HP Matrix Operating Environment Software 2 Accessing the Web Service Interfaces, Security, Reference [1], Authorization, Impersonation, Accessing WSDL, <cms-ip-address, Command Line Interface

2 Accessing the Web Service Interfaces

The Web Service Description Language or WSDL (See Reference [1]) definition of IO operations can be accessed from any installed IO system using a web browser. For example, if the software is installed on a server with an IP address of <cms-ip-address>, enter the following into the web browser to access the WSDL:

The browser will show the formal XML definition of the Web Service Interface. The IO API is already available in the embedded Operations Orchestration when IO is installed.

The IO Web Service is only accessible over HTTPS. The service uses WS-Security UsernameToken authentication in text form. A username and password of a registered IO user is required to access the Web Service Interface. A WS-Security timestamp header is also required.

If the presented username/password belongs to a Windows user in the Service Provider Administrator role, the web services are able to view and act on all services. For username/passwords that belong to a Windows user in the Organization Administrator role, the web services can operate only on the services owned by that organization. For username/passwords that belong to Windows users in the Architect or User roles, the web services are only able to view or act on the services owned by that particular user.

The Activate Service operation (and others) specifies a list of server pools from which the servers will be allocated. The set of available pools is based on the assignments of the requesting user (not the service owner). For Administrator users, all pools except Maintenance and Unassigned are available.

An “Impersonation” feature allows an authenticated Administrator role user to perform an operation in the context of a specified requesting user. This behavior can be used in the implementation of enterprise service catalogs to initiate operations on behalf of enterprise users. Impersonation is achieved by including an HP-IO-Impersonate cookie in the HTTP message header. For example, if the request includes the HTTP header “Cookie: HP-IO-Impersonate=Steve”, the operation will be performed as though it were requested by Steve. A message is written to the audit log to record the impersonation event.

An IO installation includes an “ioexec” command line interface (CLI) to access the IO Web Service. The CLI may be useful for scripting web service invocations and for testing purposes when developing a web service client. The CLI operations and data model mirror the Web Service Interface. The CLI may be copied from an IO installation to a different system to operate on the CMS remotely. The “ioexec” command help provides specific usage details.

16 Accessing the Web Service Interfaces