java:32)
            at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
            at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
            at org.apache.axis.server.AxisServer.invoke(AxisServer.java:249)
            • gverma
              gverma
              233 Posts
              ACCEPTED ANSWER

              Re: challenge/response questions and Locale bug

              ‏2009-10-19T21:42:38Z  in response to girishS
              Girish S,

              Are you sure that the new version is installed in your environment? The server side error message shows a) Either the v1.3 is not installed on your server, or b) you are not using the client jars that came with v1.3. The other inconsistent information is the reference to the "searchContainerByName" operation in the error message to which I don't see any reference in the code you posted.

              Check the version of WS by surfing to http(s)://YourServer:yourPort/ITIMWebServices/testITIMConnection.jsp and post a screenshot of the result. Also, verify that you are using the client jars that came with v1.3 in your app. The code you posted looks like an excerpt from TestClient posted in this forum, check your codebase for the sequence that caused this error including the reference to "searchContainerByName". You may post the code as an attachment to the forum, and I or another forum user may be able to see where the issue is, time permitting.

              Girish Verma
              • girishS
                girishS
                12 Posts
                ACCEPTED ANSWER

                Re: challenge/response questions and Locale bug

                ‏2009-10-20T13:27:14Z  in response to gverma
                I have correct ITIM web service 1.3 installed. here is the output from the testITIMConnection.jsp page:

                Logged in succesfully as itim manager
                ITIM Web Services Wrapper version is: 1.3
                Web Services target type is: ITIM5
                ITIM version is: 5.0
                Detailed ITIM version info:
                ITIM Version: 5.0.0.7
                ITIM Fixpack level: FP0007
                ITIM Build number: 200909102117
                ITIM Build date: September 10 2009
                ITIM Build time: 21:17:30 GMT-05:00
                Is ITIM SSO enabled? : true

                The following ITIM Web Services properties are configured:
                State saving method: client
                Encrypt client state (valid only if State saving method is set to client)? : true
                Server session timeout (seconds): 1200
                Are Web Services enabled to read HTTP headers to extract SSO user id (only if ITIM is SSO enabled)? : false
                Name of HTTP Header variable to read to extract SSO user id (only if ITIM is SSO enabled): iv-user
                Name of Web Services message context property: transport.http.servletRequest
                Is Debug SSO mode HTTP Header variables enabled (only if ITIM is SSO enabled)? : false
                End of test

                I am using wsLocale and the program would not compile if I have the wrong client jars. So i am quite sure I have the correct client jars.

                I have cleaned up my code and I am now testing just the changepassword functionality. This was working with 1.21 version but does not work with 1.3. It throws exception at login : faultString: java.lang.reflect.InvocationTargetException

                So is it possible that there is a method signature mismatch between the client and the server for WSSessionService.login?

                I am attaching my java source.
                • gverma
                  gverma
                  233 Posts
                  ACCEPTED ANSWER

                  Re: challenge/response questions and Locale bug

                  ‏2009-10-20T14:50:51Z  in response to girishS
                  Girish S,

                  I tested your code in my environment and I cannot repeat your error. Send me an email at gverma@us.ibm.com if you want to discuss further.

                  Girish Verma.
                  • girishS
                    girishS
                    12 Posts
                    ACCEPTED ANSWER

                    Re: challenge/response questions and Locale bug

                    ‏2009-10-22T18:05:05Z  in response to gverma
                    Now that I have ITIM web service 1.3 code working, I am trying to get the following code working:

                    
                    wsLocale.setLanguage(
                    "Any"); session.setLocale(wsLocale); WSSystemUserService suService = webServiceFactory.getWSSystemUserService(); WSChallengeResponseInfo[] crInfo =   suService.getExistingChallengeResponseInfo(session);
                    


                    The locale for my challenge questions is "Any".

                    This does not work. How do I retrieve existing challenge response questions if my questions are set to "Any Locale".
                  • girishS
                    girishS
                    12 Posts
                    ACCEPTED ANSWER

                    Re: challenge/response questions and Locale bug

                    ‏2009-10-22T18:05:22Z  in response to gverma
                    Now that I have ITIM web service 1.3 code working, I am trying to get the following code working:

                    
                    wsLocale.setLanguage(
                    "Any"); session.setLocale(wsLocale); WSSystemUserService suService = webServiceFactory.getWSSystemUserService(); WSChallengeResponseInfo[] crInfo =   suService.getExistingChallengeResponseInfo(session);
                    


                    The locale for my challenge questions is "Any".

