DSXchange

A short text to describe your forum
http://www.dsxchange.com/

Basic Authentication

http://www.dsxchange.com/viewtopic.php?f=19&t=152348

Page 1 of 1

Basic Authentication

Posted: Wed Apr 09, 2014 3:21 pm
by william.wang_GMA
Hi

A webservice is deployed at ISD with basic authentication required.

How does an external client access this webservice? What needs to be set up: usernames, password, roles, groups ... to satisfy that basic authentication?

I've been reading the help page of the Web Console and googling, but still haven't been able to get an overall pictures of what are different architectural components that must fit together ... So far all I can see are bits and pieces, and done some hacking.

Any good references?

Thanks

Posted: Wed Apr 09, 2014 3:33 pm
by eostic
Go to the Info Server administration console...check out the various user roles that can be assigned for "Information Services Director"....when you turn on basic authentication for an ISD service, then only established Information Services Director roles can use it, who have the right role to execute the service, and then their Info Server credentials are validated...

Ernie

Posted: Fri Apr 11, 2014 9:45 am
by william.wang_GMA
Thanks for the tip.

But still can't get it to work ;(

Posted: Wed May 07, 2014 5:37 pm
by eli.nawas_AUS
Hi

I am able to do the following in Service Director:
- Create 2 webservices (WSA, WSB)
- Create 2 users (userA, userB)
- Grant CONSUMER role to both users
- Write small C# console app to call either WSA or WSB from either userA or userB.

My dilemma is this:
I want to set up roles from Service Director such that:
- userA can only invoke WSA, not WSB
- userB can only invoke WSB, not WSA

Is this doable from Service Director? Can we create new roles and assign webservices to roles like with roles/tables/privs in a database?

It seems the role CONSUMER allows/prevents a user to invoke a webservice.

Thanks

Posted: Wed May 07, 2014 8:50 pm
by qt_ky
My experience has been that the ISD Consumer role allows user(s) to invoke ALL web services that require basic authentication. I wanted more granular control, out of the box, over the ISD security model just as you mentioned above, so I had opened an enhancement request about it in 2011: APAR JR40744. It would help greatly if you and any other customers contact IBM and request the same thing, and reference JR40744, which is not an externally searchable APAR number.

Posted: Thu May 08, 2014 8:29 am
by eli.nawas_AUS
I'll poke around. If i find anything i'll reply to this thread, if any ;)

Thanks
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited