SOAP Web Service
Connector name |
|
Connector type | Executable with PSLang script |
Type (UI field value) | SOAP Web Service |
Target system versions supported / tested | Applications that provide a SOAP web service interface |
Connector status / support | Customer-Verified Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system. |
Installation / setup | Write a PSLang script and include it in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory on the Bravura Security Fabric server. Some sample scripts are provided in the samples directory. |
Bravura Security Fabric can perform operations for applications that provide a SOAP web service interface for setting passwords and creating accounts.
The following Bravura Security Fabric operations are supported by the agent for SOAP web service (agtsoap):
user verify password
user change password
administrator reset password
administrator reset+expire password
expire password
unexpire password
administrator verify password
verify+reset password
enable account
disable account
check account enabled
lock account
unlock account
check account lock
expire account
check account expiry
unexpire account
create account
delete account
add user to group
delete user from group
create group
delete group
move contexts
rename account
update attributes
list account attributes
List:
accounts
attributes
groups
members
computer objects
service accounts
members of built-in administrators group
Note
The SOAP target script supports listing workstations, servers, and accounts (admin, IIS, DCOM, Com+, SCM, TASK). See the Win32 Console Script chapter, Listing computer objects and Listing iis, dcom, com+, scm, task, and custom accounts to learn how to write scripts for these operations.
For a full list and explanation of each connector operation, see Connector operations.
See also
SOAP Web Service (Ticket) shows you how to use the pxsoap program to trigger updates when certain events occur on the Bravura Security Fabric server.
Preparation
Installing required software
Before targeting an application that provides a SOAP web service, ensure that the following are installed on all Bravura Security Fabric servers:
Microsoft .NET Framework 2.0+
Web Service Enhancements (WSE) 2.0 SP3 for Microsoft .NET
Writing a script
Account management operations are implemented using a PSLang script to provide details for interaction between Bravura Security Fabric and the target application. Write this script and include it in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory on the Bravura Security Fabric server. Some sample scripts are provided in the samples directory. If you cannot find the sample file, try re-running setup to modify your installation. Sample files are automatically installed with complete (typical) installations. You can select them in custom installations.
Caution
Any sample script should be modified to fit your environment and prevent security exploits.
See more information on how to create a SOAP script or modify a sample script.
Configuring a target system administrator
In most cases, Bravura Security Fabric uses a designated account (for example, psadmin) on the SOAP web service target system to perform operations. An additional target system administrator, identified as System password , can be specified and referenced in the script as sysid and syspw .
Ensure that the designated account can log into the application from the Bravura Security Fabric server, and that the account has the necessary privileges to set passwords and manage accounts.
Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the target system to Bravura Security Fabric .
Targeting an application
For each application that uses a SOAP web service, add a target (Manage the system >Resources >Target systems):
Type is SOAP Web Service .
The Address in Bravura Security Fabric uses the following settings:
Script file The name of the PSLang script file you created in Writing a script . Ensure that the script is located in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory.
URL Optional field, normally used for testing purposes. The URL entered here will overwrite the URL entry in the script file.
Administrator ID and Password are the login ID and password for the target system administrator you configured in Configuring a target system administrator. If the target system does not require administrative credentials, set the Administrator ID and Password to a non-empty value.
The full list of target system parameters is explained in Target System Options .
Creating a template account
Consult the documentation included with your specific application to learn how to create an account to use as a template in Bravura Identity . You can then add account attributes to determine how new accounts should be created based on the template account’s parameters.
Bravura Security Fabric still requires a template account, even though attributes may or may not be copied from the template account, for example, if the configured action for all account attributes is Set.
Creating account attributes
The attributes that define accounts are unique to specific applications; you must therefore create your own set of account attributes. You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using in the Manage the system (PSA) module account attributes menu. See Account attributes for more information.
Managing groups
If group management functions are supported by your application, you can configure Bravura Security Fabric’s workflow engine to manage group membership on your targets. You can also map profile attributes to group attributes on the target so that users can select groups when making a request; however, this method is currently incompatible with group management through Bravura Security Fabric ’s workflow configuration. Changes made in one method are not updated in the other.
For more information about account attributes and managed groups, see Groups.