                    This does not work. How do I retrieve existing challenge response questions if my questions are set to "Any Locale".
                    • gverma
                      gverma
                      233 Posts
                      ACCEPTED ANSWER

                      Re: challenge/response questions and Locale bug

                      ‏2009-10-23T18:03:31Z  in response to girishS
                      Girish S,

                      This is the behaviour of the ITIM API that web services wraps. ITIM 5.1's API does not have this issue. In your 5.0 environment, have you tested with setting the questions' locale to English from Any?

                      Girish.
                    • gverma
                      gverma
                      233 Posts
                      ACCEPTED ANSWER

                      Re: challenge/response questions and Locale bug

                      ‏2009-10-26T12:38:58Z  in response to girishS
                      GirishS,

                      I wanted to follow up on my earlier reply about retrieving challenge questions - I see that you are trying to retrieve existing questions and not getting them. I had mistaken this scenario for the session service's getChallengeQuestions operation.

                      The behaviour you are experiencing is directly from the ITIM API that WS wraps. It is the same in the ITIM 5.1 API as it was in the ITIM 5.0 API. I will investigate this and post an update.

                      Girish.
                      • gverma
                        gverma
                        233 Posts
                        ACCEPTED ANSWER

                        Re: challenge/response questions and Locale bug

                        ‏2009-11-04T14:51:57Z  in response to gverma
                        GirishS,

                        I forgot to post the update to this forum but the latest beta build fixes the locale issue when retrieving challenge questions.

                        Girish.
  • MaheshT
    MaheshT
    4 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-10-24T07:14:16Z  in response to gverma
    Looks like the WSSystemUserService class in v1.3 has hard-coded Locale.ENGLISH in the following methods:
    addDelegate
    getChallengeResponseConfiguration
    getExistingChallengeResponseInfo
    setChallengeResponseInfo

    All other service classes seem to be using the locale in the session or passed in locale. Any comments?
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-10-24T16:54:59Z  in response to MaheshT
      MaheshT,

      They were probably that way in the beta. They were fixed in build 147 of v1.3. What build number are you using?

      Girish.
  • MaheshT
    MaheshT
    4 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-10-25T22:46:50Z  in response to gverma
    We're using build #146. What is the latest build?
  • MaheshT
    MaheshT
    4 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-11-12T16:25:26Z  in response to gverma
    Girish,

    Getting the following error on selfChangePassword() call. What could be wrong?

    code: itimServ.selfChangePassword("JohnSmith", "password_old", "password_new");

    com.ibm.itim.ws.exceptions.WSApplicationException: com.ibm.itim.ws.services.WSPasswordService.selfChangePassword() () :com.ibm.itim.apps.AuthorizationException:CTGIMS009E You do not have the authority to perform this operation.
    Original server stacktrace:com.ibm.itim.apps.AuthorizationException: CTGIMS009E You do not have the authority to perform this operation
  • costica
    costica
    2 Posts
    ACCEPTED ANSWER

    Examples for Web Services Wrappers for ITIM API

    ‏2009-11-13T03:57:31Z  in response to gverma
    Hi Girish,
    As I promised you, here are a great deal of examples using ITIM Web Services.
    All of them are done using ITIM 4.6.

    Attachments

  • sameer.joshi
    sameer.joshi
    1 Post
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2009-11-17T22:15:00Z  in response to gverma
    Hi Girish,

    For one of the application, we need to add another wrapper for SearchPerson class. Would it be possible for us to add another webservicewrapper to the SearchPerson or I need to use java API directly to asccomplish this.

    Thanks,
    Vani
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2009-11-17T22:20:55Z  in response to sameer.joshi
      Vani,

      If you are using v1.3 beta of ITIM Web Services, you can use the WSExtensionService to extend the web services by adding your own operation in the web service wrappers. Let me know at gverma@us.ibm.com if you need v1.3 beta.

      Girish.
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2012-04-01T10:11:28Z  in response to gverma
        Hi, geverma,

        I need to populate all parameters of some provisioning policy. But I didn't find anything from WSProvisioningPolicyService. Can you help on this?

