How to Restrict Web Services Logins to Only Go Through PKI "loginServiceManaged()"?

Document ID : KB000050135
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The document gives a detailed step-by-step procedure to disable the web services logon for Service Desk Manager, so that all of the web service calls go through the Public Key Infrastructure(PKI) using "loginServiceManaged()".

Solution:

This document is different than requiring a secure login as described in the Implementation Guide.

The Implementation Guide covers steps for requiring a login() and loginService() web methods to be called with a secure protocol, such as https.

For more information on that, please refer to the "Web Services Configuration" on page 439 of the 12.5 CA SDM Implementation Guide.

This document covers the steps to force all logins to go through PKI.

To disable the Web Services logon for Service Desk Manager, follow these steps:

  1. Make a backup of the following file on all servers - the primary server as well as all secondary servers:

    SD_or_CMDB_install_directory\sdk\websvc\R11\deploy.wsdd

    Note: the above file is for windows install and for UNIX/Linux install, it will be
    $NX_ROOT/sdk/websvc/R11/deploy.wsdd

  2. Edit the file, deploy.wsdd, in a text editor.

  3. Search for the following text string: handler type="USDSecurity65"

  4. Remove the comment character strings, "<!--" and "-->", from the following section:
    <!--<handler type="USDSecurity65" />-->
    The result is:
    <handler type="USDSecurity65" />
  5. Save the file.

  6. Run "pdm_configure" on all servers - the primary server as well as the secondary servers.

  7. Start Service Desk Manager Proctor Daemon Service on all secondary servers.

  8. Start the Service Desk Manager Daemon Service on the primary server.

Once the steps have been followed, Service Desk Manager no longer accepts calls made to the "login()" and "loginService()" Web Service methods.

Any calls to "login()" return: 'GLOBAL EXCEPTION: User logon disabled'. Calls to "loginServiceManaged()", which uses PKI, are accepted.

For more information, please refer to the CA Service Desk Implementation Guide r12.5 CA SDM.

Figure 1. Before changing deploy.wsdd.
Figure 1

Figure 2. After changing deploy.wsd.
Figure 2