Discussion:
ITIM: Using Web Services to modify an account
(too old to reply)
s***@gmail.com
2014-06-03 15:27:58 UTC
Permalink
Raw Message
Hello,

I am trying to create an ITDI feed where it will take information from a .csv file and then use Web Services to call the Modify Account (SAP) within ITIM. I have located the .wsdl and have already created the .jar file from a Complex Types Generator, saving it to the {TDI_HOME}/jar folder. I can make a successful connection with my AxisEasyInvokeSoapWebServiceFunctionComponent and so, so far so good, in my opinion.

The next step is to give the 4 parameter values in the Output Map, correct? This code below is from the ModifyAccount.java:


public ModifyAccount(WSSession wssession, String s, WSAttribute awsattribute[], Calendar calendar)



This is where I am unsure what to pass as values. I just want to have a simple Web Service call right now that will modify an account that I will specific in the ITDI manually in perhaps a Script Node.

Any help would be appreciated as this has been mostly self-taught and with a lot of trial & error. I am wondering if I am even on the right path. Thank you in advance.

- Steven
@ErikSorensen
2014-06-03 20:23:29 UTC
Permalink
Raw Message
I know what you are going through :) I've found that examining the .jar in JD GUI (http://java.decompiler.free.fr/jd-gui/downloads) made it very easy to figure out the method signatures and stuff. The names of the output maps and connection tab params are case sensitive.

Anyway, first I usually have a WS function component called "Login" or something configured as follows, which just sets up the session:

1) Connection Tab
wsdl url:
http://tim_host:9080/ITIMWebServices/services/WSItimService?wsdl

soap operation:
login

operation parameters:
Login

fill in username + password

complex types:
com.ibm.itim.ws.services.Login
com.ibm.itim.ws.services.LoginResponse

2) Output Map (1 attrib)
name: Login
value:
com.ibm.itim.ws.services.Login("user", "password")

3) Input Map (1 attrib)
name: return
value:
// get the WSSession out of the LoginResponse
var login_response = conn["return"].getValue(0)
var session = login_response.getLoginReturn();

----
At this point we have a WSSession ("session" variable) that we can pass along in subsequent web service calls. Now, create a second connector for the modify account step... you'll have to change the operation and complex types. I've never modified an account directly (not sure if that is the recommended way to do things...) - so I'll include my example of adding a role to a person.
---

1) Connection Tab
wsdl url:
http://tim_host:9080/ITIMWebServices/services/WSItimService?wsdl

soap operation:
addRole

operation parameters:
addRole

fill in username + password

complex types:
com.ibm.itim.ws.services.AddRole
com.ibm.itim.ws.services.AddRoleResponse

2) Output Map
name: AddRole
value:
// we have the session from earlier
now = java.util.Calendar.getInstance();
person = work.getString("DN") // this is the TIM DN of the person
role = "erglobalid=6994025467228761794,ou=roles,erglobalid=00000000000000000000,ou=company,dc=com"; // however you want to get the TIM DN of the role... don't hardcode

// send this to the web service
com.ibm.itim.ws.services.AddRole(session, person, role, now);

3) Input Map
name: returnAddRole
value:
conn["return"] // I didn't really do anything with it
s***@gmail.com
2014-06-04 18:31:52 UTC
Permalink
Raw Message
Erik,

Amazing! I got it to work with your example and so now I will be able to customize it to my needs.

Thank you again!
- Steven
Franzw
2014-06-04 06:47:10 UTC
Permalink
Raw Message
Post by s***@gmail.com
Hello,
I am trying to create an ITDI feed where it will take information from a .csv file and then use Web Services to call the Modify Account (SAP) within ITIM. I have located the .wsdl and have already created the .jar file from a Complex Types Generator, saving it to the {TDI_HOME}/jar folder. I can make a successful connection with my AxisEasyInvokeSoapWebServiceFunctionComponent and so, so far so good, in my opinion.
public ModifyAccount(WSSession wssession, String s, WSAttribute awsattribute[], Calendar calendar)
This is where I am unsure what to pass as values. I just want to have a simple Web Service call right now that will modify an account that I will specific in the ITDI manually in perhaps a Script Node.
Any help would be appreciated as this has been mostly self-taught and with a lot of trial & error. I am wondering if I am even on the right path. Thank you in advance.
- Steven
Why are you trying to do this with the WS APIs - it would probably be easier with the Java APIs.