        If there's no such kind of method in existing service, how can I use WSExtensionService? Can you give a sample for it?
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2012-04-05T20:11:08Z  in response to SystemAdmin
          A15B_Zelian_Shao

          Have you looked at the web services data model for provisioning policy objects? WSProvisioningPolicy has properties for WSPolicyEntitlement and WSPolicyMembership. WSPolicyEntitlement has a property to hold the service target and an array of WSProvisioningParameter to address all the parameters. I suggest you do a getPolicies operation on one or more of your existing policies and examine the data from existing policies in the data model. You can also look at the docs folder and get to the api/ITIMWebServices and look at the javadoc for the model.

          If you want to use WSExtensionService, there is an overall description in section 3.4, and a detailed description in section 5 Extensibility via WSExtensionService. This is in the Web Services Wrapper for ITIM API v1.32 PDF document in the docs folder of the installation extract. You can also browse it at ftp://ftp.software.ibm.com/software/tivoli/OPAL/1TW10IM12/ITIM_Web_Services_v1.32_SolutionandDeployment_Guide.pdf

          Girish.
  • MaheshT
    MaheshT
    4 Posts
    ACCEPTED ANSWER

    Re: ITIM web service proxy for .Net

    ‏2009-11-24T14:50:44Z  in response to gverma
    The namespaces in the .Net generated web service proxy do not match with the namespaces returned in he SOAP responses. I used the WSDL.exe tool in .Net SDK to generate the proxy class and modified the namespaces to match. I tested this for several methods in the ITIMService and they all worked fine. Attached contains two proxy classes: one for version 1.2 and the other is for v1.3 and build 147. If a method is not working or not returning expected result, I suggest using Fiddler or some web debugger to see the SOAP responses and make necessary modifications to the proxy class.

    Mahesh
    • girishS
      girishS
      12 Posts
      ACCEPTED ANSWER

      Re: calling web service behind TAM

      ‏2009-12-07T19:07:25Z  in response to MaheshT
      Hi Girish V,

      We have tested the use of the ITIM web service by talking to the ITIM server directly : http://<itimserver>:9080/

      Now we want to make this work using the SSO feature. The web service will be protected by ITAM.

      I have made the changes to webservice.properties file to have webServices.sso.readHTTPHeader=true

      So in my java program I try to use https://<tam server>/junction ,(the junction points to the ITIM server and port) it requires me to use proper java SSL libraries etc. I can figure this out, but is this how I should be using the URL for SSO enabled ITIM web service?

      Thanks.
      • gverma
        gverma
        233 Posts
        ACCEPTED ANSWER

        Re: calling web service behind TAM

        ‏2009-12-09T16:50:19Z  in response to girishS
        Hi Girish S,

        Here is an extract of a procedure I recommended at another implementation:

        The usage of ITIM Web Services in an SSO enabled environment is similar to the way you would use the ITIM API. ITIM Web Services is an API, not a separate app or UI. ITIM bypasses authentication when it is SSO enabled, assuming that authentication is delegated to an access control product (SiteMinder/TAM...). Your architecture would depend on what clients are accessing the web services and from where. One of the architectures to use ITIM Web Services in an SSO enabled environment from a web client would be:

        • Protect ITIM and ITIM Web Services behind SiteMinder (or any other access control product). The ITIM Web Services app URLs are http(s)://{yourHost:port}/ITIMWebServices/services/{serviceName}. This stops any unchallenged access to ITIM Web Services. You can use the ITIMWebService instead of multiple web services if you want to cut down on multiple junctions.
        • Protect the web client (web services consumer) also behind TAMeb / SiteMinder.
        • When a user access the client application, TAMeb / SiteMinder challenges and then inserts the "sm_user" and sm_authenticated variables in the HTTP header. Webseal inserts the iv-user variable in the HTTP header.
        • When the client needs to talk to ITIM, it should a) either extract the user id variable from the HTTP header and establish a session with ITIM Web Services, using a null password, or b) if in a web context, set the properties readHTTPHeader to true, and useridHTTPHeaderName to iv-user/sm-user.

