Integration between CA Service Catalog and CA Service Desk Manager (SDM) using Public Keys (PKI)

Document ID : KB000019067
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

While limited integration can be performed using username/password, certain features (for example the content supplied in the Service Management Content Pack) require that PKI-based integration is enabled.

Solution:

To configure this:

Firstly, create the policy in Service Desk Manager (SDM).

The Policy code name is set in the Service Catalog UI at

Service Catalog > Administration > Configuration > CA Service Desk

with the property named 'Policy Code', which is by default 'USM_SD_Policy'.

You may wish to use this to simplify matters, though it can be changed if preferred.

To create the policy in SDM with the name as set in Service Catalog:

Go to the Service Desk User Interface, then

Service Desk > Administration > SOAP Web Service Policy > Policies

Click the 'Create New' button and set the Symbol and Code to USM_SD_Policy (or the alternative used in the first step), Status to Active, Proxy Contact to "Administrator, Service Delivery" (which is spadmin) or if preferred any other Service Catalog spadministrator user, and Allow Impersonate to Yes. Other settings can be left at default.

Click 'Save'. Click 'Close Window'.

Next is to build a certificate file for that policy.

On the Service Desk machine, 'cd' into %NX_ROOT% and run the command

pdm_pki -p USM_SD_Policy -f

replacing the code name USM_SD_Policy with the custom name if one was chosen. This will create USM_SD_Policy.p12 (or equivalent name for a custom policy) in that directory.

You then need to copy it to your Service Catalog machine's %USM_HOME% location.

Finally, back in the Catalog user interface at

Service Catalog > Administration > Configuration > CA Service Desk

set Enable PKI to Yes, and hit the 'Test' button. The test should then use the certificate file to connect to Service Desk, and report its success. You are now configured to use PKI-based integration.