IBM WebSEAL discovery
The ® Discovery application uses the IBM WebSEAL patterns to find WebSEAL applications, web application servers, and junctions on your infrastructure. Discovering some of these resources requires installing the Discovery and Service Mapping Patterns application from the ® Store.
Request apps on the Store
Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Prerequisites
- Detailed information on IBM WebSEAL
For information, see Detailed information on products discovered by ITOM Visibility
- Authentication
The WebSEAL authentication process includes HTTP header authentication with basic credentials Basic authentication credentials.
If you’re running discovery for the first time, configure Credential affinity for Discovery and Orchestration Credential affinity for Discovery and Orchestration.Remarque :Credential affinity isn’t available In debug mode.- Configured MID Server
Ensure the MID Server has access and permissions to send HTTPS requests to the WebSEAL application.
- Configured user permissions to execute API calls
Ensure that the user has the permission to run the following API:
/net/general
/net/dns
/wga/reverseproxy
/wga/reverseproxy/<reverse_proxy_id>/configuration/stanza/junction/entry_name/match-vhj-first
- /wga/reverseproxy/<reverse_proxy_id>/junctions
/wga/reverseproxy/"<reverse_proxy_id>/junctions?junctions_id=<junction_id>
/wga/widgets/health.json
- HTTP Classification enabled
- The IBM WebSEAL Pattern is triggered when you run the discovery on the server that the WebSEAL is on. Ensure that the HTTP Classification is present in the instance. For more information, see Create an HTTP classification and Run discovery through an HTTP or HTTPS REST call
Data collected during horizontal discovery
| Field | Description |
|---|---|
| ISAM Server [cmdb_ci_isam_server] | |
| name | The name of the server as returned by the /net/general API call. If the field is empty, nslookup on the IP address would be attempted to populate this field. |
| IP Address [ip_address] | The IP address according to the discovery schedule/configuration. |
| fqdn | The search_domain returned by the/net/dns API call. |
| WebSEAL [cmdb_ci_app_server_webseal] | |
| name | The name of the WebSEAL server as returned by the API. |
| IP Address [ip_address] | The IP address according to the discovery schedule/configuration. |
| fqdn | The search_domain returned by the /net/dns API call. |
| install_status | The status is set to installed by default. |
| operation_status | The status is set to operational by default. |
| install_directory | According to the identification requirement, this field is populated with the FQDN of the server. |
| WebSEAL Reverse Proxies [cmdb_ci_webseal_reverse_proxy] | |
| name | The name of the resource according to the API response. |
| object_id | The ID of the resource, of the API response. |
| install_status | Indicates if the installation is enabled. |
| operational_status | Indicates if the operation has started. |
| service_type – hard-coded | The status is set to Webseal Reverse Proxyby default. |
| webseal_health_status | The WebSEAL reported health status regarding the /wga/widgets/health.json API call |
| WebSEAL Junctions [cmdb_ci_webseal_junction] | |
| name | The name of the resource according to the API response. |
| object_id | The id of the resource, created as a unique hash number corresponding to the case-sensitive name of the resource. Remarque : The case insensitivity of the queries may create duplicate fields when the
name value is identical to the Object ID value. One of the identification attributes must be changed to have a unique value. |
| install_status | Hard-coded to installed status |
| operational_status | Hard-coded to operational status |
| stateful_junction | Boolean value indicating whether it’s a stateful Junction |
| transparent_path_junction | Boolean value indicating whether it’s a transparent path Junction |
| junction_type | List for the type of the Junction |
| WebSEAL Backend Servers [cmdb_ci_webseal_backend_server] | |
| name | the name of the resource, as per API response |
| object_id | the id of the resource, as per API response |
| install_status | the status of the resource as per the “enabled” value in the API response |
| operational_status | the status of the resource as per the “operation state” value |
| server_id | The UUID used to identify the junction web server |
| http_port | HTTP port of the back-end third-party server. Applicable when the junction type is tcp. |
| service_port | TCP port of the back-end third-party server. Default is 80 for TCP junctions and 443 for SSL junctions |
| Priority | The priority of the server (1-9). Default is 9. |
| CI | Relationship Type | CI |
|---|---|---|
Webseal [cmdb_ci_app_server_webseal] |
Runs on::Runs |
ISAM Server [cmdb_ci_isam_server] |
Webseal Reverse Proxy [cmdb_ci_webseal_reverse_proxy] |
Hosted on::Hosts Reference[load_balancer] |
Webseal [cmdb_ci_app_server_webseal] |
Webseal Reverse Proxy [cmdb_ci_webseal_reverse_proxy] |
Runs on::Runs Reference[isam_server] |
ISAM Server [cmdb_ci_isam_server] |
Webseal Junction [cmdb_ci_webseal_junction] |
Allocated to::Allocates Reference [service] |
Webseal Reverse Proxy [cmdb_ci_webseal_reverse_proxy] |
Webseal Junction [cmdb_ci_webseal_junction] |
Owns::Owned by Reference [pool] |
Load Balancer Pool Member [cmdb_ci_webseal_backend_server] |
Webseal Junction [cmdb_ci_webseal_junction] |
Reference only [load_balancer] |
Webseal [cmdb_ci_app_server_webseal] |