OSLC (NextGenRest) API Authentication in IBM Maximo

From IBM Maximo version 7.6.0.2 onwards, IBM has provided a new REST APIs. The new REST APIs for Maximo is a rewrite of the existing REST APIs that were released after Maximo Asset Management version 7.1. These new APIs are also known as REST/JSON APIs or OSLC APIs and provide multiple benefits.

Authentication of these APIs depends on the kind of deployment that has been done on Maximo. There are 2 kind of authentication which Maximo provides-

  • Maximo Native authentication
  • LDAP based authentication

LDAP based authentication can be subdivided further into 2 types of configuration-

  • Basic based
  • Form based
OSLC API Authentication for Maximo Native:

In System Properties if mxe.useAppServerSecurity=0 then Maximo uses Native authentication and validates user credentials from MAXUSER table in its DB schema.

For Native authentication enabled deployment, to access OSLC API, we have to pass the MAXAUTH parameter with API header and get the result. MAXAUTH is Base-64 encoded username: password combination.

Using MAXAUTH authentication will return JSESSIONID as Cookies which should be used to maintain sessions. This session id will ensure that Maximo doesn’t open new connections and utilize the existing session. Tools like Postman automatically save these cookies and utilizes them for subsequent calls but it can be catch and pass programmatically as well.

OSLC API Authentication for LDAP based:

In System Properties if mxe.useAppServerSecurity=1 then Maximo uses LDAP authentication and validates user credentials from LDAP Directory configured in Websphere or Weblogic.

Security settings are defined in web.xml files. We make changes to the web.xml file in each of the following directories:

  • install_home/maximo/applications/maximouiweb
  • install_home/maximo/applications/maxrestweb
  • install_home/maximo/applications/mboweb
  • install_home/maximo/applications/meaweb

In these files section will have either FORM or BASIC login.

a. BASIC Authentication:

When Basic authentication is enabled then we have to pass Basic authentication and provide LDAP Maximo credentials.

When LDAP is enabled then API returns LtpaToken2 and JSESSIONID for session management.

b. FORM Authentication:

When Form-based authentication is enabled then we have to call first /maximo/j_security_check and pass j_username and j_password as params. Parameters j_username and j_password are nothing but the same user credentials which users use to login to Maximo.

This will provide Start Center page as response body and after making this call we have to make a call to subsequent APIs.

JSESSIONID, LTPA Token, and other cookies returned will be used to get data from subsequent APIs. In subsequent API, we have to pass j_username and j_password but users need to be mindful of that if we are not calling /j_security_check first and directly calling any other API, we’ll not be getting any data as Cookies (LTPA Token) will not be available.

In case you have FORM-based authentication enabled on Maximo UI and you don’t want to use the above method of calling first j_security_check and then calling subsequent APIs then you can use /maxrest context for authentication.

In your Maximo deployment, you can enable Form-based authentication on maximouiweb for Maximo UI and Basic authentication on /maxrest context for API calls. In IBM documentation, many places IBM has given /maximo/oslc/os as context to be used with OSLC API but we can utilize /maxrest/oslc/os context as well to get the same OSLC API’s response.

Below are 2 system properties provided by IBM which you can utilize to change the context as required:

Author: 

Prashant Sharma

Principal Solution Architect - Maximo & EAM360. Helping client with successful EAM Implementation| BlockChain & Iot Enthusiast

Explore More About EAM360

Submit your email with us to connect and discuss more about the EAM360 mobile applications and how we can enhance your Enterprise Asset Management processes.