CA Identity Manager TEWS secrets revealed!

Whenever a task is created in CA Identity Manager, there is automatically a Query, Search, ObjectProfileTab, SearchResult and other pseudo tasks created in the WSDL, if the task is Web Services Enabled. If you study the web services samples that come with the CA IdM product and see all of the searches, etc… you know where the tasks are coming from because they do not appear in the application. If you create a new task, then generate the WSDL in your environment, and search for the task in question, you will also see the pseudo tasks.

***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties***

Whenever a task is created in CA Identity Manager, there is automatically a Query, Search, ObjectProfileTab, SearchResult and other pseudo tasks created in the WSDL, if the task is Web Services Enabled.  If you study the web services samples that come with the CA IdM product and see all of the searches, etc… you know where the tasks are coming from because they do not appear in the application. If you create a new task, then generate the WSDL in your environment, and search for the task in question, you will also see the pseudo tasks.

Before I figured this out, I was able to execute TEWS (Task Execution Web Services CA’s web services core) calls directly, including reset user password, or modify user if I either hard coded or figured out the USER_ID through other means. The problem was that no matter what the approach, all I ever received from TEWS was a transaction ID. After studying the WSDL, I found that all of my tasks magically had tasknameSearch, tasknameQuery, tasknameSearchResult, tasknameObjectProfileTab, etc… in the WSDL. D’oh! This is what I was was missing. We can use those magic hidden “tasks” to gather the data that we need to submit my requests via xml posts within  asp/jsp pages rather than writing Java classes.

As an example, run the tasknameQuery pseudo task to gather the attributes on a profile screen within a task created, then  parse that data to make decisions.   Then formulate another transaction that executes the actual task to make the desired changes to the user(s) in question.

In summation, if you follow the documentation to configure and enable TEWS, compile the postXML.java class, then generate your WSDL, you should good to go.

Questions, comments or concerns?  Feel free to reach out to us at IDMWorks.