ITIM API through ITDI

I'm going to log on here my attempts to get this working with
information pulled from a variety of sources:

WebSphere 6.1.0 FP 23
ITIM 5.1 FP 1
ITDI 7.0

Created a subfolder of <ITDI INSTALL DIR>/jars/itimapi
Using the setEnv command from the ITIM API examples <ITIM HOME>/
extensions/5.1/examples/apps/bin/win/setEnv.bat I copied the listed
jar files across to <ITDI INSTALL DIR>/jars/itimapi:
api_ejb.jar, bootstrap.jar
com.ibm.ws.ejbportable_6.1.0.jar
com.ibm.ws.emf_2.1.0.jar
com.ibm.ws.runtime_6.1.0.jar
com.ibm.ws.wccm_6.1.0.jar
com.ibm.ws.webservices.thinclient_6.1.0.jar
itim_api.jar
itim_common.jar
itim_server.jar
jlog.jar

Created a new jar file tmsMessages.jar and copied
tmsMessages.properties and tmsMessages_en.properties from <ITIM_HOME>/
data. Moved tmsMessages.jar into the <ITDI INSTALL DIR>/jars/itimapi

Copied jaas_login_was.conf from <ITIM HOME>/extensions/5.1/examples/
apps/bin to <ITDI INSTALL DIR>/jars/itimapi
Content is:

WSLogin {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy
required
delegate=com.ibm.ws.security.common.auth.module.WSLoginModuleImpl;
};

ITIM {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy
required delegate=com.ibm.itim.apps.jaas.spi.PlatformLoginModule;
};

Added the following to solution.properties

java.security.auth.login.config=C:\IBM\TDI\V7.0\jars\itimapi
\jaas_login_was.conf
java.naming.factory.initial=com.ibm.websphere.naming.WsnInitialContextFactory
com.ibm.CORBA.validateBasicAuth=false

That should be the setup complete.

flamesnm

2011-01-27 10:00:08 UTC

Created a script node containing:

var appServer = "iiop://localhost:2809";
var ejbUser = "wasadmin";
var ejbPwd = "passw0rd";
var platformCxtFactory =
"com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory";

var env = new Packages.java.util.Hashtable();

env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.CONTEXT_FACTORY,
platformCxtFactory);
env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_URL,
appServer);
env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_PRINCIPAL,
ejbUser);
env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_CREDENTIALS,
ejbPwd);

var platform = null;

try {
platform = new
Packages.com.ibm.itim.apps.InitialPlatformContext(env);
} catch (e) {
e.printStackTrace();
}

flamesnm

2011-01-27 10:05:48 UTC

Failed. Getting error getting the context:
getContext] CTGDIS809E handleException - cannot handle exception ,
script
java.lang.NullPointerException
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:360)
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:322)
at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:
127)
at
com.ibm.itim.exception.ITIMException.getLocalizedMessage(ITIMException.java:
100)
at java.lang.Throwable.toString(Throwable.java:275)
at java.lang.String.valueOf(String.java:1505)
at
com.ibm.jvm.io.ConsolePrintStream.getNewlinedString(ConsolePrintStream.java:
348)
at
com.ibm.jvm.io.ConsolePrintStream.getNewlinedString(ConsolePrintStream.java:
332)
at com.ibm.jvm.io.ConsolePrintStream.println(ConsolePrintStream.java:
322)
at java.lang.Throwable.printStackTrace(Throwable.java:222)
at java.lang.Throwable.printStackTrace(Throwable.java:163)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
79)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
43)
at java.lang.reflect.Method.invoke(Method.java:618)
at com.ibm.jscript.types.JavaAccessObject.call(JavaAccessObject.java:
298)
at com.ibm.jscript.types.FBSObject.call(FBSObject.java:153)
at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:151)
at com.ibm.jscript.ASTTree.ASTTry.interpretCatch(ASTTry.java:125)
at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:99)
at com.ibm.jscript.ASTTree.ASTProgram.interpretEx(ASTProgram.java:
102)
at com.ibm.jscript.JSExpression.interpretExpression(JSExpression.java:
399)
at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:249)
at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:236)
at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:239)
at com.ibm.jscript.JSInterpreter.interpret(JSInterpreter.java:53)
at com.ibm.di.script.ScriptEngine.interpret(ScriptEngine.java:867)
at com.ibm.di.script.ScriptEngine.interpret(ScriptEngine.java:837)
at com.ibm.di.server.ScriptComponent.add1(ScriptComponent.java:244)
at com.ibm.di.server.ScriptComponent.add(ScriptComponent.java:210)
at
com.ibm.di.server.AssemblyLine.msExecuteNextConnector(AssemblyLine.java:
3535)
at com.ibm.di.server.AssemblyLine.executeMainStep(AssemblyLine.java:
3173)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:
2818)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:
2801)
at com.ibm.di.server.AssemblyLine.executeAL(AssemblyLine.java:2770)
at com.ibm.di.server.AssemblyLine.run(AssemblyLine.java:1275)

