Web Services: Improved Security
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
With recent changes to web services we have changed how the web services are organized and configured in the user interface.
All the available commands are now organized into several tabs labeled by category:
- Admin - Commands related to the admin functionality of RSA Identity Governance and Lifecycle (IGL)
- Collection - Commands used to run various types of collections, check the status of a run, or delete a pending run
- Information - Find related commands to search for different types of objects in IGL (accounts, applications, business units, change requests, data resources, directories, entitlements, reviews, roles, role sets, groups, users, etc.)
- Request - Commands related to submitting a request or handling the processing of work items
- Review - Commands related to reviews to run a review, update the state of items, or refresh the review
- Rules - Used to handle the processing of rules
The settings tab, which is the first tab the user sees, provides a high level ability to toggle web services on and off. The list of IP addresses that can be referenced from commands is also configured on this page along with the import directory where some commands look for content.
All the other tabs list the available commands in a table format. A user can click on the Click for Details link for a particular command to expand the content and view details about how to use the command. The new table includes a security column that uses icons to represent the current security settings for the command, and a Configure button to change the security.
The supported levels of security are:
- From clients matching IP whitelist with a valid token (filter for the users to consider can optionally be set)
- From any client with a valid token (filter for the users to consider can optionally be set)
- Request Forms and Workflows (no token required)
- Open (no token required)
Note: A user can only change the security for a particular command to be stronger than the default out of the box security setting.
Here is a video that presents these new features:
Lastly, a token can be passed now to the web service in a more secure manner than on the url as a parameter. Instead, you can pass the token in as a request header as a bearer token. To do this, set the Authorization header with the value Bearer <token>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.