Specifying an authentication mode

• ServiceURL

  The URL for the Exchange Server or Exchange Online service. For example:

  ServiceURL : 'https://outlook.office365.com/EWS/Exchange.asmx'

  If ServiceURL is not specified, the probe will perform AutoDiscovery to detect the service URL (Exchange Online only).

• Username

  The email address of the user whose mailbox will be accessed by the probe. For example:

  Username : 'exampleuser@ewsprobe.microsoft.com'

• Password

  The password of the user whose mailbox will be accessed by the probe. For example:

  Password : 'password'

• TrustStore

  The full path to the truststore used for TLS authentication (Exchange Server only). For example:

  TrustStore : '/home/netcool/truststore.jks'

• TrustStorePassword

  The password to access the truststore used for TLS authentication (Exchange Server only). For example:

  TrustStorePassword : 'password'

• AuthenticationType

  Set this property to Basic:

  AuthenticationType : 'Basic'

1. Configure Azure Active Directory:

   1. Login to Azure Active Directory at https://aad.portal.azure.com/ with the user account that is used for the probe. This user account must have the Global Administrator role for the Tenant. To determine the Tenant ID, go to Manage>Properties and copy the value for the Tenant ID.

   2. Select Azure Active Directory in the left-hand navigation, then select App registrations under Manage.

   3. Select New registration. On the Register an application page, set the values as follows:

      Set Name to a user-friendly name for your app.

      Set Supported account types to the choice applicable to your scenario.

      For Redirect URI, change the drop-down to Public client (mobile & desktop) and set the value to urn:ietf:wg:oauth:2.0:oob

   4. Choose Register. On the next page, copy the value of the Application (client) ID and save it, you will need it later.

   5. Select API permissions in the left-hand navigation under Manage.

   6. Click API permissions and go to Add a permission.

   7. Click APIs my organization uses and search for Office 365 Exchange Online.

   8. Select Office 365 Exchange Online and choose Application Permissions.

   9. Under Other permissions, check full_access_as_app.

   10. Click Add permissions.

   11. Select Grant admin consent for org and accept the consent dialog.

   12. Select Certificates & Secrets in the left-hand navigation under Manage.

   13. To create a new Client Secret, select New client secret, enter a short description and select Add. Copy the value of the newly added Client Secret and save it.

   14. To create a new Client Certificate, upload the certificate containing the public key of the probe server in either cer, pem or crt format.

2. Configure the following properties for the probe:
   • ServiceURL

     The URL for the Exchange Server or Exchange Online service. For example:

     ServiceURL : 'https://outlook.office365.com/EWS/Exchange.asmx'

     If ServiceURL is not specified, the probe will perform AutoDiscovery to detect the service URL (Exchange Online only).

   • Username

     The email address of the user whose mailbox will be accessed by the probe. For example:

     Username : 'exampleuser@ewsprobe.microsoft.com'

   • Password

     The password of the user whose mailbox will be accessed by the probe. For example:

     Password : 'password'

   • AuthenticationType

     Set this property to OAuth2:

     AuthenticationType : 'OAuth2'

   • Authority

     URL of the authority that will authenticate the probe to connect with Exchange Online. This is in the format: https://login.microsoftonline.com/<Tenant Domain or Tenant Id>. For example:

     Authority : ‘https://login.microsoftonline.com/ewsprobe.microsoft.com'

     The Tenant Id can be obtained from the Azure Active Directory Admin Center by navigating to the Properties section of the Dashboard of the Tenant.

   • Scope

     The scope of the authentication request. This is normally set to:

     Scope : 'https://outlook.office.com/.default'

   • ClientId

     The Application (client) ID of the application registered in Azure Active Directory that represents the probe. For example:

     ClientId : '12345678-90ab-cdef-1234-567890abcdef'

   • ClientSecret

     The secret string used by the probe to authenticate with Azure when requesting a token. If not specified, the probe will use ClientCertificate to authenticate. For example:

     ClientSecret : 'abcdefghijklmnopqrstuvwxyz0123456789'

     Note: For OAuth2 Authentication, you must use either ClientCertification or ClientSecret, but not both. If both are specified, the probe will use the ClientSecret.
   • ClientCertificate

     A keystore in the PKCS12 format that stores the probe server certificates (private and public keys). The public key in this keystore is the same as the one that was uploaded to Azure Active Directory earlier. For example:

     ClientCertificate : '/home/netcool/keystore.p12'

     Note: You will need to perform the following steps:

     1. Create a private key that will be used by probe properties:

        /opt/IBM/tivoli/netcool/platform/linux2x86/jre64_1.8.0/jre/bin/keytool -genkey -alias win2019 -storetype PKCS12 -keyalg RSA -keystore keystore.p12

     2. Convert the private key to crt type to be used by Office 365:

        openssl pkcs12 -in keystore.p12 -clcerts -nokeys -out keystore.crt

   • ClientCertificatePassword

     The password to access the PKCS12 keystore. For example:

     ClientCertificatePassword : 'password’

RetryCount : 3