flamesnm

2011-01-27 10:13:43 UTC

It looks like it can't find the relevant tmsMessages error. Using
ProcessExplorer for the jvm, it looks like the tmsMessages.jar isn't
in the classpath.

flamesnm

2011-01-28 12:18:48 UTC

OK. Got it working. The key to the piece is ensuring you have the IBM
install directory in the classpath for TDI.

The setup is:

Add the following .jars under in a sub folder under <tdi install>/
jars/
api.ejb, bootstrap.jar, com.ibm.ws.admin.client_6.1.0.jar,
com.ibm.ws.ejbportable_6.1.0.jar, com.ibm.ws.emf_2.1.0.jar,
com.ibm.ws.runtime_6.1.0.jar, com.ibm.ws.wccm_6.1.0.jar,
com.ibm.ws.webservices.thinclient_6.1.0.jar, itim_api.jar,
itim_common.jar, itim_server.jar, itim_server_api.jar, jlog.jar,
tmsMessages.jar ( jar versions of tmsMessages as detailed above )

To setup the jaas login
Create a file (eg called jaas.conf ) with the following contents in
<tdi intall>/jvm/jre/lib/security/
ClientContainer {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy
required
delegate=com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl;
};

WSLogin {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy
required
delegate=com.ibm.ws.security.common.auth.module.WSLoginModuleImpl;
};

ITIM {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy
required delegate=com.ibm.itim.apps.jaas.spi.PlatformLoginModule;
};

serviceLoginContext {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy
required
delegate=com.ibm.itim.remoteservices.provider.itim.ServiceLoginModule;
};

Amend <tdi intall>/jvm/jre/lib/security/java.security as follows:
login.config.url.1=file:${java.home}/lib/security/jaas.conf
also
policy.allowSystemProperty=false

This last change allows the login.config.url.1 setting to kick in.
There may be other ways to ensure the jaas config is setup correctly,
but this works.

Amend your ibmdisrv.bat to add the <itim home>/data folder to be
included in the classpath. This is a key component.
"%TDI_JAVA_PROGRAM%" -classpath "%TDI_HOME_DIR%\IDILoader.jar;C:\ibm
\itim\data" %ENV_VARIABLES% com.ibm.di.loader.IDILoader
com.ibm.di.server.RS %*

Simple script to create the context is:
var appServer = "iiop://localhost:2809";
var ejbUser = "wasadmin";
var ejbPwd = "passw0rd";
var platformCxtFactory =
"com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory";

var env = new java.util.Hashtable();

env.put(com.ibm.itim.apps.InitialPlatformContext.CONTEXT_FACTORY,platformCxtFactory);
env.put(com.ibm.itim.apps.InitialPlatformContext.PLATFORM_URL,appServer);
env.put(com.ibm.itim.apps.InitialPlatformContext.PLATFORM_PRINCIPAL,ejbUser);
env.put(com.ibm.itim.apps.InitialPlatformContext.PLATFORM_CREDENTIALS,ejbPwd);

var platform = null;

platform = com.ibm.itim.apps.InitialPlatformContext(env);

task.logmsg(platform.getID());

flamesnm

2011-01-28 13:55:43 UTC

Person search example code. This complete the thread :o)

var appServer = "iiop://localhost:2809";
var ejbUser = "itim manager";
var ejbPwd = "passw0rd";
var platformCxtFactory =
"com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory";

