Requirements for using the RPC API
To access One Identity Safeguard for Privileged Sessions (SPS) using the RPC API, the following requirements must be met:
-
Accessing the appliance via the RPC API must be enabled on the web interface. For details, see Enabling RPC API access to One Identity Safeguard for Privileged Sessions (SPS).
-
The appliance can be accessed using the SOAP protocol over authenticated HTTPS connections. The WSDL describing the available services is available at https://<ip-address-of-SPS>/rpc.php/<techversion>?wsdl. For details on the client libraries tested with SPS see RPC client requirements.
-
The user account used to access SPS via RPC must have read and write/perform rights for the Access RPC API privilege. This is required for every type of RPC access, even for read-only operations. Members of the api group automatically have this privilege. For details on managing user privileges, see Modifying group privileges.
|
Caution:
Each SPS release provides a separate API with a new API version number. You are recommended to use the SPS version 6.9.5 with the corresponding API version. Earlier versions are not supported |
RPC client requirements
The client application used to access One Identity Safeguard for Privileged Sessions (SPS) must meet the following criteria:
-
Support SOAP version 1.1 or later.
-
Support WSDL version 1.1.
-
Properly handle complex object types.
-
Include a JSON decoder for interpreting the results of search operations.
The following client libraries have been tested with SPS.
Table 29: SOAP libraries tested with SPS
Apache Axis 1 |
Java |
Working |
|
Built-in .NET library |
.NET |
Working |
SPS does not support the Expect HTTP Header feature, and must be disabled, for example, using System.Net.ServicePointManager.Expect100Continue = false; |
Scio |
Python |
Partially working |
Does not handle complex object types, so it cannot perform search queries. |
SOAP::Lite |
Perl |
Working |
-
Simple types can be used with the following format: $service->$method(@params)
-
Complex types work only with the following format: $service->call($method, @params)
-
Calls using the $service->call() format seem to work after doing at least one $service->$method(@params) call, for example, a login. |
SOAP::WSDL |
Perl |
Not working |
|
Suds |
Python |
Working |
|
Locking One Identity Safeguard for Privileged Sessions (SPS) configuration from the RPC API
Accessing One Identity Safeguard for Privileged Sessions (SPS) using the RPC API locks certain components of SPS from other users, just like accessing SPS using the web interface or the console. Locking SPS via RPC can be performed either explicitly by calling the lockAcquire function, or implicitly when an operation requires the lock. In either case, ensure that your application verifies that the lock is received and properly handles if the component is locked by someone else (for example, because a user is accessing the component from the web interface).
For details on how locking works in SPS, see "Multiple users and locking" in the Administration Guide.
Documentation of the RPC API
The documentation of the One Identity Safeguard for Privileged Sessions (SPS) RPC API is available online from the SPS web interface: select Basic Settings > Management > RPC API settings > Open documentation, or directly from the following URL: https://<ip-address-of-SPS>/rpc-api-doc/. This documentation contains the detailed description of the available services and classes.