[vc_row][vc_column][vc_column_text]One of the many exciting features of the Hitachi ID Identity and Access Management (IAM) Suite is the web services API which is accessible using SOAP over HTTPS with a WSDL specification. This API allows other enterprise applications to access workflow request queue, user data and resources that exist within an instance of the Hitachi ID IAM suite.
Furthermore, other request management management systems may call into a Hitachi ID Identity and Access Management Suite web service to submit access requests, such as creating a new user, granting or revoking access, scheduling or triggering immediate deactivation, performing updates to attributes like name, location or department and much more.
This article discusses the Login function which is exposed by the API and how python scripting can be used to access it. For more information on the exposed operations/functions see the Hitachi ID IDAPI documentation.
Purpose
In order to make multiple SOAP calls to the Hitachi ID web services, the Login function is required so as to establish a session on the Hitachi ID Server with a supplied ID and Password. The login process uses the authentication list configured through the PSA console. Below is the general form of the input and output for a login function
Request:
<LoginRequest> <userid>...</userid> <password>...</password> <isadmin>...</isadmin> <options>...</options> <sessdat>...</sessdat> </LoginRequest>
Response:
<LoginResponse> <errmsg>...</errmsg> <rc>...</rc> <sessdat>...</sessdat> </LoginResponse>
Prerequisite
● Hitachi ID Suite 10.x and above
● Python
Process
Setup API SOAP Service(idapisoap) – This service provides access to the Hitachi ID Suite API Service(idapi) with the WWS web service API. It is automatically installed and started on the Hitachi ID Suite server during setup. For more information on this refer to the Hitachi ID IDAPI documentation
Confirm that WSDL is accessible – Launch a compatible browser on the Hitachi ID Suite Server and navigate to the following URL : https://<ServerName>/<instanceName>/idapi/wsdl . The web service WSDL should be returned confirming that the SOAP service is running.
Create a user with IDAPI Caller privilege – This user account will be used to authenticate into the instance of the Hitachi ID Suite hosting the Web service.
Execute the following Python script –
from zeep import Client
from idmlib.components import component_log
log = component_log.getChild(__name__)
class IDAPI_SOAP_WEBSERVICE:
def __init__(self):
self.instancename = '<INSTANCENAME>'
self.servername = '<SERVERNAME>'
self.sessdat = None
log.info('starting SOAP Client...')
wsdl = 'https://{}/{}/idapi/wsdl'.format(self.servername, self.instancename)
log.info('wsdl : ' + wsdl)
self.iw = Client(wsdl=wsdl)
def login(self):
log.info('start Login...')
request_data = {
'userid': 'IDAPI_SOAP_USER',
'password': '******',
'isadmin': 1,
'options': '',
'sessdat': self.sessdat
}
return self.iw.service.Login(request_data)
def logout(self, sessdat):
log.info('start Logout...')
request_data = {'sessdat': sessdat}
return self.iw.service.Logout(request_data)
#login, get sessdat
print('logging in.......>')
loginresponse = IDAPI_SOAP_WEBSERVICE().login()
print(loginresponse)
#logged in,
print('Getting session data')
sessdat = loginresponse['sessdat']
print(sessdat)
#logout, send sessdat
print('loging out <.......')
logoutresponse = IDAPI_SOAP_WEBSERVICE().logout(sessdat)
print(logoutresponse)
Once the Login function is successfully called, a session data is returned which can then be used in subsequent operations as shown in the logout function code above.
Conclusion
The Web Service API could be further programmed to filter incoming Web Service calls based on the user making the call or operations being requested, applications making the call and more.[/vc_column_text][/vc_column][/vc_row]