|Applies To||RSA Product Set: Identity Governance & Lifecycle|
RSA Version/Condition: 7.0+
|Issue||This article gives an overview of using the Linux curl command to interact with the RSA Identity Governance & Lifecycle Web Services interface.|
|Resolution||By default Web Services is not enabled in RSA Identity Governance & Lifecycle. |
To enable Web Services:
curl -k -H "Content-Type: application/xml" -X POST -d '<username>AveksaAdmin</username><password>actualpassword</password>' "https://127.0.0.1:8443/aveksa/command.submit?cmd=loginUser"
curl is the Linux command
-k / --insecure , This option tells the curl command to not validate the certificate chain presented.
If you wanted you could export our self signed certificate or your replacement certificate hierarchy as individual PEM files in a folder and leverage curl's --capath option to enable certificate validation.
-H , This option defines the header that is being passed to Web Services. In the above example we are identifying our traffic to Web Services as being of type application/xml.
-X , This option defines what request command we are passing. (GET/POST/PUT/DELETE).
-d , This option is the data that we are sending.
<username> </username> In between these tags is the User that is authenticating.
<password> </password> In between these tags is the password that is associated with the user. Note that both username and password tags are case sensitive.
https or http can be used. If using http your server must be configured to allow non-secure connections.
127.0.0.1 - This is the server to which the connection is made.
:8443 - This is the default port used for the JBoss/Wildfly application servers. This port should be the same port that your Administrative Web Interface is using.
/aveksa/command.submit?cmd= - This is the prefix for all commands that will be passed, this is the target that parses the commands.
loginUser - This is the actual Web Services call/command that is being performed.
#curl -k -H "Content-Type: application/xml" -X POST -d '<username>AveksaAdmin</username><password>actualpassword</password>' "https://127.0.0.1:8443/aveksa/command.submit?cmd=loginUser" token=ws3137f59972b7c7967f:-12d86acf:154bb48bc96:-7fd40.19157109468220368
#curl -k -H "Content-Type: application/xml" -X POST "https://127.0.0.1:8443/aveksa/command.submit? cmd=getSecuritySettings&token=ws3137f59972b7c7967f:-12d86acf:154bb48bc96:-7fd40.19157109468220368" allow-username-save=false token-lifespan-timeout=120 token-inactivity-timeout=10
#curl -k -H "Content-Type: application/xml" -X POST "https://127.0.0.1:8443/aveksa/command.submit? cmd=findUsers&returnColumns=id,user_id&&token=ws3137f59972b7c7967f:-12d86acf:154bb48bc96:-7fd40.19157109468220368" id=0 user_id=AveksaAdmin
|Notes||Another use of the curl command with RSA Identity Governance & Lifecycle is to check if the required ports are available. Starting in RSA Identity Governance & Lifecycle 7.0 and above, the required ports for RSA Identity Governance & Lifecycle are:|
Examples of how you may use the curl command to check port availability are:
Alternatively you may use the Fully Qualified Domain Name:
curl -v http://myhost.mydomain.com:8080
curl -v https://myhost.mydomain.com:8443
curl -v https://myhost.mydomain.com:8444
From the curl man page:
curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user interaction.
curl offers a busload of useful tricks like proxy support, user authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer resume, Metalink, and more.