By using the CA Siteminder Access Gateway, you can protect WebServices by using the REST interface.

From the documentation : https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configuring-the-authentication-and-authorization-web-services we provide manual samples to interact with the REST interface.

You can automate the Client Program (stubs) used for Authentication / Authorization using the http://hostname:port/authazws/AuthRestService/application.wadl file provided but it is not enough.

You would also need an XDS schema file that would specify inbound request and outbound responses to interact with the REST interface.

 Here is the out of the box application.WADL

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<application xmlns="http://wadl.dev.java.net/2009/02">
    <doc xmlns:jersey="http://jersey.java.net/" jersey:generatedBy="Jersey: 1.19.1 03/11/2016 02:08 PM"/>
    <grammars>
        <include href="application.wadl/xsd0.xsd">
            <doc title="Generated" xml:lang="en"/>
        </include>
    </grammars>
    <resources base="http://webservices.ca.com:88/authazws/AuthRestService/">
        <resource path="authz">
            <resource path="/{subResources: .* }">
                <param xmlns:xs="http://www.w3.org/2001/XMLSchema" name="subResources" style="template" type="xs:string"/>
                <method id="authorize" name="POST">
                    <request>
                        <ns2:representation xmlns:ns2="http://wadl.dev.java.net/2009/02" xmlns="" element="authorizationRequest" mediaType="*/*"/>
                    </request>
                    <response>
                        <ns2:representation xmlns:ns2="http://wadl.dev.java.net/2009/02" xmlns="" element="authorizationResult" mediaType="application/xml"/>
                    </response>
                </method>
            </resource>
        </resource>
        <resource path="login">
            <resource path="/{subResources: .* }">
                <param xmlns:xs="http://www.w3.org/2001/XMLSchema" name="subResources" style="template" type="xs:string"/>
                <method id="login" name="POST">
                    <request>
                        <ns2:representation xmlns:ns2="http://wadl.dev.java.net/2009/02" xmlns="" element="loginRequest" mediaType="*/*"/>
                    </request>
                    <response>
                        <ns2:representation xmlns:ns2="http://wadl.dev.java.net/2009/02" xmlns="" element="loginResponse" mediaType="application/xml"/>
                    </response>
                </method>
            </resource>
        </resource>
        <resource path="blogin">
            <resource path="/{subResources: .* }">
                <param xmlns:xs="http://www.w3.org/2001/XMLSchema" name="subResources" style="template" type="xs:string"/>
                <method id="blogin" name="POST">
                    <request>
                        <ns2:representation xmlns:ns2="http://wadl.dev.java.net/2009/02" xmlns="" element="loginRequest" mediaType="*/*"/>
                    </request>
                    <response>
                        <ns2:representation xmlns:ns2="http://wadl.dev.java.net/2009/02" xmlns="" element="loginResponse" mediaType="application/xml"/>
                    </response>
                </method>
            </resource>
        </resource>
        <resource path="logout">
            <method id="logout" name="POST">
                <request>
                    <ns2:representation xmlns:ns2="http://wadl.dev.java.net/2009/02" xmlns="" element="logoutRequest" mediaType="*/*"/>
                </request>
                <response>
                    <ns2:representation xmlns:ns2="http://wadl.dev.java.net/2009/02" xmlns="" element="logoutResponse" mediaType="application/xml"/>
                </response>
            </method>
        </resource>
    </resources>
</application>

Here is the out of the box XSD file that would need to be used with WADL to generate stubs

