Maximo Open Forum

OSLC (NextGenRest) API Authentication in IBM Maximo

  • 1.  OSLC (NextGenRest) API Authentication in IBM Maximo

    Maximo Certified
    Posted 05-21-2020 09:55

    From IBM Maximo version onwards, IBM has provided a new REST APIs. The new REST APIs for Maximo is a rewrite of the existing REST APIs that were released after Maximo Asset Management version 7.1. These new APIs are also known as REST/JSON APIs or OSLC APIs and provide multiple benefits.

    Authentication of these APIs depends on the kind of deployment that has been done on Maximo. There are 2 kind of authentication which Maximo provides-

    1. Maximo Native authentication
    2. LDAP based authentication

    LDAP based authentication can be subdivided further into 2 types of configuration-

    a. Basic <login-config> based

    b. Form <login-config> based

    OSLC API Authentication for Maximo Native :

    In System Properties if mxe.useAppServerSecurity=0 then Maximo uses Native authentication and validates user credentials from MAXUSER table in its DB schema.

    For Native authentication enabled deployment, to access OSLC API, we have to pass the MAXAUTH parameter with API header and get the result. MAXAUTH is Base-64 encoded username: password combination.

    Using MAXAUTH authentication will return JSESSIONID as Cookies which should be used to maintain sessions. This session id will ensure that Maximo doesn’t open new connections and utilize the existing session. Tools like Postman automatically save these cookies and utilizes them for subsequent calls but it can be catch and pass programmatically as well.

    OSLC API Authentication for LDAP based:

    In System Properties if mxe.useAppServerSecurity=1 then Maximo uses LDAP authentication and validates user credentials from LDAP Directory configured in Websphere or Weblogic. Security settings are defined in web.xml files. We make changes to the web.xml file in each of the following directories:

    • install_home/maximo/applications/maximouiweb
    • install_home/maximo/applications/maxrestweb
    • install_home/maximo/applications/mboweb
    • install_home/maximo/applications/meaweb

    In these files <login-config> section will have either FORM or BASIC login.

    a. BASIC Authentication:

    When Basic authentication is enabled then we have to pass Basic authentication and provide LDAP Maximo credentials.

    When LDAP is enabled then API returns LtpaToken2 and JSESSIONID for session management.

    b. FORM Authentication:

    When Form-based authentication is enabled then we have to call first /maximo/j_security_check and pass j_username and j_password as params. Parameters j_username and j_password are nothing but the same user credentials which users use to login to Maximo.

    This will provide Start Center page as response body and after making this call we have to make a call to subsequent APIs.

    JSESSIONID, LTPA Token, and other cookies returned will be used to get data from subsequent APIs. In subsequent API, we have to pass j_username and j_password but users need to be mindful of that if we are not calling /j_security_check first and directly calling any other API, we’ll not be getting any data as Cookies (LTPA Token) will not be available.

    In case you have FORM-based authentication enabled on Maximo UI and you don’t want to use the above method of calling first j_security_check and then calling subsequent APIs then you can use /maxrest context for authentication.

    In your Maximo deployment, you can enable Form-based authentication on maximouiweb for Maximo UI and Basic authentication on /maxrest context for API calls. In IBM documentation, many places IBM has given /maximo/oslc/os as context to be used with OSLC API but we can utilize /maxrest/oslc/os context as well to get the same OSLC API’s response.

    Below are 2 system properties provided by IBM which you can utilize to change the context as required:


    Prashant Sharma