Web Service Endpoints for the Custom Connector

Learn how to configure web service endpoints for the custom connector.
capam33
Each target connector must support three web service classes:
The Custom Connector software comes with a project named customConnectorTemplate. This project includes all three services, which are defined in com/ca/pam/customConnectorTemplate/api. Before you develop your own target connector, read about each service class in detail. Then use the customConnectorTemplate as a basis to write your own Java code.

Credentials Service

The Credentials service verifies and updates the credentials for an account at the remote target device.
URLs for the Credentials service:
  • http://
    tomcat_host
    :
    port
    /capamef/targetConnectors/
    target_connector_name
    /credentials/validate
  • http://
    tomcat_host
    :
    port
    /capamef/targetConnectors/
    target_connector_name
    /credentials/update
Method supported:
POST
Sample REST call:
HTTP POST http://112.22.30.111:8443/capamef/targetConnectors/exampleTargetConnector/credentials/validate
The following sample code includes requests to update and verify credentials. The extended attribute sections are based on the account and application attributes defined uiDefinitions.json file.
sample credentials.java
sample credentials.java

UIDefinitions Service

The UIDefinitions service returns UI definitions in JSON format for a specified field type.  This service determines how the Java code and the JSON file work together.
URL for the uiDefinitions service:
http://
tomcat_host
:
port
/capamef/targetConnectors/
target_connector_name
/uiDefinitions/{
uiDefinitionType
}
In the uiDefinitions service URL:
  • tomcat_host:port
    values are not case-sensitive.
  • target_connector_name
    must be in lower camel case. For example, customTargetConnector.
  • uiDefinitionType
    must be
    account
    or
    application
Method supported:
GET
Sample REST call:
HTTP GET http://112.22.30.111:8443/capamef/targetConnectors/exampleTargetConnector/uiDefinitions/application
Sample Response from the TCF:
{"_data":{"application":{"uiDefinition":{"tabs":[{"label":"Example - Application","id":"ExampleAppDetail",
"fields":[{"type":"NUMBER","field":"connectTimeout","minValue":"1","label":"Connect Timeout","required":false,"value":"60000"},
{"type":"NUMBER","field":"readTimeout","minValue":"1","label":"Read Timeout","required":false,"value":"5000"},
{"type":"NUMBER","field":"sshPort","minValue":"0","label":"SSH Port","required":false,"value":"22","maxValue":"65535"},
{"type":"RADIO","field":"connectorProtocol","label":"Connector Protocol","required":false,"value":"TLS_1.2",
"values":[{"label":"TLS 1.0","value":"TLS_1"},{"label":"TLS 1.2","value":"TLS_1.2"},{"label":"TLS 1.3","value":"TLS_1.3"}]},
{"type":"COMBOBOX","field":"additionalEncryption","label":"Additional Encryption","required":false,"value":"AES",
"values":[{"label":"Triple DES","value":"TRIPLEDES"},{"label":"RSA","value":"RSA"},{"label":"Blowfish","value":"BLOWFISH"},
{"label":"Twofish","value":"TWOFISH"},{"label":"AES","value":"AES"}]},
{"type":"CHECKBOX","field":"useCertificate","label":"Use Certificate","required":false,"value":"false"},
{"type":"TEXTAREA","field":"certificate","label":"Certificate","required":false}]}]}}},"_meta":{"_success":"true"}}

Validations Service

The Validations service verifies account and application data before saving it into the
Privileged Access Manager
database.
URL for the Validations service
: http://
tomcat_host
:
port
/capamef/targetConnectors/
target_connector_name
/validations/{
validationType
}.
  • If the
    validationType
    is
    account
    ,
    this service validates data for target account creation and update.
  • If the
    validationType
    is
    application
    ,
    this service validates data target application creation and update.
Methods supported:
POST, PUT
Sample REST call:
HTTP POST http://112.22.30.111:8443/capamef/targetConnectors/exampleTargetConnector/validations/application
The following sample request payload includes requests to the Validations service. The extended attributes in the payload are defined in the previous sample response for the uiDefinitions service.
Sample Request Payload:
"application": {
"targetServer": {
"hostName": "114.20.50.111",
"ipaddress": "114.20.50.111",
"deviceName": "UnixDevice"
},
"name": "UnixApp",
"type": "exampleTargetConnector",
"extendedAttributes": {
"sshPort": "22",
"additionalEncryption": "AES",
"connectorProtocol": "TLS_1.2",
"readTimeout": "5000",
"useCertificate": "false",
"connectTimeout": "60000",
"certificate": ""
}
}
A ValidationManager class is distributed in the core library. This class validates data based on the constraints in the uiDdefinitions JSON file. In additions to these standard validations, you can add custom validations to this class. If a validation fails, the ValidationManager class throws an ExtensionException with a list of messages.
To see sample code, look at the Validations.java class in the customConnectorTemplate project.
Now that you are familiar with the components for creating a custom target connector, Build Your Custom Connector.