XML-RPC Web Service
Connector name |
|
Connector type | Executable with PSLang script |
Type (UI field value) | XML-RPC Web Service |
Target system versions supported / tested | Applications that provide an XML web service interface |
Connector status / support | Customer-Verified Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system. |
Installation / setup | Write a PSLang script and include it in the <instancedir> directory on the Bravura Security Fabric server. Some sample scripts are provided in the samples directory. |
The following Bravura Security Fabric operations are supported by the agent for XML web service (agtxml):
user verify password
user change password
administrator reset password
administrator reset+expire password
expire password
unexpire password
administrator verify password
verify+reset password
enable account
disable account
check account enabled
lock account
unlock account
check account lock
expire account
check account expiry
unexpire account
create account
delete account
add user to group
delete user from group
create group
delete group
move contexts
rename account
update attributes
list account attributes
List:
accounts
attributes
groups
members
computer objects
service accounts
members of built-in administrators group
Note
The XML target script supports listing workstations, servers, and accounts (admin, IIS, DCOM, Com+, SCM, TASK). See the Win32 Console Script chapter, Listing computer objects and Listing iis, dcom, com+, scm, task, and custom accounts to learn how to write scripts for these operations.
For a full list and explanation of each connector operation, see Connector operations.
Preparation
Installing required software
Before targeting an application that provides an XML web service, ensure that the following is installed on all Bravura Security Fabric servers:
Web Service Enhancements (WSE) 2.0 SP3 for Microsoft .NET
Writing a script
Account management operations are implemented using a PSLang script to provide details for interaction between Bravura Security Fabric and the target application. Write this script and include it in the <instancedir> directory on the Bravura Security Fabric server. Some sample scripts are provided in the samples directory. These include:
agtxml.cfg – a generic XML script
agtxml-hpilo.cfg– for targetting HP iLO machines
If you cannot find the sample file, try re-running setup to modify your installation. Sample files are automatically installed with complete (typical) installations. You can select them in custom installations.
See more information about writing an XML script or modifying a sample script.
Configuring a target system administrator
In most cases, Bravura Security Fabric uses a designated account (for example, psadmin) on the XML web service target system to perform operations.
Ensure that the designated account can log into the application from the Bravura Security Fabric server, and that the account has the necessary privileges to set passwords and manage accounts.
Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the target system to Bravura Security Fabric .
Targeting an application
For each application that uses a XML web service to manage accounts, add a target (Manage the system > Resources > Target systems). Set the:
Type to XML-RPC Web Service.
Script file to the name of the PSLang script file you created in Writing a script . Ensure that the script is located in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory.
(key: script)
URL The URL that services the XML requests.
(key: serverURL)
Administrator ID and Password to the login ID and password for the target system administrator you configured in Configuring a target system administrator. If the target system does not require administrative credentials, set the Administrator ID and Password to a non-empty value.
Note
Script file and URL parameters implemented in Connector Pack 4.3.
The full list of target system parameters is explained in Target System Options .
Creating a template account
Consult the documentation included with your specific application to learn how to create an account to use as a template in Bravura Identity . You can then add account attributes to determine how new accounts should be created based on the template account’s parameters.
Bravura Security Fabric still requires a template account, even though attributes may or may not be copied from the template account, for example, if the configured action for all account attributes is Set.
Creating account attributes
The attributes that define accounts are unique to specific applications; you must therefore create your own set of account attributes. You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using in the Manage the system (PSA) module account attributes menu. See Account attributes for more information.
Managing groups
If group management functions are supported by your application, you can configure Bravura Security Fabric’s workflow engine to manage group membership on your targets. You can also map profile attributes to group attributes on the target so that users can select groups when making a request; however, this method is currently incompatible with group management through Bravura Security Fabric ’s workflow configuration. Changes made in one method are not updated in the other.
For more information about account attributes and managed groups, see Groups.