var env = new java.util.Hashtable();

env.put(com.ibm.itim.apps.InitialPlatformContext.CONTEXT_FACTORY,platformCxtFactory);
env.put(com.ibm.itim.apps.InitialPlatformContext.PLATFORM_URL,appServer);
//
env.put(com.ibm.itim.apps.InitialPlatformContext.PLATFORM_PRINCIPAL,ejbUser);
//
env.put(com.ibm.itim.apps.InitialPlatformContext.PLATFORM_CREDENTIALS,ejbPwd);

var platform = null;

task.logmsg("Getting context");
platform = com.ibm.itim.apps.InitialPlatformContext(env);
task.logmsg("DEBUG", "Got context");

task.logmsg("Getting handler");
var platformHandler = new
com.ibm.itim.apps.jaas.callback.PlatformCallbackHandler(ejbUser,ejbPwd);
platformHandler.setPlatformContext(platform);
task.logmsg("DEBUG", "Got handler");

task.logmsg("Getting login context");
var loginContext = new javax.security.auth.login.LoginContext("ITIM",
platformHandler);
task.logmsg("DEBUG", "Got handler");

task.logmsg("Logging in..........");
loginContext.login();
task.logmsg("DEBUG", "Logged in");

task.logmsg("Getting subject");
var subject = loginContext.getSubject();
task.logmsg("DEBUG", "Got subject");

// Setup environment properties
var tenantID = "Acme"; // from enrole.properties
// var defaultOrgID = "erglobalid=00000000000000000000";
var ldapServerRoot = "dc=com";

// var defaultOrg = defaultOrgID + ",ou=" + tenantID + ","
+ldapServerRoot;
var searchOrg = "ou=" + tenantID + "," +ldapServerRoot;

//task.logmsg("defaultOrg: " + defaultOrg);
task.logmsg("searchOrg: " + searchOrg);

var personFilter = "(cn=Test Name)";

var loginContext = new javax.security.auth.login.LoginContext("ITIM",
platformHandler);
var searchMO = new com.ibm.itim.apps.search.SearchMO(
platform, subject);
searchMO.setCategory(com.ibm.itim.dataservices.model.ObjectProfileCategory.PERSON);
searchMO.setContext(new
com.ibm.itim.dataservices.model.CompoundDN(com.ibm.itim.dataservices.model.DistinguishedName(searchOrg)));
searchMO.setProfileName("Person");
searchMO.setFilter(personFilter);
task.logmsg(searchMO.toString());

var searchResultsMO = new searchMO.execute();
var people = searchResultsMO.getResults();
task.logmsg("Results returned count: " + people.size());

var person = people.iterator().next();
task.logmsg(person.toString());

