Workflow Automation web service calls must authenticate to a BSL and optionally identify a Workflow Automation Server to handle the request. If the BSL is using Windows authentication, the BSL authenticates the caller’s Windows credentials through the WindowsRestful web service URL and ignores any credentials included in the web services call. If an impersonation entry exists for an adapter, calling the adapter will authenticate with the impersonation credentials instead of Windows authentication or credentials included with the web services call.
If the BSL is not using Windows authentication, and no impersonation entry exists for the requested adapter, each web service call supports the following three groups of parameters for authentication and identification:
Parameters userName and password authenticate the call to a Workflow Automation BSL and its primary Workflow Automation Server
Parameters hostName and portNumber identify a BSL secondary Workflow Automation Server to handle the call
Parameter sessionID, returned from a successful login call, represents a session with a BSL primary Workflow Automation Server for subsequent web service calls
All web service calls require BSL authentication, either the userName/password pair or a sessionID.
A client that makes single, infrequent web service calls can authenticate each call separately. Otherwise, a client can issue a login call and use the sessionID returned in the response body as authentication for subsequent calls.
By default, BSL authentication includes authentication to the BSL primary Workflow Automation Server. A client can use userName and password with hostName and portNumber to identify and authenticate to the BSL and a secondary Workflow Automation Server.
The following table summarizes the BSL authentication parameters.
|
Parameter |
Description |
|---|---|
|
userName |
REQUIRED. User name for authentication to the Workflow Automation BSL. |
|
password |
REQUIRED. Password for authentication to the Workflow Automation BSL |
By default, the BSL authenticates and directs web service calls to the primary Workflow Automation Server as specified in the BSL configuration file. If the client must call a secondary Workflow Automation Server, the call must include Workflow Automation Server identification parameters. The BSL uses the Workflow Automation Server identification parameters to authenticate and direct a web service call to a secondary Workflow Automation Server.
A client can use the following combinations of Workflow Automation Server identification parameters on web service calls:
The hostName and portNumber parameters with the userName and password parameters authenticate to the BSL and specified Workflow Automation Server. The BSL directs the call to the specified server.
The hostName and portNumber parameters with the sessionID parameter authenticate to the specified Workflow Automation Server using the credentials from the sessionID parameter. The BSL directs the call to the specified server.
NOTE:The sessionID parameter alone always directs the call to the BSL primary Workflow Automation Server.
The hostName and portNumber parameters on a login call authenticate to the BSL and to the specified Workflow Automation server. The login call returns an error if the hostName and portNumber do not identify a Workflow Automation server under the BSL.
The following table summarizes the Workflow Automation Server identification parameters.
|
Parameter |
Description |
|---|---|
|
hostName |
OPTIONAL. Workflow Automation server host name. |
|
portNumber |
OPTIONAL. Port number where the Workflow Automation server listens for requests. |
A successful login call returns session identifier parameter sessionID in its response body. The sessionID parameter represents an open session between the client and the BSL primary Workflow Automation Server. A client can use the session identifier for subsequent web service calls to the primary Workflow Automation Server.
To redirect a call from the primary Workflow Automation Server to a secondary also under the BSL, the call must include the hostName and portNumber parameters with the sessionID to identify and authenticate to the Workflow Automation Server.
A client can include the hostName and portNumber parameters on a login call to authenticate to the BSL and a secondary Workflow Automation Server. The login call returns an error if the Workflow Automation Server is not available under the BSL.
NOTE:Regardless what Workflow Automation Server the client specifies on the login command, the sessionID returned in the response body always identifies the BSL primary Workflow Automation Server.
The sessionID parameter has a 24-hour time lease that is renewed each time the client uses it. The sessionID parameter is also good for either web service, that is, a client can use the sessionID returned by an Integration web service login call to send either Integration or IQConnect web service calls.