Tuesday, March 4, 2014

How-To: Use iSM Web Services as Regular Web Services with Client Authentication

While it does seem I have taken a quite long break for yet another new blog, this time it is about a common requirement most of the iSM users seem to face. And that is, How to build a web service in iSM and make it available for third-party consumption? While it is a little lengthy process, with proper setup iSM can host web services with WS message-level authentication or with client authentication over SSL connectivity.
I’ll try and explain what to do to see what we want to as simple as I can.
Entities Involved:


è iWay Service Manager 6.1.9
è iWay Integration Tool
è Keystore Explorer for producing certificates for SSL connectivity and client authentication;
è Text editor;
 
Keywords & Extensions:
.P12/.PFX [Private key enabled Certificate], .CER/.CRT [Regular X.509 Certificate], iSM [iWay Service Manager], iIT [iWay Integration Tool], JKS [Java Key store]
 
Assumptions:
è Basic knowledge on SSL connectivity & Client Authentication over HTTP(s);
è Ability to handle Java Key store/Trust store;
è Downloaded & Installed keystore Explorer [Source];
è Firewalls blah handling;
 
Procedure:
There are six sections in implementing this scenario.
Section-1: Create a New Managed Server [with all primary regular settings such as enable logging/tracing, blah blah]
Read THIS blog to learn how to create a new managed server.
Section-2: Build Process Flow that our Web Service will use to handle the incoming message
Launch iIT and create a simple pFlow and assign “Any” as the schema at Start & End objects. Let the pFlow accept something and return something so the consumer gets a response from the web service. My version of pFlow looks like:
Publish the pFlow to the desired managed server which can be verified by navigating to iSM Web Console -> Deployments -> Management -> Services and see if your pFlow is listed there like what is seen in image.
 
 
Navigate to “iWay Explorer” tab in iIT, create a new iWay resource by clicking the highlighted icon seen in image.
 
 
Logon to the iIT with appropriate iSM logon details such as console port, SOAP port. If everything is configured as described here, a pFlow deployed in the previous step should be visible in iWay explorer's new resource as seen in the image below:
 

 
 
Now, create a iWay Business Service for this pFlow by right clicking on it and choosing Create iWay Business Service... as seen in screen below. Provide a name for the service and choose a licensing object which is useful for grouping.
 
 
 
 
By creating a new business service, it will result in creating one and listed under Services as seen in the screen below:
 


 
At this stage, we have the web service ready to accept messages inbound but without an authentication mechanism implemented yet. Before we see how we implement that, lets make a copy of WSDL by extratcing one by right clicking on the entry under Services and storing it locally for later use that will seen in a few steps.
 

Section-3: Create JKS and Key Pair
Read THIS blog to learn how to create a JKS & generate key pair entry.
Section-4: Create & Configure a SOAP listener in iSM “blue” Screen Console

Follow the screens below to find out what to do in the iWay blue screen console.

To get into the blue screen look for the build number in the top right corner of the iSM Web Console.

 
The iWay Blue Console shoudl look like what is seen in the screen below:



Choose the desired managed server from the "Available Configurations" drop down list box in the top right corner of the image above. After that, navigate to Configuration - Listeners and create a new SOAP listener.

 
A configured SOAP listener should look like what is seen in the image below:

 
To start the SOAP listener, navigate to Monitor - Configuraiton - Choose the <Managed_Server> where SOAP listener was created as seen in screen below.


 
Section-5: Create/Build/Deploy a Channel & a Process Flow for it that will consume the Web Service that we created above

Create a new channel with a process flow that has an XDWSHttpClientAgent [XDWSClientAgent also can be used, depends on how one likes to wrap the SOAP envelope around the business message]. Build & Deploy the channel on the manged server. The XDWSHttpClientAgent will look like the image when configured:


 
Section-6: Test our efforts
Test the scenario by starting up the outbound channel that emits SOAP message to iSM's SOAP listener and see the result. You can alternatively use SOAP-UI to test locally.

Isn’t that simple? Try it out! ;)
 
Notes:
For security reasons, some spots in images might had been greyed out;
Try to build your custom SOAP listener on a non-base managed server to avoid disrupting iSM's regular inernal SOAP interactions; SOAP commnication is internal method of communication between iIT & iSM Execution Engine.
Coming up next: iSM Scenario with PGP cryptography




No comments:

Post a Comment