Rest / OSLC API Authentications Native or LDAP (Basic/Form) | Maximo

The most common forms of authentication to use with REST API are:

• Native - (MaxUser Tables)
• LDAP - (Directory service authentication)

Update: In Mas Manage, The former methods of utilizing maxauth (native authentication) or basic auth (LDAP) are no longer supported because MAS provides its own OIDC identity provider OOB. So we need to utilize API key and utilize the /maximo/api route. 

Native Authentication

   is configured to manage users' credentials within Maximo MaxUsers tables. Maximo is responsible for authenticating all the incoming REST calls. 

The Below System property tells us the application security is off. Also, the HTTP request header and return are shown below:

System Property
	mxe.useAppSecurity	0
URL call
	http://localhost/maximo/oslc/login
Request Headers
	MAXAUTH	<BASE64encoded user:password>
Response in Return
	JSESSIONID	As cookie to maintain the same session

NOTE: Postman automatically save these cookies and utilize them for subsequent calls, but it can be handled programmatically. 

LDAP

The Below System property tells us the application security is ON.

System Property
	mxe.useAppSecurity	1

in LDAP Maximo uses directory authentication and validates users' credentials from the directory configured in WebSphere.

In this case, security settings are defined in WEB.XML file in below mentioned 4 files

maximo/application/maximoweb.xml

maximo/application/maxrestweb.xml

maximo/application/mboweb.xml

maximo/application/meaweb.xml

    in these files <login-config> section needs to be uncommented to use either FORM or BASIC authentication. 

 

1. Form (User Login Form but it will authenticate from a directory)
2. Basic Authentication

FORM Authentication

System Property
	mxe.useAppSecurity	1
First URL call to authenticate
	http://localhost/maximo/j_security_check
Parameters
	j_username	<userid>
	j_password	<password>
Response in Return
	LtpaToken2
	JSESSIONID	As cookie to maintain the same session

When <login-form> is enabled for form authentication then first we have to call URL /maximo/j_security_check with parameters j_username and j_password same LDAP credentials. In response, we will lptatoken2 and jsessionid and other cookies returned will be used to get data from subsequent calls. 

For Subsequent Calls
URL	/maximo/	No need of j_security_check.
Parameters	j_username
	j_password

For subsequent calls, only j_username and j_password parameters are required without /j_security_check. 

But remember first time /j_security_check is required because it returns LTPA Token.

If you are using the form on MAXIMO UI but you don't wanna use j_security_check in APIs then use  /maxrest/oslc context root instead of maximo/oslc.

2. Basic Authentication

System Property
	mxe.useAppSecurity	1
URL call
	http://localhost/maximo/oslc/login
Request Headers
	Authorization	BASIC <BASE64encoded user:password>
Response in Return
	LtpaToken2
	JSESSIONID	As cookie to maintain the same session

TIP: During deployment, you can use both Form and Basic:

• for maximouiweb -> form based 
• for maxrest -> basic

 like form is for UI and basic is for maxrest.

There are 2 system properties that define URL for each type

System Property
	mxe.oslc.restwebappurl	http://localhost/maxrest/oslc
	mxe.oslc.webappurl	http://localhost/maximo/oslc