IT Process Automation

I'm trying to build a flow that temporarily passes processes from our 3.1 environment over to our 4.1 environment during a transition period. I had hoped to use the ExecuteProcess method to start some processes and pass some parameters, but I'm experiencing an authentication error.

I'm about to authenticate from SOAPui, so I know the account, name, and password are correct and fully functional.

But the PAM 3.1 interface for constructing a SOAP call with authentication is blowing my mind.

I tried using the macro expansion method, but it didn't seem to work at all.

So I switched to expression and built my expression using dataset variables, like this...

[font=Courier New]Process.p_soapdata='<executeProcess xmlns="http://www.ca.com/itpam">';
Process.p_soapdata+='<flow>';
Process.p_soapdata+='<name>/flowlocation/myFlowName</name>';
Process.p_soapdata+='<action>Start</action>';
Process.p_soapdata+='<auth>';
// Process.p_soapdata+='<user>'+Process.p_uid+'</user>';
// Process.p_soapdata+='<password>'+Process.p_pw+'</password>';
Process.p_soapdata+='</auth>';
Process.p_soapdata+='<params>';
Process.p_soapdata+='<param name="FAKEDPHONY">Kendall the Knight</param>';
Process.p_soapdata+='</params>';
Process.p_soapdata+='</flow>';
Process.p_soapdata+='</executeProcess>';[font]


No matter what I try, I just get this response from the soap call.
[color=#ff0000]SOAP-ENV:Client The specified user ID, password, or token is invalid. [color]

I'm certain that I'm poking the interface the wrong way, just not sticking stuff in the right places. Any guidance is appreciated.

I've tried every combination of getting the password into the SOAP request that I can imagine.

This may be caused by a domain hop in the process. The calling orchestrator is in our production domain and it's calling a test orchestrator in a lower domain (which trusts production). This behavior works well from SoapUI in production, but fails in Process Automation.

Hey Rob,

I don't think this has anything to do with different domains and trusts. I'm guessing that your password is a variable of the password type. If so, you can't concatenate it like you are doing above. If you try to manipulate a password field (including concatenating it with another string), it will return a null. This is done on purpose to minimize plain text exposure of passwords.

I'll put together an example using macro replacement and post it here.

Thanks,
Tom

Thanks, that would be great. I tried using the macro replacement first, but had the same results. There's a good chance I just don't get that whole process.

Hi Tom,

I'm actually having a similar problem too. In my case, I'm not using a SOAP operator. PAM SOAP operators fail on http 202 responses (have a case opened for that). In the meantime, I'm using an HTTP Post operator as a workaround and building the SOAP request in the pre-exec code (code below).

My problem stems from the fact that I can't concatenate or work with PAM Password types.I'm trying to find a way to keep the password "hidden" but use it in a SOAP request. Any ideas?


// SOAP Template
var soapBody = '<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:par="http://schemas.hp.com/ucmdb/discovery/1/params" xmlns:typ="http://schemas.hp.com/ucmdb/1/types">'
+ "\n" + '<soap:Header/>'
+ "\n" + '<soap:Body>'
+ "\n" +
'<par:updateCredentialsEntryRequest>'
+ "\n" +
'<par:domainName>__DOMAIN__</par:domainName>'
+ "\n" +
'<par:protocolName>wmiprotocol</par:protocolName>'
+ "\n" +
'<par:credentialsEntryID>__CREDENTIAL_ID__</par:credentialsEntryID>'
+ "\n" +
'<par:credentialsEntryParameters>'
+ "\n" +

