joydeepdasgupta Absent Member.
Absent Member.
352 views

Enable Security for SOAP


Hi,

We are trying to establish some security standards with respect to the
Identity Manager User Application deployed in our current environment -

1. Achieve complete SOAP security for all communications between
*ServiceNow* & *Identity Manager User Application *(Here, SOAP services
will be both outbound & inbound).

Now, as per the documentations on User Application (-refer page 47-48 of
agpro.pdf-),__Mutual_Authentication_ is not supported out of the
box.Just wanted to make sure if that absolutely means that the user
application is not capable to exchanging SSL certificates during any of
the outbound / inbound webservice calls. Is Basic Authentication the
only way to have a secured transmission of sensitive data between the
two applications ?

Alternatively, how do I achieve SSL security between ServiceNow & User
Application with respect to SOAP web services.

2. Achieve 2 Factor authentication for all IDM users when trying to
login through the User Application portal.

Again, as per the documentation, this can only be achieved in
conjunction with the NetIQ Access Manager using SAML 2.0. Just wanted to
make sure that if this is with the help of security standard SAML 2.0,
can the IDM not support a SAML assertion from any other Third party
application?

Please correct me if any of the above is incorrect.

Regards,
Joydeep


--
joydeepdasgupta
------------------------------------------------------------------------
joydeepdasgupta's Profile: https://forums.netiq.com/member.php?userid=10159
View this thread: https://forums.netiq.com/showthread.php?t=56057

Labels (1)
0 Likes
5 Replies
Knowledge Partner
Knowledge Partner

Re: Enable Security for SOAP


> 1. Achieve complete SOAP security for all communications between
> *ServiceNow* & *Identity Manager User Application *(Here, SOAP services
> will be both outbound & inbound).
>
> Now, as per the documentations on User Application (-refer page 47-48 of
> agpro.pdf-),__Mutual_Authentication_ is not supported out of the
> box.Just wanted to make sure if that absolutely means that the user
> application is not capable to exchanging SSL certificates during any of
> the outbound / inbound webservice calls. Is Basic Authentication the
> only way to have a secured transmission of sensitive data between the
> two applications ?


So you inbound to SN (Outbound from IDM) you are using UA PRD's and an
Integration Activity? That can be done over regular SSL using Basic Auth.

outbound from SN to inbound to IDM, you probably have a SOAP driver
which can do SSL (TLS of course), and Mutual auth if needed.


> 2. Achieve 2 Factor authentication for all IDM users when trying to
> login through the User Application portal.
>
> Again, as per the documentation, this can only be achieved in
> conjunction with the NetIQ Access Manager using SAML 2.0. Just wanted to
> make sure that if this is with the help of security standard SAML 2.0,
> can the IDM not support a SAML assertion from any other Third party
> application?


Officially, only NAM is 'supported'. That is, if you called support
they would work both ends of the problem, NAM and OSP/IDM to get it to work.

My understanding is that other SAML compliant AM solutions should work,
but Support can only help you with the OSP/IDM side, any issues on the
AM side needs to be supported by the AM side.

Personally I have gotten Shibboleth working with OSP and it was
basically simple.

These articles willhelp:

https://www.netiq.com/communities/cool-solutions/configuring-idm-4-5s-osp-talk-shibboleth-idp
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5-part-2
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-sspr-part-3
https://www.netiq.com/communities/cool-solutions/troubleshooting-sso-user-application-4-02/





0 Likes
joydeepdasgupta Absent Member.
Absent Member.

Re: Enable Security for SOAP


Thanks... I did some more snooping & now I guess both outbound & inbound
can be achieved using Basic Authentication (using SSL) - however, will
require to test it out.

Thanks for sharing the Shibboleth docs.


--
joydeepdasgupta
------------------------------------------------------------------------
joydeepdasgupta's Profile: https://forums.netiq.com/member.php?userid=10159
View this thread: https://forums.netiq.com/showthread.php?t=56057

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Enable Security for SOAP

On 6/20/16 5:54 AM, joydeepdasgupta wrote:
>
> Hi,
>
> We are trying to establish some security standards with respect to the
> Identity Manager User Application deployed in our current environment -
>
> 1. Achieve complete SOAP security for all communications between
> *ServiceNow* & *Identity Manager User Application *(Here, SOAP services
> will be both outbound & inbound).
>
> Now, as per the documentations on User Application (-refer page 47-48 of
> agpro.pdf-),__Mutual_Authentication_ is not supported out of the
> box.Just wanted to make sure if that absolutely means that the user
> application is not capable to exchanging SSL certificates during any of
> the outbound / inbound webservice calls. Is Basic Authentication the
> only way to have a secured transmission of sensitive data between the
> two applications ?
>
> Alternatively, how do I achieve SSL security between ServiceNow & User
> Application with respect to SOAP web services.
>
> 2. Achieve 2 Factor authentication for all IDM users when trying to
> login through the User Application portal.
>
> Again, as per the documentation, this can only be achieved in
> conjunction with the NetIQ Access Manager using SAML 2.0. Just wanted to
> make sure that if this is with the help of security standard SAML 2.0,
> can the IDM not support a SAML assertion from any other Third party
> application?
>
> Please correct me if any of the above is incorrect.
>
> Regards,
> Joydeep
>
>

Greetings,
To clarify: Do you want to utilize SAML for the SOAP endpoints in
the User Application? For example "start" to start a workflow

--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
joydeepdasgupta Absent Member.
Absent Member.

Re: Enable Security for SOAP


Steven,

No, not for the endpoints. The requirement is to secure the IDM
login/homepage URL with a third party application over SAML 2.0.


--
joydeepdasgupta
------------------------------------------------------------------------
joydeepdasgupta's Profile: https://forums.netiq.com/member.php?userid=10159
View this thread: https://forums.netiq.com/showthread.php?t=56057

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Enable Security for SOAP

On 6/21/16 9:26 AM, joydeepdasgupta wrote:
>
> Steven,
>
> No, not for the endpoints. The requirement is to secure the IDM
> login/homepage URL with a third party application over SAML 2.0.
>
>

Greetings,
Thanks for the clarification.

--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.