        This approach is similar to using the ITIM API directly - as long as an authentication request reaches ITIM in an SSO enabled environment, and the userid is valid, the request is fulfilled. If a request from an unauthorized source tries to reach ITIM Web Service, the reverse proxy server would intercept it and send out a challenge, which an unauthenticated client would have to fulfill by supplying the TAMeb/SiteMinder username and password.

        From what I read in your post, it looks like you are on the right track.

        Girish Verma
    • TivoliJ
      TivoliJ
      5 Posts
      ACCEPTED ANSWER

      Re: ITIM web service proxy for .Net

      ‏2010-04-23T07:24:34Z  in response to MaheshT
      Hi Mahesh,

      We are using your proxy class 'itimws_proxy_v13b147.cs'. When we call the searchPersonsFromRoot() method it returns a partial result. It returns the person DN and name but it does not retrun the person attributes. The WSAttribute[] array is blank in the result. Do you have any workaround for this issue?

      Thanks.
    • ManjuJinesh
      ManjuJinesh
      1 Post
      ACCEPTED ANSWER

      Re: ITIM web service proxy for .Net

      ‏2011-08-26T12:46:32Z  in response to MaheshT
      Hi Mahesh,

      We are facing the same issue of "null" session when trying to access the ITIM Web Services 5.1 using the proxy class created using WSDL.exe tool in .NET SDK. Could you please share the proxy class for 5.1 also if you have any?
      Thanks in advance.

      Manju
  • SystemAdmin
    SystemAdmin
    233 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2010-01-15T03:49:18Z  in response to gverma
    Hello, I have been using Jython with the Web Services wrappers with some ease and success and wanted to share a few snippets:

    First is a simple Windows bat file (a UNIX shell script would be an easy port) which sets up the small classpath and starts Jython (included with WAS):

    REM wsjython.bat

    @echo off

    set MY_WAS_HOME=c:\Program Files\IBM\WebSphere\AppServer

    set MY_WS_HOME=c:\Program Files\ITIM Web Services
    set MY_WS_LIB=%MY_WS_HOME%\client

    set MY_CP=%MY_WAS_HOME%\optionalLibraries\jython\jython.jar

    set MY_CP=%MY_CP%;%MY_WAS_HOME%\lib\j2ee.jar

    set MY_CP=%MY_CP%;%MY_WS_LIB%\axis.jar
    set MY_CP=%MY_CP%;%MY_WS_LIB%\commons-discovery-0.2.jar
    set MY_CP=%MY_CP%;%MY_WS_LIB%\commons-logging-1.0.4.jar
    set MY_CP=%MY_CP%;%MY_WS_LIB%\ITIMWebServicesClient.jar
    set MY_CP=%MY_CP%;%MY_WS_LIB%\ITIMWebServicesClientUtils.jar
    set MY_CP=%MY_CP%;%MY_WS_LIB%\jaxrpc.jar
    set MY_CP=%MY_CP%;%MY_WS_LIB%\saaj.jar
    set MY_CP=%MY_CP%;%MY_WS_LIB%\wsdl4j-1.5.1.jar

    "%MY_WAS_HOME%\java\bin\java.exe" -classpath "%MY_CP%" org.python.util.jython %*

    You can create a file and execute it, or, you can simply run Jython in "interactive" mode by giving no filename argument; then you are presented, basically, with an interactive Web Services "shell" to ITIM:

    \path\to\wsjython.bat

    You get a prompt like: ">>> "

    Just type line by line commands, e.g.:

    from com.ibm.itim.ws.services.facade import ITIMWebServiceFactory
    webServiceFactory = ITIMWebServiceFactory("http://vplum:9080")
    sessionService = webServiceFactory.getWSSessionService()
    session = sessionService.login("ITIM Manager", "mypassword")
    personService = webServiceFactory.getWSPersonService()
    person = personService.getPrincipalPerson(session)
    print person.name

    Similarly you can search for people or use the other services available. With scripts, you can accept arguments, and in both scripts and in interactive sessions use your own Python modules, use other Java libraries in your classpath, etc.