<?xml version="1.0" standalone="yes"?>
<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
    <xs:element name="attribute" type="attribute"/>
    <xs:element name="authorizationRequest" type="authorizationRequest"/>
    <xs:element name="authorizationResult" type="authorizationResult"/>
    <xs:element name="loginRequest" type="loginRequest"/>
    <xs:element name="loginResponse" type="loginResult"/>
    <xs:element name="logoutRequest" type="logoutRequest"/>
    <xs:element name="logoutResponse" type="logoutResult"/>
    <xs:element name="serviceRequest" type="serviceRequest"/>
    <xs:complexType name="authorizationResult">
        <xs:sequence>
            <xs:element name="message" type="xs:string" minOccurs="0"/>
            <xs:element name="resultCode" type="authorizationResultCodes" minOccurs="0"/>
            <xs:element name="sessionToken" type="xs:string" minOccurs="0"/>
            <xs:element name="identityToken" type="xs:string" minOccurs="0"/>
            <xs:element name="authorizationResponses" minOccurs="0">
                <xs:complexType>
                    <xs:sequence>
                        <xs:element name="response" type="attribute" minOccurs="0" maxOccurs="unbounded"/>
                    </xs:sequence>
                </xs:complexType>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="attribute">
        <xs:sequence>
            <xs:element name="name" type="xs:string" minOccurs="0"/>
            <xs:element name="value" type="xs:string" minOccurs="0"/>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="logoutRequest">
        <xs:complexContent>
            <xs:extension base="serviceRequest">
                <xs:sequence/>
            </xs:extension>
        </xs:complexContent>
    </xs:complexType>
    <xs:complexType name="serviceRequest">
        <xs:sequence>
            <xs:element name="userName" type="xs:string" minOccurs="0"/>
            <xs:element name="password" type="xs:string" minOccurs="0"/>
            <xs:element name="binaryCreds" type="xs:string" minOccurs="0"/>
            <xs:element name="action" type="xs:string" minOccurs="0"/>
            <xs:element name="sessionToken" type="xs:string" minOccurs="0"/>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="authorizationRequest">
        <xs:complexContent>
            <xs:extension base="serviceRequest">
                <xs:sequence/>
            </xs:extension>
        </xs:complexContent>
    </xs:complexType>
    <xs:complexType name="logoutResult">
        <xs:sequence>
            <xs:element name="message" type="xs:string" minOccurs="0"/>
            <xs:element name="resultCode" type="logoutResultCodes" minOccurs="0"/>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="loginResult">
        <xs:sequence>
            <xs:element name="message" type="xs:string" minOccurs="0"/>
            <xs:element name="resultCode" type="loginResultCodes" minOccurs="0"/>
            <xs:element name="sessionToken" type="xs:string" minOccurs="0"/>
            <xs:element name="identityToken" type="xs:string" minOccurs="0"/>
            <xs:element name="authenticationResponses" minOccurs="0">
                <xs:complexType>
                    <xs:sequence>
                        <xs:element name="response" type="attribute" minOccurs="0" maxOccurs="unbounded"/>
                    </xs:sequence>
                </xs:complexType>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="loginRequest">
        <xs:complexContent>
            <xs:extension base="serviceRequest">
                <xs:sequence/>
            </xs:extension>
        </xs:complexContent>
    </xs:complexType>
    <xs:simpleType name="authorizationResultCodes">
        <xs:restriction base="xs:string">
            <xs:enumeration value="AUTHORIZED"/>
            <xs:enumeration value="NOTAUTHORIZED"/>
            <xs:enumeration value="NOT_PROTECTED"/>
            <xs:enumeration value="NOT_CONNECTED"/>
            <xs:enumeration value="SERVER_ERROR"/>
        </xs:restriction>
    </xs:simpleType>
    <xs:simpleType name="logoutResultCodes">
        <xs:restriction base="xs:string">
            <xs:enumeration value="LOGOUT_SUCCESS"/>
            <xs:enumeration value="LOGOUT_FAILURE"/>
        </xs:restriction>
    </xs:simpleType>
    <xs:simpleType name="loginResultCodes">
        <xs:restriction base="xs:string">
            <xs:enumeration value="USER_CHALLENGE"/>
            <xs:enumeration value="LOGIN_FAILED"/>
            <xs:enumeration value="LOGIN_SUCCESS"/>
            <xs:enumeration value="RESOURCE_NOT_PROTECTED"/>
            <xs:enumeration value="SESSION_VALID"/>
            <xs:enumeration value="SESSION_INVALID"/>
        </xs:restriction>
    </xs:simpleType>
</xs:schema>

As you can see from the .xsd above, RESTAPI uses same class (Service Request) for all authorization requests in implementation which is why you are seeing single class being mapped in XSD.  You would also need to adapt the POJO/STUBS automatically generated classes to match your Webservice protection (domain/realm/resource).

Note: For Authorization REST request resource is not required. RESTAPI picks resource from URL (i.e., subresources after application id in URL). We will be updating docops to remove resource field from RESTAPI examples.

KD: TEC1800602