Using the Open Provisioning Interface | Nortel Networks AS 5300

.

29

Using the Open Provisioning Interface

This chapter contains all of the information you need to use the Open Provisioning Interface.

Navigation

•"Security, authentication, and authorization" (page 29)

•"Third-party client development" (page 33)

Security, authentication, and authorization

The following sections describe the security, authentication, and authorization considerations for using the Open Provisioning Interface.

Navigation

•"Security" (page 29)

•"Authentication" (page 30)

•"Authorization" (page 32)

Security

OPI supports security through the use of:

•opicert.cer—Secure Socket Layer (SSL) certificate file

•opitruststore—key store file

These files are required when you connect to the Provisioning Server through HTTP Secure (HTTPS). You use the following command line parameters:

Djavax.net.ssl.trustStore=opitruststore

-Djavx.net.ssl.trustStorePassword=opitruststore

When you have a Certificate Authority (CA) Certificate, you must import it into the key store file (opitruststore). For instructions, see "Importing a CA Certificate into the BPT" (page 51).

Nortel AS 5300

Nortel Application Server 5300 Application Programming Interfaces Reference

NN42040-110 01.01 Standard

11 June 2008

Copyright © 2008 Nortel Networks

Image 29

Nortel Networks AS 5300 manual Using the Open Provisioning Interface, Security, authentication, and authorization

Contents

NN42040-110 Legal Notice Contents Starting the Bulk Provisioning Tool Other changes New in this release New in this release Navigation IntroductionAudience Related documents Introduction Open Provisioning Interface fundamentals Application Programming Interface fundamentals Bulk Provisioning Tool fundamentals Why use the Bulk Provisioning Tool Following table lists the requirements to run the BPT Bulk Provisioning Tool requirements Application Programming Interface fundamentals BPT main menu Using the Bulk Provisioning ToolInstall and launch the BPT BPT main menu Quit BPT ﬁles and scripts BPT provisioning methodsNavigation Files Method and ﬁle syntax conventions BPT conventions and examplesScripts Brackets Optional syntaxAngle brackets GetSysRoles optional into file name Bar Square brackets Success indication on remove methods Comma separated stringsFully qualified user name Define the new provisioning role Unknown error messagesCreate and manage provisioning roles using the BPT GetRole using AddExample AddRole using file D\prov\addexample.txtAdd the new provisioning role View the new provisioning role Delete the new provisioning role Help addRole BPT Help option BPT mapping to the Provisioning Client BPT limitations Resource use Batch processing Provisioning data visibility Using the Bulk Provisioning Tool Security Using the Open Provisioning InterfaceSecurity, authentication, and authorization WS-Security UsernameToken AuthenticationHttp Basic Authentication Onboard Authentication Special note for .NET authentication headers Domain-level authorization Provisioning-level authorization Authorization Get the Wsdl Third-party client developmentGenerate stubs Wsdl Access stubs from the third-party application Implement interface accessing stubs Starting the Bulk Provisioning Tool Starting the Bulk Provisioning Tool Launching the BPT on a workstation Procedure StepsDownloading the Bulk Provisioning Tool to a workstation Launching the BPT on a workstation Starting the Bulk Provisioning Tool Creating OPI clients Creating Open Provisioning Interface clientsPrerequisites for creating OPI clients Task flow for creating OPI clients Downloading the Axis toolkit Retrieving the error codesConﬁguring the class path \axis-14\webapps\axis\WEB-INF\lib Compiling the client stubs Downloading the Wsdl ﬁle\opiclient Loadname/wsdl/opi Writing a client to perform some speciﬁc OPI operations \opi\service Example Writing a client Writing a client to perform some specific OPI operations Compiling the client class Procedure Steps Accessing the OPI Java docs AdminAuthentication subfolder in the OPI Java Docs folder Writing a client to perform some specific OPI operations Accessing the OPI Java docs Keytool -list -v -keystore opitruststore Importing a CA Certiﬁcate into the BPTTool prompts Trust this certificate? no Importing a CA Certificate into the BPT Page Nortel AS