    If you are interested in a Wiki approach to further looking at using Jython with the Web Services Wrappers:

    https://www.ibm.com/developerworks/wikis/display/tivoliim/IBM+Tivoli+Identity+Manager+API+Web+Services+Wrappers+Jython+Examples
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2010-01-20T15:32:45Z  in response to SystemAdmin
      Web Services Wrappers v1.3 (Build 150) has been published on the ITIM Tivoli OPAL web site at http://www-01.ibm.com/software/brandcatalog/portal/opal/details?catalog.label=1TW10IM12.

      Web Services Wrappers v1.3 for ITIM API has been released for the following ITIM versions:

      ITIM v4.6
      ITIM v5.0
      ITIM v5.1

      Each download is a self extracting archive on Windows. After extraction, ITIM Web Services can be deployed on any supported ITIM platform. The web services WSDL and pre generated client are identical for all supported ITIM versions. This allows a client to be ITIM version agnostic, and commuicate with any supported ITIM version without changes.

      Web Services Wrappers v1.3 for ITIM API include a number of enhancements over v1.21, including extensibility to define custom operations, new web services to address new functionality in ITIM 5.1, new operations on existing web services, more support for "on behalf of another user" operations, tighter integration with TAMeb, and capability to manage provisioning policies.

      Please refer to the Solution and Deployment Guide document, and the Release Notes document in the doc folder of the archive for further details.

      Girish Verma
      • SystemAdmin
        SystemAdmin
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2010-01-20T18:42:40Z  in response to gverma
        New in 1.3 in particular for me is the addition of WSUnauthService which allows access to self registration (among other features).

        Example in Jython:

        ---

        import jarray
        import java

        from com.ibm.itim.ws.services.facade import ITIMWebServiceFactory
        from com.ibm.itim.ws.model import WSAttribute
        from com.ibm.itim.ws.model import WSPerson

        webServiceFactory = ITIMWebServiceFactory("http://myhost.com:9080")
        unauthService = webServiceFactory.getWSUnauthService()

        cnAttr = WSAttribute("cn", jarray.array(, java.lang.String))
        snAttr = WSAttribute("sn", jarray.array(, java.lang.String))
        mailAttr = WSAttribute("mail", jarray.array(, java.lang.String))
        uidAttr = WSAttribute("uid", jarray.array(, java.lang.String))
        lAttr = WSAttribute("l", jarray.array(, java.lang.String))

        attrs = jarray.array(cnAttr, snAttr, mailAttr, uidAttr, lAttr, WSAttribute)

        person = WSPerson()
        person.name = "John Doe"
        person.profileName = "Person"
        person.attributes = attrs

        unauthService.selfRegister(person, None)

        ---

        Additional unauthenticated points of entry are to get challenge/response questions for a user, submit a password reset request for that user with those challenge/response answers, and so on.
  • garou
    garou
    15 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2010-01-21T17:11:24Z  in response to gverma
    Hi,

    I have a question about how to handle a race condition.

    We need to call modifyPerson(), to add a UID onto an existing unused person record, and then call addRole() to make ITIM create a usable account in TAM. It appears that the addRole() begins before the modifyPerson() completes. We actually tried to prevent this in the code by checking the status of the modifyPerson() request:
    
    <snip> WSPersonService personService = webServiceFactory.getWSPersonService(); WSRequest request1 = personService.modifyPerson(session, dns[0], attributes); WSRequestService requestService = webServiceFactory.getWSRequestService(); 
    
    while(request1.getStatus()==WSRequestConstants.IN_PROCESS || request1.getStatus()==WSRequestConstants.NOT_STARTED)
    { request1 = requestService.getRequest(session, request1.getRequestId()); 
    
    if(request1.getStatus()==WSRequestConstants.FAILED) 
    { status = getBundleProperty(ACTIVATION_BUNDLE, 
    "ERROR_FAILED") + 
    " " + request1.getResult(); 
    
    return status; 
    } 
    
    else 
    
    if(request1.getStatus()==WSRequestConstants.WARNING) 
    { status = getBundleProperty(ACTIVATION_BUNDLE, 
    "ERROR_WARNING") + 
    " " + request1.getResult(); 
    
    return status; 
    } 
    }
    


    Now we are considering changing this status check to a positive test for success or failure (or warning). But, in the ITIM console, a request sometimes goes into a PENDING state and there is no value in WSRequestConstants for that.

    I see a PENDING state in WSActivityConstants but the getActivities() method on the Request object requires a process id as a parameter and there appears to be no way to obtain such a thing?

