Secure MIF web service methods with native authentication

By default, MIF web services are unsecure, but if you are using native Maximo security and not LDAP, you can secure MIF web services with this configuration change.

Normally Web Services and HTTP Servelets are secured using the MEAWEB Web.xml descriptor to map the maximousers security role in the Application Server to each service. If you are using native security this role has no function as authentication is done at the database level

Resolving the problem

You can secure these services at the EJB level. Open the file:

[maximo_root]/applications/maximo/mboejb/ejbmodule/META-INF/ejb-jar.xml

You will each service has a section where the security can be configured e.g:

<session id="Session_enterpriseservice">
  <ejb-name>enterpriseservice</ejb-name>
    <home>psdi.iface.gateway.MEAGatewayHome</home>
    <remote>psdi.iface.gateway.MEAGateway</remote>
    <local-home>psdi.iface.gateway.MEAGatewayHomeLocal</local-home>
    <local>psdi.iface.gateway.MEAGatewayLocal</local>
    <ejb-class>psdi.iface.gateway.MEAGatewayBean</ejb-class>
    <session-type>Stateless</session-type>
    <transaction-type>Container</transaction-type>
    <env-entry>
       <env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
       <env-entry-type>java.lang.String</env-entry-type>
       <env-entry-value>1</env-entry-value>
    </env-entry>
    <security-role-ref>
       <description>MAXIMO Application Users</description>
       <role-name>maximouser</role-name>
       <role-link>maximouser</role-link>
    </security-role-ref>
</session>

For each service defined set the ALLOWDFLTLOGIN to 0 like so:

<env-entry>
   <env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
   <env-entry-type>java.lang.String</env-entry-type>
   <env-entry-value>0</env-entry-value>
</env-entry>

Then rebuild and redeploy the Maximo.ear file.

When you send in a transaction now you must specify an HTTP Header MAXAUTH with a value of username:password encoded as a Base64 string, where username:password is a valid Maximo user. [IBM Support]

Did You Know...

As Maximo Experts, we have developed several add-on products for Maximo that mobilize the work force, simplifies assignments, provides ad-hoc reporting capabilities and facilitates the seamless integration of Service Requests into Maximo.

Check out our products by clicking on the following links: EZMaxMobile, EZMaxPlanner and EZMaxRequest.

Find Out More

3 thoughts on “Secure MIF web service methods with native authentication

  1. Chon,

    I have performed all the changes mentioned above.I added the MAXAUTH header,but during query it gave some error It seems like MAXAUTH Header syntax is incorrect.
    Could you please provide the syntax of MAXAUTH Header tag.

  2. Hi Chon,
    We are trying to change from Native auth to LDAP, but can’t seem to get it to work. Is the MAXAUTH header still required and the EJB changes reverted back? So just application security and Basic auth in the web.xml of meaweb?
    thanks for your time.

  3. Hi Chon,

    I need to consume a webservice from an Maximo via SOAP protocol.I have a WSDL reference using that I can post data successfully to Maximo setup at offshore. However at onsite instance while invoking the webservice its gives an error “Java.lang.reflect.InvocationTargetException”. The same error we are getting via SoapUI tool as well but if we set the variable MAXAUTH with some value (as expected by the server) and pass it in the header in SoapUI tool we can invoke the webService successfully.

    I don’t know how to set the value of the variable in Soap header in the .Net code below and invoke the webservice. Please let me know how to do it. I tried few things but it’s not working. Below is the code snippet after creating the DomainService as web reference by referencing the WSDL from the web server,

    // File containing the setting of Domain values and invoke of Webservice by referencing the Domain WSDL with DomainService as the reference name.

    DomainService.EXTSYS1_SEDOMAIN_ES req = new
    DomainService.EXTSYS1_SEDOMAIN_ES();
    DomainService.SE_DOMAIN_OBJ_MAXDOMAINType domain = new DomainService.SE_DOMAIN_OBJ_MAXDOMAINType();

    domain.DOMAINID = new DomainService.MXStringType();
    domain.DOMAINID.Value = “SEDOMAIN”;
    domain.transLanguage = baseLanguage;
    domain.action = new DomainService.ProcessingActionType();
    domain.action = DomainService.ProcessingActionType.AddChange;
    domain.ALNDOMAIN = new DomainService.SE_DOMAIN_OBJ_ALNDOMAINType[100];
    domain.ALNDOMAIN[iCounter] = new DomainService.SE_DOMAIN_OBJ_ALNDOMAINType();
    domain.ALNDOMAIN[iCounter].action = new DomainService.ProcessingActionType();
    domain.ALNDOMAIN[iCounter].action = DomainService.ProcessingActionType.Add;
    domain.ALNDOMAIN[iCounter].VALUE = new DomainService.MXStringType();
    domain.ALNDOMAIN[iCounter].VALUE.Value = domainValue;
    domain.ALNDOMAIN[iCounter].ORGID = new DomainService.MXStringType();
    domain.ALNDOMAIN[iCounter].ORGID.Value = ORGName;
    domain.ALNDOMAIN[iCounter].SITEID = new DomainService.MXStringType();
    domain.ALNDOMAIN[iCounter].SITEID.Value = SITEName;
    domain.ALNDOMAIN[iCounter].DESCRIPTION = new DomainService.MXLangStringType();
    domain.ALNDOMAIN[iCounter]).DESCRIPTION.Value = domainDescription;
    DateTime timeNowHelp = DateTime.Now;
    DateTime timLocal = new DateTime(timeNowHelp.Year, timeNowHelp.Month, timeNowHelp.Day, timeNowHelp.Hour, timeNowHelp.Minute, timeNowHelp.Second,DateTimeKind.Local);
    req.Set
    req.SyncSE_DOMAIN_OBJ(new DomainService.SE_DOMAIN_OBJ_MAXDOMAINType[] { domain },ref timLocal, ref timespecified, ref baseLanguage, ref transLanguage, ref messageID, ref maximoVersion);

    // File containing the code to set the MAXAUTH in Soap header

    namespace MRCXMLConverter.DomainService
    {
    public class MyHeader : SoapHeader
    {
    public string MAXAUTH;
    }

    public partial class EXTSYS1_SEDOMAIN_ES : System.Web.Services.Protocols.SoapHttpClientProtocol
    {
    public MyHeader MXHEADER;

    [WebMethod]
    [SoapHeader(“MAXAUTH”)]
    public void SetAuthentication()
    {
    MXHEADER = new MyHeader();
    XHEADER.MAXAUTH = “bWF4YWRtaW46bWF4YWRtaW4=”;

    }
    }

Leave a Reply