CA Identity Manager Mobile App › How to Configure CA Identity Manager to Support the Mobile App › Create a Web Services Configuration

Create a Web Services Configuration

The mobile app uses REST web services to communicate with CA Identity Manager. To support the mobile app, a system administrator creates a web service definition in the User Console.

Note: REST calls do not work if encryption in the web service configuration is enabled.

Follow these steps:

1. Log in to the User Console as a user with system administrator privileges.
2. Create a web service definition as follows:
   1. Navigate to System, WebServices, Create Web Services Configuration.
   2. On the Profile tab, complete the following fields:
      • Name: any name. For example: RestMobile
      • Identifier: unique identifier. The default value is RestMobile.

        The value of the Identifier field must match the value of restid in the mobile app configuration.

        Consider changing the value of the Identifier and the restid for increased security.

      • Enable Attribute: Select this check box.
   3. On the Security tab, complete the following:
      • Determine if you need to select the "Require Secure Communication" option:

   Note: Consider encrypting all mobile application http traffic. There are, typically, two ways to configure this traffic:

   • Using a Proxy Server: In this use case, the CA Identity Manager server will be behind a firewall. You may decide not to secure the communication from the Proxy Server to the CA Identity Manager server. However, you should ensure the http communication between the mobile application and the proxy server is secure. For this use case, do NOT select the "Require Secure Communication".

   Note: If not integrating CA Identity Manager and CA SiteMinder®, select the "Require Secure Communication" option so that the SSL communication remains for the Web Services calls.

   • Directly to the CA Identity Manager server: In this use case, the mobile client communicates directly to the CA Identity Manager server; this http communication should be encrypted. To enforce that requirement, select the "Require Secure Communication" option.
   • Verify that Enable Encryption is not selected.

   Note: If encryption is enabled, user details do not display in the mobile app.

   1. On the Object Types tab, browse to USER, select USER, and click the Edit button.
   2. Select only Allow View Access.

      Remove other access permissions by clearing the Allow Modify Access, Allow Create Access and Allow Delete Access options.

   3. On the Self Administration tab, complete the following steps:
      • Select the Add button below Member Rule to create a member role and specify "all".

        Note: You can only create one member rule.

      • Enable Password Reset to support the Change Password feature in the mobile app.
   4. On the Member tab, build a member rule with the following criteria:
      • Activation Code = Registered, or
      • Activation Code >0
   5. Submit and Save the web service.