    I would appreciate any guidance.

    Thanks. (full code attached)
    Jeff
    • streetglide
      streetglide
      81 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2010-01-21T18:55:49Z  in response to garou
      I typically do this:

      for (int i=0; i < maxWaitSeconds; i++) {
      req = session.getRequestStatus(req.getRequest().getRequestId());
      if (req.getProcessState().equalsIgnoreCase("Completed"))
      break;
      else
      Thread.sleep(1000);
      }

      Dave
      • garou
        garou
        15 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2010-02-10T20:31:19Z  in response to streetglide
        Thank you, Streetglide. We adapted your code and it is working well.
    • coder_123
      coder_123
      1 Post
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2010-03-26T20:19:29Z  in response to garou
      I am trying to authenticate a user against ITIM to change their password.

      I can not SSO but need to authenticate.

      I have SSO enabled on my ITIM.

      I use WSITIMService.login(userid, password) and it ignores the password and log's in.

      I am then able to change the password .

      This is a security violation as the user has not really signed in therefore it should not SSO.

      Is there a mechanisim to validate whether the users authentication information is correct when SSO is enabled for ITIM.
      Here is my code

      WSItimService itim = webServiceFactory.getWsITIMService();
      itim.login(userid, somepassword);

      This allows me to login and get a session and further change my password.

      I need a method to check whether my password is the one in the ldap.
      • gverma
        gverma
        233 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2010-03-26T23:31:52Z  in response to coder_123
        This is not a security violation, your deployment needs to complete its SSO architecture. Essentially when ITIM is SSO enabled, you delegate the authentication to an access control product like TAMeb Webseal or similar, and protect ITIM behind it to block unauthorized traffic. You should also protect ITIM Web Services behind the access control product. For ITIM Web Services behaviour in an SSO enabled environment, see section 5.2.4 for the ITIM Web Services Solution and Deployment Guide.

        There are two different usage patterns when communicating with ITIM using ITIM Web Services behind Webseal (or similar):

        1. If you use the Web Services API from another application that is also protected behind WebSeal like ITIM and ITIM Web Services, then the client application will already hold a valid WebSeal credential injected in to the HTTP headers. ITIM Web Services can be configured (via the properties files) to use this credential instead of any username passed into the login method, and ignore the password. Please see section 5.2.4 (starting at page 49) of the ITIM Web Services v1.3 Solution and Deployment Guide.

        2. If you use Web Services API from an application not behind Webseal itself, you will have to change the pre generated ITIMWebService client to respond to the WebSeal challenge if it is thrown. Or you can easily regenerate a new client from the provided WSDL and make changes. There is an excellent article on protecting Axis Web Services behind TAMeb at http://www.ibm.com/developerworks/tivoli/library/t-ssl/ that shows the WebSeal configuration, SSL (optional) setup and client modification exactly for this purpose.

        ITIM Web Services has a WSUauthService which is a proxy web service that exposes operations that do not (or cannot) provide an authenticated credential. This web service has been created so that an unauthenticated junction can be setup in TAMeb for it. The methods exposed by this service include self registration, password challenge related functions, version info retrieval..).

        Girish.
  • girishS
    girishS
    12 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2010-02-09T13:51:39Z  in response to gverma
    There is a need for me to identify inactive users.

    
    String ldapFilter = 
    "(erpswdlastchanged>=200912010000Z)"; String[] attrList = 
    
    null; 
    // Optional, supply an array of attribute names to be returned. 
    // A null value will return all attributes. WSPerson[] persons = personService.searchPersonsFromRoot(session, ldapFilter, attrList);
    


    But this returns a large array and the JVM runs out of heap space.

    Is there a way to do pages searches on ITIM person (something similar to WSSearchResultsWrapper ).?
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2010-02-10T16:05:24Z  in response to girishS
      GirishS,

      No, there is not a current way to page thru person searches. You could try modifying the filter to return smaller sets of data, and setting the attrList to reduce the attrs to be returned. Also, ask your Websphere Support if they can increase the java heap.

      I am adding in support for paged searches for all the search operations, but it won't be available till the next release. Contact me if you want a beta.