'<typ:intProps>'
+ "\n" +

'<typ:intProp>'
+ "\n" +


'<typ:name>protocol_index</typ:name>'
+ "\n" +


'<typ:value>__PROTOCOL_INDEX__</typ:value>'
+ "\n" +

'</typ:intProp>'
+ "\n" +

'</typ:intProps>'
+ "\n" +

'<typ:strProps>'
+ "\n" +

'<typ:strProp>'
+ "\n" +


'<typ:name>user_label</typ:name>'
+ "\n" +


'<typ:value>__USER_LABEL__</typ:value>'
+ "\n" +

'</typ:strProp>'
+ "\n" +

'<typ:strProp>'
+ "\n" +


'<typ:name>protocol_timeout</typ:name>'
+ "\n" +


'<typ:value>__PROTOCOL_TIMEOUT__</typ:value>'
+ "\n" +

'</typ:strProp>'
+ "\n" +

'<typ:strProp>'
+ "\n" +


'<typ:name>protocol_netaddress</typ:name>'
+ "\n" +


'<typ:value>__PROTOCOL_NETADDRESS__</typ:value>'
+ "\n" +

'</typ:strProp>'
+ "\n" +

'<typ:strProp>'
+ "\n" +


'<typ:name>protocol_username</typ:name>'
+ "\n" +


'<typ:value>__PROTOCOL_USERNAME__</typ:value>'
+ "\n" +

'</typ:strProp>'
+ "\n" +

'<typ:strProp>'
+ "\n" +


'<typ:name>protocol_password</typ:name>'
+ "\n" +


'<typ:value>__PROTOCOL_PASSWORD__</typ:value>'
+ "\n" +

'</typ:strProp>'
+ "\n" +

'<typ:strProp>'
+ "\n" +


'<typ:name>wmiprotocol_wmidomain</typ:name>'
+ "\n" +


'<typ:value>__WMIPROTOCOL_WMIDOMAIN__</typ:value>'
+ "\n" +

'</typ:strProp>'
+ "\n" +

'</typ:strProps>'
+ "\n" +
'</par:credentialsEntryParameters>
'
+ "\n" +
'<par:CmdbContext>'
+ "\n" +

'<typ:callerApplication>CA Process Automation</typ:callerApplication>'
+ "\n" +
'</par:CmdbContext>'
+ "\n" +
'</par:updateCredentialsEntryRequest>'
+ "\n" + '</soap:Body>'
+ "\n" + '</soap:Envelope>'


// Replace Macros in template with values input by user
soapBody = soapBody.replace( /__DOMAIN__/g, Operator.TargetCredential__.DomainName__ );
soapBody = soapBody.replace( /__CREDENTIAL_ID__/g, Operator.TargetCredential__.CredentialID__ );
soapBody = soapBody.replace( /__PROTOCOL_INDEX__/g, Operator.UpdateCredentialEntry__.ProtocolIndex__ );
soapBody = soapBody.replace( /__USER_LABEL__/g, Operator.UpdateCredentialEntry__.UserLabel__ );
soapBody = soapBody.replace( /__PROTOCOL_TIMEOUT__/g, Operator.UpdateCredentialEntry__.ProtocolTimeout__ );
soapBody = soapBody.replace( /__PROTOCOL_NETADDRESS__/g, Operator.UpdateCredentialEntry__.ProtocolNetAddress__ );
soapBody = soapBody.replace( /__PROTOCOL_USERNAME__/g, Operator.UpdateCredentialEntry__.ProtocolUsername__ );
soapBody = soapBody.replace( /__PROTOCOL_PASSWORD__/g, Operator.UpdateCredentialEntry__.ProtocolPassword__ );
soapBody = soapBody.replace( /__WMIPROTOCOL_WMIDOMAIN__/g, Operator.UpdateCredentialEntry__.WMIProtocolWMIDomain__ );


// Assign SOAP Body to operator variable so it can be referenced
Process[OpName].SOAPBody = soapBody;

With repeated attempts to get the Macro replacement method to work, I was finally successful. In my use case, I wanted to take an inbound SOAP call in 3.1 and pass it to 4.1 via a SOAP call. It was tricky because I wanted to pass any run time variables created by the SOAP call to the other process without hand-building the dataset.

So I wrote a little javascript to examine the dataset and remove all the system variables. Then, I examined the leftovers and converted them to string parameters for passage to the outbound web service call.

I've attached a simplified flow for those who have some interest. Standard non-liability clauses apply.

If it's helpful, I'm glad. Maybe you can send me a case of Lemon & Paeroa if you live in New Zealand.

rob.mccoy wrote:

With repeated attempts to get the Macro replacement method to work, I was finally successful. In my use case, I wanted to take an inbound SOAP call in 3.1 and pass it to 4.1 via a SOAP call. It was tricky because I wanted to pass any run time variables created by the SOAP call to the other process without hand-building the dataset.

So I wrote a little javascript to examine the dataset and remove all the system variables. Then, I examined the leftovers and converted them to string parameters for passage to the outbound web service call.

I've attached a simplified flow for those who have some interest. Standard non-liability clauses apply.

If it's helpful, I'm glad. Maybe you can send me a case of Lemon & Paeroa if you live in New Zealand.

Hey Rob, I got caught up in some work and you beat me to the solution!

Nice work. I'll look into that L&P for you :)