Eddie Hartman

2011-01-29 10:06:09 UTC

Post by flamesnm
Person search example code. This complete the thread :o)
var appServer = "iiop://localhost:2809";
var ejbUser = "itim manager";
var ejbPwd = "passw0rd";
var platformCxtFactory =
"com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory";
var env = new java.util.Hashtable();
env.put(com.ibm.itim.apps.InitialPlatformContext.CONTEXT_FACTORY,platformCxtFactory);
env.put(com.ibm.itim.apps.InitialPlatformContext.PLATFORM_URL,appServer);
//
env.put(com.ibm.itim.apps.InitialPlatformContext.PLATFORM_PRINCIPAL,ejbUser);
//
env.put(com.ibm.itim.apps.InitialPlatformContext.PLATFORM_CREDENTIALS,ejbPwd);
var platform = null;
task.logmsg("Getting context");
platform = com.ibm.itim.apps.InitialPlatformContext(env);
task.logmsg("DEBUG", "Got context");
task.logmsg("Getting handler");
var platformHandler = new
com.ibm.itim.apps.jaas.callback.PlatformCallbackHandler(ejbUser,ejbPwd);
platformHandler.setPlatformContext(platform);
task.logmsg("DEBUG", "Got handler");
task.logmsg("Getting login context");
var loginContext = new javax.security.auth.login.LoginContext("ITIM",
platformHandler);
task.logmsg("DEBUG", "Got handler");
task.logmsg("Logging in..........");
loginContext.login();
task.logmsg("DEBUG", "Logged in");
task.logmsg("Getting subject");
var subject = loginContext.getSubject();
task.logmsg("DEBUG", "Got subject");
// Setup environment properties
var tenantID = "Acme"; // from enrole.properties
// var defaultOrgID = "erglobalid=00000000000000000000";
var ldapServerRoot = "dc=com";
// var defaultOrg = defaultOrgID + ",ou=" + tenantID + ","
+ldapServerRoot;
var searchOrg = "ou=" + tenantID + "," +ldapServerRoot;
//task.logmsg("defaultOrg: " + defaultOrg);
task.logmsg("searchOrg: " + searchOrg);
var personFilter = "(cn=Test Name)";
var loginContext = new javax.security.auth.login.LoginContext("ITIM",
platformHandler);
var searchMO = new com.ibm.itim.apps.search.SearchMO(
platform, subject);
searchMO.setCategory(com.ibm.itim.dataservices.model.ObjectProfileCategory.PERSON);
searchMO.setContext(new
com.ibm.itim.dataservices.model.CompoundDN(com.ibm.itim.dataservices.model.DistinguishedName(searchOrg)));
searchMO.setProfileName("Person");
searchMO.setFilter(personFilter);
task.logmsg(searchMO.toString());
var searchResultsMO = new searchMO.execute();
var people = searchResultsMO.getResults();
task.logmsg("Results returned count: " + people.size());
var person = people.iterator().next();
task.logmsg(person.toString());

Wow! Thanks for sharing that.

Need a pen? :)
-Eddie

flamesnm

2011-01-31 08:58:13 UTC

I always forget this stuff about 2 days after I do it, so my new year
resolution ( about 20 years to late ) is to start writing it up. I
don't have a personal blog, and as this is the place TDIers come for
advice, it seemed a good place to post it. Google can handle the
bandwidth :O)

j***@gmail.com

2012-12-05 06:39:30 UTC

Hi,
com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ??? while invoking (Home)ITIM#api_ejb.jar#enroleejb.HomeHome create::2 null vmcid: 0x0 minor code: 0 completed: No

at com.ibm.ws.security.core.SecurityCollaborator.performAuthorization(SecurityCollaborator.java:685)
at com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSecurityCollaborator.java:275)
at com.ibm.ejs.container.EJSContainer.preInvokeForStatelessSessionCreate(EJSContainer.java:4160)
at com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:3263)
at com.ibm.itim.apps.ejb.home.EJSRemoteStatelessenroleejb_HomeHomeHome_cbc0cf54.create(Unknown Source)
at com.ibm.itim.apps.ejb.home._EJSRemoteStatelessenroleejb_HomeHomeHome_cbc0cf54_Tie.create(_EJSRemoteStatelessenroleejb_HomeHomeHome_cbc0cf54_Tie.java:161)
at com.ibm.itim.apps.ejb.home._EJSRemoteStatelessenroleejb_HomeHomeHome_cbc0cf54_Tie._invoke(_EJSRemoteStatelessenroleejb_HomeHomeHome_cbc0cf54_Tie.java:86)
at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:623)
at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:476)
at com.ibm.rmi.iiop.ORB.process(ORB.java:518)
at com.ibm.CORBA.iiop.ORB.process(ORB.java:1574)
at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2880)
at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2753)
at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:63)
at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1613)
SERVER (id=2364964c, host=omidm.testi.x) TRACE END.

Any ideas?

Franzw

2012-12-05 14:32:42 UTC

Post by j***@gmail.com
Hi,
com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ??? while invoking (Home)ITIM#api_ejb.jar#enroleejb.HomeHome create::2 null vmcid: 0x0 minor code: 0 completed: No

Any ideas?

The security model has changed as WAS is now the authentication provider. Take a look in the examples/apps folder - all samples should have been updated.

I have not yet had the time to play with this - but I believe it should be fairly straightforward changes.

HTH
Regards
Franz Wolfhagen

j***@gmail.com

2012-12-12 16:02:51 UTC

Any ideas?

The security model has changed as WAS is now the authentication provider. Take a look in the examples/apps folder - all samples should have been updated.
I have not yet had the time to play with this - but I believe it should be fairly straightforward changes.
HTH
Regards
Franz Wolfhagen

Still working with this. I went through examples but still problems. Has anybody find out how to make this work?

