Maximo 22.214.171.124 provides the capability to integrate Maximo with Identity Providers (IdP) like Azure AD, Open Connect etc., using SAML. Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP).
As this integration worked properly on IBM MAXIMO UI application, Browser less connection for Maximo REST, OSLC APIs was not supported and needed direct local active directory connection. Maximo has added this feature of API Key from Maximo 126.96.36.199 which can be used to overcome the unseen limitation. In the earlier versions of Maximo, creation of API for specific user and management of the key was not user friendly and it needed MAXAUTH to be passed to generate the API Key from REST/OSLC API call. With Maximo 188.8.131.52, API Key feature has been improved and now administrators can generate the API keys for users from Maximo UI and revoke them on the go.
Once users have integrated Maximo with SAML authentication, users can go to the Work Center application and can assign the API keys from the Administration Work Center.
We have mentioned the steps in details below on how API Keys can be created and used for REST/OSLC APIs -
1.To create API key, administrators should go to Administration Work Center > Integration.
2. Click on the API Keys and click on the Add API Keys button-
Search for user for which API Key needs to be generated and click on the Add button.
This will generate API Key for the user and the key will be visible on the work center. In the future, if the administrator wants to revoke the access of the user, then the key can be deleted by pressing the Delete button on the same card.
5. Now this API Key can be used with REST/OSLC APIs.
While using the API Key, there is no need to pass MAXAUTH for Non-LDAP (Native Authentication) or User Credentials with BASIC Auth for LDAP enabled Maximo Instance.
6. APIKEY will be passed in Params for API and which will provide the API output after authentication from Maximo.
EAM360 uses API Keys for authenticating REST/OSLC APIs for SAML Authentication enabled Maximo environments.Thanks,
You need to do the action on the server side if you don't want them to be able to see the API key. For example, if you have a SR submission website that anyone in your organization uses and that interacts with Maximo, don't have the interaction occur with Maximo on the client side but the server side. Otherwise they would be able to see the API key utilized to authenticate the requests.
In 184.108.40.206 we did enhance the security of the API key in a variety of ways based on feedback I had provided (when I was at a Business Partner) and other customers. mxe.secureapikey system property was added to encrypt the API key for storage in the database and is enabled by default. mxe.apikeysysusers allows you to specify a list of users that you cannot create an API key for (unless it was done with their username/password). This allows you to prevent someone with the ability to create an API key for creating an API key for an admin account (like maxadmin/mxintadm). mxe.apikeyforloggedinuser takes it a step further and only allows you to create an API key for yourself. If you don't want anyone to be able to create API keys for other users, this will help prevent that.
Join CommunityInvite ColleaguesLearn MoreGet Started on MORE