Logging in to Web Services with a pre-defined security token
About this task
To enable user pre-authentication and provide access to Web Services with a pre-defined security token, use the parameter WS_LOGON_USERS in pmc.conf. Use this parameter to define users whose security token can be used by other users for accessing Platform Application Center Web Services without a password.
Note: The feature applies only to user name and password logon. It cannot be used with other single
sign-on services such as SAML, X.509, or SiteMinder.
Examples
To define the users whose token can be used by other users to access Platform Application Center Web Services :
- To set it so that all users can log on with the security token of user1 and user2 provided by the client: WS_LOGON_USERS=user1,user2
- To set it so that all users can log on with the security token of user1 and user2 but only if
the request is made from a specific client host: use WS_LOGON_USERS
=user1@IP_address, user2@host_name. The host name
can be the short name, long name, or IP address. If requests are made from any other hosts, the
requests will be rejected. Note: If you access Platform Application Center Web Services through IBM HTTP Server, configure the IP address of the IBM HTTP Server instead of the client host name.
- To set it so that any user’s token can be used to log in to Platform Application Center but the request must be made from a specific client host, use WS_LOGON_USERS =*@IP_address. If requests are made from any other hosts, the requests will be rejected.
The parameter REMOTE_USER is used with WS_LOGON_USERS for pre-authentication with Web Services and CA SiteMinder. If WS_LOGON_USERS is defined in pmc.conf, pre-authentication is considered enabled. Use REMOTE_USER in request headers when using the Platform Application Center Web Services APIs.
For example:
url_job = url + 'webservice/pacclient/jobs?' + parameter
headers = {'Content-Type': 'application/xml', 'Cookie': token, 'REMOTE_USER': user1,
'Accept': ACCEPT_TYPE}