-jukka-

l***@gmail.com

2013-06-07 09:01:55 UTC

Hi Jukka!

I have the exact same error message using ISIM 6 and trying to access IsIm via the ISIM APIs.
I have gotten this to work in ITIM 5.1 but not in ISIM 6, I tried to base the TDI code on the example code of the Extensons/example java code (which is working by the way)...

Any info on how to resolve the corba error?

/L-O

Any ideas?

The security model has changed as WAS is now the authentication provider. Take a look in the examples/apps folder - all samples should have been updated.
I have not yet had the time to play with this - but I believe it should be fairly straightforward changes.
HTH
Regards
Franz Wolfhagen

Still working with this. I went through examples but still problems. Has anybody find out how to make this work?
-jukka-

SourabhM

2013-06-25 09:04:10 UTC

Post by l***@gmail.com
Hi Jukka!
I have the exact same error message using ISIM 6 and trying to access IsIm via the ISIM APIs.
I have gotten this to work in ITIM 5.1 but not in ISIM 6, I tried to base the TDI code on the example code of the Extensons/example java code (which is working by the way)...
Any info on how to resolve the corba error?
/L-O

Any ideas?

The security model has changed as WAS is now the authentication provider. Take a look in the examples/apps folder - all samples should have been updated.
I have not yet had the time to play with this - but I believe it should be fairly straightforward changes.
HTH
Regards
Franz Wolfhagen

Still working with this. I went through examples but still problems. Has anybody find out how to make this work?
-jukka-

Hi Guys,

I am also having the same corba error earlier and then i try to execute the example code present in isim home and its working fine.

I have written custom code to load provisioning policies and executing the class file using batch file same as example folder and it is working also.

I will suggest to refer the code/batch scripts from example folder.

Below Code working fine :

Hashtable env = new Hashtable();
env.put(InitialPlatformContext.CONTEXT_FACTORY,"com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory");
env.put(PlatformContext.PLATFORM_URL,"corbaloc:iiop:Test:2811");
env.put(PlatformContext.PLATFORM_PRINCIPAL,"itim manager");
env.put(PlatformContext.PLATFORM_CREDENTIALS,"secret");
env.put(PlatformContext.PLATFORM_REALM,"itimCustomRealm");

platform = new InitialPlatformContext(env);

CallbackHandler handler = new WSCallbackHandlerImpl("itim manager","itimCustomRealm","secret");

lc = new LoginContext("WSLOGIN", handler);
lc.login();
subject = lc.getSubject();

Cheers,
SourabhM

SourabhM

2013-06-25 09:09:00 UTC

Any ideas?

The security model has changed as WAS is now the authentication provider. Take a look in the examples/apps folder - all samples should have been updated.
I have not yet had the time to play with this - but I believe it should be fairly straightforward changes.
HTH
Regards
Franz Wolfhagen

Still working with this. I went through examples but still problems. Has anybody find out how to make this work?
-jukka-

Hi Guys,

I am also having the same corba error earlier and then i try to execute the example code present in isim home and its working fine.

Also, I have written custom code to load provisioning policies and executing the class file using batch file same as example folder and it is working also.

I will suggest to refer the API code/batch scripts from example folder.

Below Code working fine :

Hashtable env = new Hashtable();
env.put(InitialPlatformContext.CONTEXT_FACTORY,"com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory");
env.put(PlatformContext.PLATFORM_URL,"corbaloc:iiop:Test:2811");
env.put(PlatformContext.PLATFORM_PRINCIPAL,"itim manager");
env.put(PlatformContext.PLATFORM_CREDENTIALS,"secret");
env.put(PlatformContext.PLATFORM_REALM,"itimCustomRealm");

platform = new InitialPlatformContext(env);

CallbackHandler handler = new WSCallbackHandlerImpl("itim manager","itimCustomRealm","secret");

lc = new LoginContext("WSLogin", handler);
lc.login();
subject = lc.getSubject();

Cheers,
SourabhM

p***@gslab.com

2014-10-13 13:38:24 UTC

Post by SourabhM