Verifying WebSphere Global Security configuration and GRC REST API... https://www.ibm.com/developerworks/community/blogs/d89a3ddf-2acf-... IBM Sign in | Register Blogs This Blog Search The GRC Power Plant Log in to participate GRC Power Plant The developerWorks Connections Platform is now in read-only mode and content is only available for viewing. No new wiki pages, posts, or messages may be added. Please see our FAQ for more information. The developerWorks Connections platform will officially shut down on March 31, 2020 and content will no longer be available. More details available on our FAQ. (Read in Japanese.) Verifying WebSphere Global Security configuration Overview and GRC REST API setup Recent Updates Brian Laskey | May 16 2016 | Visits (8521) Status Updates A common question since OpenPages GRC 7.0 debuted is after performing the many manual steps to Members set up your GRC REST API security post install, how to validate? An easy way would be using the browser, and navigating to a URL, which should if all things go well, initially prompt you for a login for Blog Basic authentication using the credentials of an OpenPages user, such as the OpenPagesAdministrator Bookmarks account. Files Sometimes this is not always the simplest, most straightforward test. You are often using the same browser window for other tasks such as configuring the WebSphere administrative console's Global Security settings, the session established in that browser will interfere potentially with another tab trying to access the REST API URLs. Is there a better way to check the setup worked? One alternative method is from command line interface commands provided by your chosen OS. These tend to be more bare-bones, rather than the browser, but for this purpose that is a good thing. Linux: use curl On Linux (or Mac OS X) the command to use is curl, you would open or use a terminal window, then try a command like this: (all one line) $ curl -v -u <op user>:<op password> http://<youropserver>:10108/grc/api/type /SOXTask Replacing the op user, op password with the OpenPages user credentials you wish to test with. The result of this command will be the output from the HTTP request and the response from the OP server, including a lengthy string of JSON text that represents the metadata for this type, called SOXTask (Issue Action Item). If you get this text, and not an error or error code like 401 Unauthorized, then you are good, you have verified your REST API security! Windows: a few methods On Windows, there is no straightforward equivalent to curl from the standard Command Line prompt. One alternative is to install open source Unix-style terminal shell emulators for Windows, such as Cygwin or MinGW, which allow one to install a Linux-like terminal, and utilities to perform the Linux style curl command as above. There are also other open source ports for curl, which run on Windows natively which you could install. Since this would require installing an open source third party software on your systems and I don't endorse any of these options, I leave it to you to evaluate whether that makes sense in your organization. There is a slightly more complicated way to do the same kind of validation using built in Windows functionality, with the Windows PowerShell terminal. This command requires Microsoft Windows PowerShell version 3.0 or later, available by default in Windows Server 2012 and Windows 8 since Sept. 2012 (also available to download from Microsoft on older versions of Windows). If you open the PowerShell application from the task bar or Start menu you can check the version with this command. > $PSVersionTable This lists out the version, you have, ideally your 3.0 or later (4.0 was tested for this blog). Next issue the following wget command, adjusted for your environment: (all one line) > wget http://<youropserver>:10108/grc/api/types/SOXTask -Credential <op user> -Outfile SOXTask.html Because the -Credential parameter doesn't allow for a password, you will be prompted by PowerShell to enter in a password for that op user. Success will write to the "SOXTask.html" file in the current directory or display an error in the PowerShell window. Not as clean cut, but will certainly do the job. Note that 'wget' command is actually an alias for the PowerShell's Invoke-WebRequest command, full syntax is 1 of 2 2020-03-25, 9:55 a.m. Verifying WebSphere Global Security configuration and GRC REST API... https://www.ibm.com/developerworks/community/blogs/d89a3ddf-2acf-... documented here https://technet.microsoft.com/en-us/library/hh849901.aspx?f=255&MSPPError=-21472 17396 Other Topics The above guidance is just provided as examples to provide a quick validation / troubleshooting of the basic configuration of REST API Security. Note that the above is based on the default OpenPages configuration which involves using Basic authentication for simplicity. I wrote more about this in a previous blog post: GRC REST API Basics: Authenticating. If you are using SSO to authenticate users for your REST API as well, then the commands above may not work, as you would need to provide alternative authentication depending on your SSO solution. Keep in mind that for OpenPages 'fresh' installs since OpenPages GRC 7.1.0.0, the security set up should be handled automatically as part of the install, and no manual steps are required. References http://superuser.com/questions/362152/native-alternative-to-wget-in-windows-powershell https://4sysops.com/archives/powershell-versions-and-their-windows-version/ https://technet.microsoft.com/en-us/library/hh849901.aspx?f=255&MSPPError=-2147217396 Tags: invoke-webrequest rest powershell curl security wget openpages api authentication Add a Comment More Actions Comments (0) Add a Comment More Actions There are no comments to display Previous Entry Main Next Entry Contact Privacy Terms of use Accessibility Report abuse Cookie Preferences 2 of 2 2020-03-25, 9:55 a.m..