You have two options in how to handle this in 7.6.1.2. You can add additional servlet mappings that do not have a security constraint or remove the security constraints in the web.xml file. If you remove the security constraints, you would no longer be able to authenticate via LDAP directly to the meaweb endpoint (the basic auth header) but if you had established a session you'd be able to utilize the LTPA token. In the OSLC API scenario, we handle this in application server security auth scenarios by adding /api without security constraints while leaving the /oslc with the security constraints.
If you don't need to authenticate to the SOAP API directly (you'll either have a session interactively established or you'll be using an API key), then I would suggest removing the authentication. In MAS we don't configure security constraints for meaweb because every system is setup to utilize OIDC (even if the customer doesn't utilize an external identity provider). With OIDC/SAML it isn't possible to silently authenticate so we know they'll be using an API key or have already authenticated.
------------------------------
Steven Shull
------------------------------
Original Message:
Sent: Wed May 25, 2022 03:34 PM
From: MANU MAGANTI
Subject: Using API Key with meaweb/es
Hello,
We're on Maximo 7.6.1.2-IFIX20220330-1115. I have an Enterprise Service-based integration where an external system sends json messages to a URL - https://hostname/meaweb/es/ExtSys/EntServ. We would like to use an API Key for the authentication so that we are ready for a future upgrade to MAS 8. We're testing this in Postman but it seems like it doesn't work until we use Basic Auth to store a cookie (LtpaToken2) after which it really doesn't matter what type of authentication we use (even No Auth works!).
How do I use API Key with a meaweb/es endpoint? I can't seem to find any documentation on the topic.
Thanks in advance!
------------------------------
Manu
------------------------------