Just because ISIM exposes a WS API it does not necessarily mean that this is the best for all purposes - in most "local" (i.e. things you run within your closed environment) situations there is no idea to add the overhead and complexity of the WS API. The situation is different if you work across domain boundaries.

I know that in past time it required a PhD and some black magic to get the Java API running - but that has been resolved by this Technote : http://www-01.ibm.com/support/docview.wss?uid=swg21659565

You may have to import certificates from the WebSphere server to the TDI keystore also (you should protect the login running over SSL).

HTH
Regards
Franz Wolfhagen
s***@gmail.com
2014-06-04 14:33:30 UTC
Permalink
Raw Message
Franz, I agree with you that it would be easier with the Java APIs. We already have this in place to do other work for us with ITIM. No PhD or black magic needed! However, we wanted to use ITDI to do this work, it gives us more flexibility going forward. As for myself, consider it as a personal challenge to do it as well.

Erik, thank you for your detailed example! It is very much appreciated and I am excited to try it out today. I will keep you posted!

Thank you,
- Steven
Franzw
2014-06-04 20:45:45 UTC
Permalink
Raw Message
Post by s***@gmail.com
Franz, I agree with you that it would be easier with the Java APIs. We already have this in place to do other work for us with ITIM. No PhD or black magic needed! However, we wanted to use ITDI to do this work, it gives us more flexibility going forward. As for myself, consider it as a personal challenge to do it as well.
Erik, thank you for your detailed example! It is very much appreciated and I am excited to try it out today. I will keep you posted!
Thank you,
- Steven
If you go to the Technote I linked you will see how to merge TDI and the ISIM Java API - a very powerful combination and much simpler to maintain...

But do not underestimate the knowledge and magic needed to make it work in all circumstances - there are problems with class loading and SSL if you run clustered ISIM that can make you feel a lot older in very short time :-).

I regularly write TDI/ISIM Java code and the combination is extremely powerful and can reduce the end to end time of a small solution dramatically compared to Java coding.

Regards
Franz Wolfhagen
s***@gmail.com
2014-06-05 15:49:57 UTC
Permalink
Raw Message
Hello Franz,

I am having a look at the Technote now, but before I get too far into it, will it work with ITIM 5.1 and ITDI 7.0?

Thank you,
Steven
Franzw
2014-06-06 19:19:22 UTC
Permalink
Raw Message
Post by s***@gmail.com
Hello Franz,
I am having a look at the Technote now, but before I get too far into it, will it work with ITIM 5.1 and ITDI 7.0?
Thank you,
Steven
The login methods are a little different - but not much - if you look at the samples of Java applications in your 5.x system you should easily be able to change the code to support 5.x.

The difficult thing is to get the jars and the WAS client things right and that has not changed...

Else let me know - I have samples somewhere in my archives.

HTH
Regards
Franz Wolfhagen
Manigandan Jegannathan
2014-07-08 13:01:08 UTC
Permalink
Raw Message
Fabulous,

Hi Franzw, I can get platform context and successfully logged in using TDI (tech note you shared helped).

But ,
var employeeMO = new Packages.com.ibm.itim.apps.identity.PersonMO(itimPlatform,subject,empDN);
var emp = employeeMO.getData() ;

this returns null value, Though i gave correct Person DN.
Franzw
2014-07-08 18:33:09 UTC
Permalink
Raw Message
Post by Manigandan Jegannathan
Fabulous,
Hi Franzw, I can get platform context and successfully logged in using TDI (tech note you shared helped).
But ,
var employeeMO = new Packages.com.ibm.itim.apps.identity.PersonMO(itimPlatform,subject,empDN);
var emp = employeeMO.getData() ;
this returns null value, Though i gave correct Person DN.
Well - it DistinguishedName is an object - not a string...
Try this :

importPackage(Packages.com.ibm.itim.apps.identity);
importPackage(Packages.com.ibm.itim.dataservices.model);

empDN = new DistinguishedName("erglobalid=1234556789111....")
var employeeMO = new PersonMO(itimPlatform,subject,empDN);

var emp = employeeMO.getData() ;