      Girish.
      • shr123
        shr123
        13 Posts
        ACCEPTED ANSWER

        Re: Web Services Wrappers for ITIM API

        ‏2011-01-25T16:09:27Z  in response to gverma
        Hello Girish,
        We are using version 1.32. Do we have way to get paged results of person search results? Similiar to requestService.getPagedRequests?

        Also, Is there any way to set the order of search results ? If not, what is the deafult order in which search results are returned.

        Thanks,
        Shr123.
        • gverma
          gverma
          233 Posts
          ACCEPTED ANSWER

          Re: Web Services Wrappers for ITIM API

          ‏2011-01-25T21:08:31Z  in response to shr123
          Shr123,

          The solution to get paged search results is part of the next release but has not yet been tested on a clustered ITIM. Once available, it will offer a call to sort the search result by an attribute name and ascending/descending order.

          Girish.
          • shr123
            shr123
            13 Posts
            ACCEPTED ANSWER

            Re: Web Services Wrappers for ITIM API

            ‏2011-01-25T23:20:46Z  in response to gverma
            Thanks Girish for the quick response.

            I have another question. Is there way to create dynamic role?. I see the one to create static role but I do not see api to create dynamic role.

            Regards,
            Shr123
            • gverma
              gverma
              233 Posts
              ACCEPTED ANSWER

              Re: Web Services Wrappers for ITIM API

              ‏2011-01-26T04:27:04Z  in response to shr123
              Shr123,

              ITIM Web Services only supports the creation of static roles, not dynamic roles.

              Girish.
  • girishS
    girishS
    12 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2010-02-10T20:23:24Z  in response to gverma
    ok, thanks. I have reduced the number of attributes returned and narrowed the search criteria.
    • TivoliJ
      TivoliJ
      5 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API

      ‏2010-04-22T13:31:48Z  in response to girishS
      Hi Girish,

      We are using ITIM Web services v1.3 in .NET. When we search a person using searchPersonsFromRoot() method in WSItimService, it returns result without person attributes. The WSAttribute array length is zero. ItimDN value and name are coming but the person attributes are not coming in the result. Can you please tell us any idea if you had provided any solutions for such a problem. Or else please refer us any links to check for this problem in .NET. We expect your help

      Thanks in advance
  • costica
    costica
    2 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API; Add/Search/Delete groups from AD ac

    ‏2010-02-20T08:21:43Z  in response to gverma
    Hi Girish,

    In ITIM 4.6, for AD accounts, there is the possibility to add new groups to a specific AD account associated with a user, or to delete groups from a specific AD account, or to search for all groups inside of ITIM in order to add some of them to an AD account.

    Question please: are there classes and methods associated with, in order to do the afore mentioned tasks "via" ITIM Web Services too, please ?
    • gverma
      gverma
      233 Posts
      ACCEPTED ANSWER

      Re: Web Services Wrappers for ITIM API; Add/Search/Delete groups from AD ac

      ‏2010-02-22T18:13:30Z  in response to costica
      costica,

      ITIM Web Services already contains functionality to add / delete groups if you know the group name, as well as the capability to search for groups on AD accounts (or other service types that have groups, like Unix etc.). An account's group membership is a regular multi value attribute on the account, and can be modified (to add or remove groups) by modifying the multiple value list on the attribute. The web services' account modify operations will take care of it. (See modifyAccount on WSAccountService).

      There are multiple ways to search for groups before adding them to the group attribute on an account. See getSupportingData on WSServiceService. If you are using the forms service to retrieve account forms, that makes the search task a whole lot easier since the forms service will retrieve the search control associated with a group attribute from the form definition. You can then use the findSearchFilterObjects operation on the WSSearchDataService. There is an example on it in Example 6.8-2 in the solution and deployment guide.

      Girish.
  • moconnor
    moconnor
    6 Posts
    ACCEPTED ANSWER

    Re: Web Services Wrappers for ITIM API

    ‏2010-02-23T01:18:57Z  in response to gverma
    I ran into an issue today where I submit a createPerson or modifyPerson request through the ITIM Web Services. I'm logged in as ITIM Manager. The entries show up in the Pending Requests list but stay in a Not Started status. If I login to the normal GUI and perform similar operations on the same identity (in the case of the mod) the job changes to running. I'm running 4.6 FP91. Any ideas?

    Thanks,
    -Mike