Scribd Logo
Upload

Welcome to Scribd!

  • Maximo Authentication

    Uploaded by

    difernal
    535 views4 pages
    Maximo autenticacion

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Maximo autenticacion

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    535 views4 pages

    Maximo Authentication

    Uploaded by

    difernal
    Maximo autenticacion

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Maximo Integration Framework (MIF)

    Authentication

    Maximo Authentication

    Maximo supports 2 authentication modes, Maximo or Application Server-based. This configuration is


    done through the following System Property, mxe.useAppServerSecurity. It is set to false (0) by default.
    When set to 0 (false), Maximo is using its native authentication, not J2EE (app server) authentication.

    MIF Authentication

    MIF Authentication (for HTTP-based integration) follows the authentication model that is set for the
    Maximo application. MIF components (HTTP and non-HTTP) supporting inbound transactions require
    varying configurations to enable authentication.

    The Inbound MIF Integration options:

    1. REST API
    2. OSLC/JSON API
    3. Interface Tables
    4. XML/Flat file loading (UI and CRON task)
    5. HTTP SOAP-based web services
    6. HTTP Servlet (XML/HTTP)
    7. JMS (Direct)
    MIF Configuration points when using Maximo Authentication

    HTTP SOAP-based Web Services

    Can optionally use the default Login User (use ALLOWDFLTLOGIN in the ejb-jar.xml file)

    When not using the default Login User, the request must pass the HTTP Header Property named
    MAXAUTH which must contain the user:password that is base64-encoded

    HTTP Servlet (XML over HTTP)

    Can optionally use the default Login User (use ALLOWDFLTLOGIN in the ejb-jar.xml file)

    When not using the default Login User, the request must pass the HTTP Header Property named
    MAXAUTH which must contain the user:password that is base64-encoded

    REST API

    The request must pass the HTTP Header Property named MAXAUTH which must contain the
    user:password that is base64-encoded. No support for the Default Login User.

    OSLC/JSON API

    The request must pass the HTTP Header Property named MAXAUTH which must contain the
    user:password that is base64-encoded. No support for the Default Login User.

    Flat and XML File Loading

    Requires a valid user defined in the mxe.int.dfltuser system property. This is not optional and
    the setting of the ALLOWDFLTLOGIN in the ejb-jar.xml file has no bearing on this behavior.

    Inserting messages into a queue (inbound and outbound)

    Requires the assignment of a user and password to the JNDI name for the queue.

    Configure that same user and password on the queue definition in Maximo using the
    Add/Modify Queues Action in the External Systems application. This allows the MIF
    components that read and write to the queue to be able to access the queue.

    For Continuous Queues that use the Message Driven Beans (MDBs) to consume messages, the
    ejb-jar.xml deployment file must be updated with the user name assigned to the queue.

    See the section, Configuring J2EE restriction for JMS queues, in the MIF section of the Maximo
    Knowledge Center for more details.

    Consumption of messages out of an inbound queue (processing into Maximo)

    Requires a valid user defined in the mxe.int.dfltuser system property when no user is attached
    to the message. This is not optional and the setting of the ALLOWDFLTLOGIN in the ejb-jar.xml
    file is not applicable. See section, Other Usage of the default Login, further down in this
    document for additional information.
    Interface Tables

    Does not support or rely on a default user. Interface Table End Point would require DB
    User/Password if DB tables are secured.

    Related Information

    MIF Default User

    HTTP SOAP and Servlet-based (XML over HTTP) integration access supports the use of the default
    integration user. The default user is defined in the system property mxe.int.dfltuser with a default value
    of user: MXINTADM. Access through the REST api and the OSLC JSON api does not support the use of
    the default user.

    The configuration to use the default integration user is in the ejb-jar.xml in the folder
    c:\maximo\applications\maximo\mboejb\ejbmodule\META-INF on your Maximo Admin workstation.
    There are four integration related <session> identified by the ejb-name. These are Object Structure
    service, Enterprise service, Standard service and the Workflow Service. To disable the use of the default
    login for each, change the <env-entry-value> of the <env-entry-name>ALLOWDFLTLOGIN</env-entry-
    name> from 1 (true) to 0 (false). After the ejb-jar.xml file is updated and saved, the Maximo .ear file
    needs to be rebuilt and redeployed.

    NOTE: Starting in release 7.6.0.2, the default setting for <ALLOWDFLTLOGIN> is 0 (prior to this
    release, the setting was 1).

    Below is a snippet from the ejb-jar.xml:

    Enterprise Service

    <session id="Session_enterpriseservice">

    <ejb-name>enterpriseservice</ejb-name>

    <home>psdi.iface.gateway.MEAGatewayHome</home>

    <remote>psdi.iface.gateway.MEAGateway</remote>

    <local-home>psdi.iface.gateway.MEAGatewayHomeLocal</local-home>

    <local>psdi.iface.gateway.MEAGatewayLocal</local>

    <ejb-class>psdi.iface.gateway.MEAGatewayBean</ejb-class>

    <session-type>Stateless</session-type>

    <transaction-type>Container</transaction-type>

    <env-entry>

    <env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
    <env-entry-type>java.lang.String</env-entry-type>

    <env-entry-value>0</env-entry-value>

    </env-entry>

    Object Structure Service

    <session id="Session_mosservice">

    <ejb-name>mosservice</ejb-name>

    <session id="Session_actionservice">

    <ejb-name>actionservice</ejb-name>

    WorkFlow Service

    <session id="Session_wfservice">

    <ejb-name>wfservice</ejb-name>

    With Default Login turned off, integration messages provided via HTTP must provide the MAXAUTH
    HTTP header containing user:password base64-encoded.

    An integration user that is authenticated has full access (create/update/delete) to object structures
    since there is no authorization enabled by default.

    Other Usage of the default Login

    The default login user identified in mxe.int.dfltuser, is also used in the following processing:

    1. Loading of files (Flat or XML) into an inbound queue either through the UI or CRON tasks.
    2. Messages processing out of the inbound queues that have no user attached to them (having a
    user on the queue message is determined, in part, by the configuration of system property,
    mxe.int.propagateuser, that controls the propagation of the user on the inbound transaction to
    the message that is saved into an inbound queue.

    Given the use of the default login user, ensure that the value set in the mxe.int.dfltuser system property
    is a valid Maximo User.

    You might also like