Hi,

We have a multitenant setup with several securitydomains on the same policyserver.
Is there a way from the REST API to map which domain a webseal instance belongs to?

I have only found a reverse option:
pdadmin domain list -> login -D domain -> server list





------------------------------
Øyvind Bergerud
------------------------------

Unfortunately there is no REST API which will allow you to find out which domain a WebSEAL server resides in.  The only way that you can do this is to list the servers for each domain - as you have already worked out.

Thanks.

------------------------------
Scott Exton
IBM
Gold Coast
------------------------------

Original Message:
Sent: 08-15-2018 03:55
From: Øyvind Bergerud
Subject: WebSEAL SecurityDomains

Hi,

We have a multitenant setup with several securitydomains on the same policyserver.
Is there a way from the REST API to map which domain a webseal instance belongs to?

I have only found a reverse option:
pdadmin domain list -> login -D domain -> server list





------------------------------
Øyvind Bergerud
------------------------------

Øyvind,

I wonder if it would be possible by using the WebSEAL instance name to determine the name of its configuration file and then using the REST API to get the value of something from Reverse Proxy configuration file that would identify the domain?  Not sure what parameter that would be.  Maybe bind-dn or ssl-local-domain... just an idea.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: 08-15-2018 03:55
From: Øyvind Bergerud
Subject: WebSEAL SecurityDomains

Hi,

We have a multitenant setup with several securitydomains on the same policyserver.
Is there a way from the REST API to map which domain a webseal instance belongs to?

I have only found a reverse option:
pdadmin domain list -> login -D domain -> server list





------------------------------
Øyvind Bergerud
------------------------------

The [ssl]ssl-local-domain and [ldap]bind-on options are masked.
Can use the REST API to download the config and then just grep out ssl-local-domain.

curl -s -k -u admin:secret -H 'Accept: application/json' -X GET 'https://isam9050.level2.org/wga/reverseproxy/sales?action=export' > sales.zip

unzip sales.zip etc/webseald-sales.conf

grep "ssl-local-domain" etc/webseald-sales.conf

------------------------------
Nick
ISAM Level II Support
------------------------------

Original Message:
Sent: 08-16-2018 05:07
From: Jon Harry
Subject: WebSEAL SecurityDomains

Øyvind,

I wonder if it would be possible by using the WebSEAL instance name to determine the name of its configuration file and then using the REST API to get the value of something from Reverse Proxy configuration file that would identify the domain?  Not sure what parameter that would be.  Maybe bind-dn or ssl-local-domain... just an idea.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: 08-15-2018 03:55
From: Øyvind Bergerud
Subject: WebSEAL SecurityDomains

Hi,

We have a multitenant setup with several securitydomains on the same policyserver.
Is there a way from the REST API to map which domain a webseal instance belongs to?

I have only found a reverse option:
pdadmin domain list -> login -D domain -> server list





------------------------------
Øyvind Bergerud
------------------------------

As Nick correctly states, it's not possible to read either bind-dn or local-ssl-domain via REST (which is rather frustrating).

Following suggestion of reading the configuration file, I used the following to get the ssl-local-domain out:

curl -s -S -k -H "Accept:application/json" --user admin:Passw0rd -X GET https://isam.iamlab.ibm.com/reverseproxy/rp1?action=export > /tmp/tmpzip;unzip -p /tmp/tmpzip etc/webseald-rp1.conf | grep ssl-local-domain

I'm not that great with string processing but I can get just the domain by adding cut and sed like this:

curl -s -S -k -H "Accept:application/json" --user admin:Passw0rd -X GET https://isam.iamlab.ibm.com/reverseproxy/rp1?action=export > /tmp/tmpzip;unzip -p /tmp/tmpzip etc/webseald-rp1.conf | grep ssl-local-domain | cut -d'=' -f2 | sed 's/ //'

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: 08-16-2018 12:39
From: Nick Lloyd
Subject: WebSEAL SecurityDomains

The [ssl]ssl-local-domain and [ldap]bind-on options are masked.
Can use the REST API to download the config and then just grep out ssl-local-domain.

curl -s -k -u admin:secret -H 'Accept: application/json' -X GET 'https://isam9050.level2.org/wga/reverseproxy/sales?action=export' > sales.zip

unzip sales.zip etc/webseald-sales.conf

grep "ssl-local-domain" etc/webseald-sales.conf

------------------------------
Nick
ISAM Level II Support

Original Message:
Sent: 08-16-2018 05:07
From: Jon Harry
Subject: WebSEAL SecurityDomains

Øyvind,

I wonder if it would be possible by using the WebSEAL instance name to determine the name of its configuration file and then using the REST API to get the value of something from Reverse Proxy configuration file that would identify the domain?  Not sure what parameter that would be.  Maybe bind-dn or ssl-local-domain... just an idea.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: 08-15-2018 03:55
From: Øyvind Bergerud
Subject: WebSEAL SecurityDomains

Hi,

We have a multitenant setup with several securitydomains on the same policyserver.
Is there a way from the REST API to map which domain a webseal instance belongs to?

I have only found a reverse option:
pdadmin domain list -> login -D domain -> server list





------------------------------
Øyvind Bergerud
------------------------------