Skip to main content

API SOAP Service (idapisoap)

The API SOAP Service (idapisoap) provides access to the Bravura Security Fabric API Service (idapi) with the WWS web service API. It is installed and started on the Bravura Security Fabric server during setup.

Some organizations use the SOAP API to build their own customized front-end to Bravura Security Fabric .

Refer to the Bravura Security Fabric Remote API (api.pdf) for detailed reference information.

The API SOAP Service (idapisoap) requires:

  • Windows Server 2012, or

    Windows Server 2012 R2

  • Microsoft .NET Framework 4.5+

The API SOAP Service is dependent on the API Service (idapi). The PSLang API, IIS.NET API, and WWS API call into this service.

Configuration

The service is automatically installed and started on the Bravura Security Fabric server during setup.

You can modify the following parameters related to the API SOAP Service on the Service information page:

Table 1. idapisoap service options

Option

Description

Endpoints for the IDAPI SOAP native service

The URL that the API SOAP Service will listen in on. An optional port can be appended to the host and preceded by a colon. Multiple endpoints can be defined in a comma separated list. To secure the endpoint, configure it to listen on https.

Use system setting:

Will be set to the following:

http://<IP>/default/idapi2,http://localhost/default/idapi2,http://<IP-fqdn>/default/idapi2.



Note

For versions of Bravura Security Fabric prior to 12.6.1, the SOAP endpoints ended with idapi . The target namespace, www.hitachi-id.com, used by these endpoints has been deprecated. Client applications that use libraries and binaries from these older products will still connect to the 12.6.1 IDAPI SOAP service using the idapi endpoint; however, any new client applications written with the 12.6.1 libraries and binaries will need to use the new endpoints ending with idapi2 and the target namespace www.bravurasecurity.com.

When declaring the custom endpoint values, use the old name, idapi . This will cause the creation of two endpoints for every declared URL:

  • The idapi endpoint using the legacy namespace in the WSDL,

  • A separate endpoint, idapi2 , with the new namespace.

Whatever value is used in the last URL section of the endpoint (e.g. replace "idapi" with "test"), will get an appended "2" for providing the API service with the new SOAP namespace.

Existing integrations using the old namespace WSDL can remain configured to use the idapi endpoint. Any new integrations will be configured to use the new idapi2 endpoint. That idapi2 endpoint should not be declared explicitly in the idapisoap service configuration.

The reason for this change is twofold:

  • The WSDL namespace was changed to follow the company name change

  • Application administrators do not have to update thousands of old clients that are all both pointing at /idapi and expecting a namespace of www.hitachi-id.com when they upgrade the instance.

The "server" URL fragment must be the IP, hostname or FQDN (fully qualified domain name) of the server. If the connection is secured with TLS (https protocol), only an FQDN listed in the TLS server certificate used on the IIS server will allow a secure remote connection.

Command-line options for idapisoap are listed below:

Table 2. idapisoap service command-line options

Argument

Description

-h

Displays usage information.

-v

Displays version number only.

-binding <binding>

Specify the binding type:

– basicHttpBinding

– wsHttpBinding (default)

-endpoint <endpoint>

The endpoint that this SOAP service listens on

-mextype <mextype>

The metadata exchange method:

– None

– MexHttpGet

– Mex (only for wsHttpbinding)

– HttpGet (default). The default is suited for most applications.

-config

Displays service configuration information.

-server

Run the service in server mode.

-start

Starts the service.

-stop

Stops the server/service



To configure wsbinding and mex, set the service like this:

idapisoap -binding 1 -mextype 2

where the API service class can be generated from <endpoint>; for example, http://<IP or fqdn>/hiim/idapi2.

To configure httpbinding and HttpGet, set the service like this:

idapisoap -binding 0 -mextype 4

where the API service class can be generated from the WSDL <endpoint>/wsdl; for example,

http://<IP or fqdn>/hiim/idapi2/wsdl

Changing the SOAP connection type by using the "binding" and "mextype" arguments is only required if the remote SOAP tooling used requires it. Do not change the default connection type if testing the collection of the WSDL using a browser, otherwise you will receive a generic server error (HTTP 500) instead of the WSDL.

In this section: