Symantec IGA

  • Private Community

  • 1.  TEWS Service revocation

    Posted Jul 25, 2018 03:16 PM
    Hi,
    We're trying to revoke a user Service via tews web service.
    We're using as an example, the following tech note:

     Document ID : KB000046892
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
      <soapenv:Header/>
      <soapenv:Body>
      <wsdl:TaskContext>
       <admin_id>imadmin</admin_id>
       <admin_password>password</admin_password>
      </wsdl:TaskContext>
      <wsdl:ManageAccessRequestMembership>
       <wsdl:ManageAccessRequestMembershipSearch>
        <wsdl:Filter index="0">
         <wsdl:Field>%FRIENDLY_NAME%</wsdl:Field>
         <wsdl:Op>EQUALS</wsdl:Op>
         <wsdl:Value>TestService01</wsdl:Value>
        </wsdl:Filter>
       </wsdl:ManageAccessRequestMembershipSearch>
       <wsdl:ManageAccessRequestMembershipUserServiceTab>
        <wsdl:ObjectList>
         <wsdl:add index="0">
          <wsdl:FriendlyName>pxtest01</wsdl:FriendlyName>
         </wsdl:add>
        </wsdl:ObjectList>
       </wsdl:ManageAccessRequestMembershipUserServiceTab>
      </wsdl:ManageAccessRequestMembership>
      </soapenv:Body>
     </soapenv:Envelope>
    We tested the add action, and it worked fine (a user is added to the service)
    Then we changed the add
     <wsdl:add index="0">
      <wsdl:FriendlyName>pxtest01</wsdl:FriendlyName>
     </wsdl:add>

    to remove

     <wsdl:remove index="0">
      <wsdl:FriendlyName>pxtest01</wsdl:FriendlyName>
     </wsdl:remove>

     

    We tested it with soapui application, and the result was:
     <soapenv:Envelope xsi:schemaLocation="http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns="http://tews6/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <soapenv:Body>
        <ImsStatus version="6.0">
        <transactionId>a79g68f1-011e9f31-1cf7716e-r543c3</transactionId>
        </ImsStatus>
        </soapenv:Body>
     </soapenv:Envelope>
    Then when we check in Identity Manager -> View Submitted Tasks
    We search by "Task ID", using the "transactionId" returned in soapui, and there is no results.
    But, if we check "Show unsubmitted tasks" as a parameter of the search, an empty action can be seen (Task status: Audited).
    No action is performed.
    Question:
    - Is there any other parameter necessary to revoke a Service to the user?
    - How can we perform a Service revocation using tews - web service?
    Kind regards


  • 2.  Re: TEWS Service revocation
    Best Answer

    Broadcom Employee
    Posted Jul 26, 2018 01:10 PM

    The remove use-case works, please check that the userID you are passing is in correct case.

     

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
    <soapenv:Header/>
    <soapenv:Body>
    <wsdl:TaskContext>
    <admin_id>superadmin</admin_id>
    <admin_password>test</admin_password>
    </wsdl:TaskContext>
    <wsdl:ManageAccessRequestMembership>
    <wsdl:ManageAccessRequestMembershipSearch>

    <wsdl:Filter index="0">
    <wsdl:Field>%FRIENDLY_NAME%</wsdl:Field>
    <wsdl:Op>EQUALS</wsdl:Op>
    <wsdl:Value>test</wsdl:Value>
    </wsdl:Filter>

    </wsdl:ManageAccessRequestMembershipSearch>

    <wsdl:ManageAccessRequestMembershipUserServiceTab>
    <!--Optional:-->
    <wsdl:ObjectList>
    <!--Zero or more repetitions:-->
    <wsdl:remove index="0">

    <wsdl:FriendlyName>SuperAdmin</wsdl:FriendlyName>

    </wsdl:remove>



    </wsdl:ObjectList>
    </wsdl:ManageAccessRequestMembershipUserServiceTab>
    </wsdl:ManageAccessRequestMembership>
    </soapenv:Body>
    </soapenv:Envelope>



  • 3.  Re: TEWS Service revocation

    Posted Jul 27, 2018 02:08 PM

    Thank you very much for the reply.

    Unfortunatelly, the userID with the correct case is not working.

     

    The userID is as follows

     

    The request of the soapUI is

     

    The result, from IDM -> View Submitted Tasks

     

    It looks like if it's an empty task, with no events or actions.

     

    - Do you think there is a syntax error in the request?

    - What do you recomend to solve this problem?

     

    Kind regards