HTH
Regards
Franz Wolfhagen
Manigandan Jegannathan
2014-07-10 07:05:33 UTC
Permalink
Raw Message
Hi Franz

Same NULL error,

CTGDIS809E handleException - cannot handle exception , script
java.lang.NullPointerException
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:379)
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:341)
at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:133)
at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:112)
at com.ibm.di.server.ScriptComponent.add(ScriptComponent.java:216)
at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(AssemblyLine.java:3749)
at com.ibm.di.server.AssemblyLine.executeMainStep(AssemblyLine.java:3369)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2978)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2961)
at com.ibm.di.server.AssemblyLine.executeAL(AssemblyLine.java:29
Franzw
2014-07-10 14:32:37 UTC
Permalink
Raw Message
Post by Manigandan Jegannathan
Hi Franz
Same NULL error,
CTGDIS809E handleException - cannot handle exception , script
java.lang.NullPointerException
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:379)
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:341)
at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:133)
at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:112)
at com.ibm.di.server.ScriptComponent.add(ScriptComponent.java:216)
at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(AssemblyLine.java:3749)
at com.ibm.di.server.AssemblyLine.executeMainStep(AssemblyLine.java:3369)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2978)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2961)
at com.ibm.di.server.AssemblyLine.executeAL(AssemblyLine.java:29
Ahhh - that is probably because you did not package the messages*.properties in a jar file and included that in you classpath....

This is somewhat undocumented that you need to that - but without that there is no way you can run external ISIM api code.

Regards
Franz Wolfhagen
Manigandan Jegannathan
2014-07-23 06:02:20 UTC
Permalink
Raw Message
All Fine,

But no idea why i am getting this error,
com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ??? while invoking (Home)ITIM#api_ejb.jar#enroleejb.SearchAuthorityHome create::2 null vmcid: 0x0 minor code: 0 completed: No
at com.ibm.ws.security.core.SecurityCollaborator.performAuthorization(SecurityCollaborator.java:686)
at com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSecurityCollaborator.java:276)
at com.ibm.ejs.container.EJSContainer.preInvokeAfterActivate(EJSContainer.java:4066)
at com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:3273)
at com.ibm.itim.apps.ejb.search.EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c.create(Unknown Source)
at com.ibm.itim.apps.ejb.search._EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie.create(_EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie.java:160)
at com.ibm.itim.apps.ejb.search._EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie._invoke(_EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie.java:86)
at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:585)
at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:461)
at com.ibm.rmi.iiop.ORB.process(ORB.java:533)
at com.ibm.CORBA.iiop.ORB.process(ORB.java:1574)
at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2956)
at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2823)
at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:65)
at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1656)
SERVER (id=4773e3aa, host=US04IDMAPPDEV.corp.logitech.com) TRACE END.
vmcid: 0x0 minor code: 0 completed: No
at com.ibm.itim.apps.search.SearchMO.createN
m***@gmail.com
2016-12-19 16:58:01 UTC
Permalink
Raw Message
Hi, it's an old thread, but I am facing exactly the same issue as you were. Were you able to figure it out?
Steven Lynch
2017-04-05 19:16:09 UTC
Permalink
Raw Message
Post by m***@gmail.com
Hi, it's an old thread, but I am facing exactly the same issue as you were. Were you able to figure it out?
I was able to figure it out thanks to the help of this thread. It is successfully working.
Steven Lynch
2017-04-19 15:58:32 UTC
Permalink
Raw Message
Part 2!

Now that my modify goes through with a Web Service call, I am trying to capture the response to obtain the request ID. This would confirm that the request successfully went through.

Within the "Input Map" of the modifyAccount, I have this as a "Work Attribute":

var modify_response = conn["return"].getValue(0);
var theResponse = modify_response.modifyAccountReturn();

task.logmsg("modify_response is " + modify_response);
task.logmsg("theResponse is " + theResponse);
task.logmsg("Request ID = " + theResponse.getRequestId());

The log output of the above is:

modify_response is ***@8daf48d3
theResponse is ***@4d6
Request ID = 0

What am I doing wrong?

Loading...