OSB: HTTP digest authentication for WebServices

Similar Messages

• Digest authentication for webservices

  Hi,
  Does WLS9.2 support digest authentication?
  protocol described in RFC 2617 (http://www.ietf.org/rfc/rfc2617.txt)
  Thanks

  Did you figure out how to do it.?

• HTTP Digest Authentication in Weblogic Server ?

  I understand that Weblogic Server 10.3.0.0 does not have declarative support for HTTP Digest Authentication. In that case, what are the alternatives to do HTTP Digest Authentication on the server ?
  Edited by: user566628 on Sep 19, 2008 1:47 PM

  I would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
  http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
  If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon.

• HTTP digest Authentication, using HttpURLConnection

  Hi,
  My requirement is simple, my stanalone applicaiton creates a XML request sends that to a web Application. Now to do this the Web application needs a HttpDigest Authentication. To do this wat we are doing is create a http url connection and get 401 response and then use that ot create the digest. to accomplish this the same urlConnection need to be used, else the new URL connection will send a new request. But in HttpUrlConnection there is a limitation that it can be used for only single request-response cycle.... can anybody suggest on this, wats the best practice to do HTTP digest authentication while communicating from a Stand alone application to a web application........................

  I would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
  http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
  If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon.

• How set  UserName and Password for HTTP Basic Authentication for a servlet

  Hi..
  How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
  Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
  But i dont know how do it in JBOSS..
  I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
  Thank u

  Hi Raj,
  You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
  Store the user information in a database table and check the username and password when the user enters it.
  You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
    CASE sy-ucomm.
      WHEN 'BACK'.
        LEAVE PROGRAM.
      WHEN <fcode for submit>.
        SELECT SINGLE uname pwd
         FROM <DB table>
         INTO (user, pass)
         WHERE username = user AND
                 password = passwd.
        IF sy-subrc = 0.
  <Go to next screen for further processing>
        ELSE.
  <Display Error message and exit>
        ENDIF.
    ENDCASE.
  Regards,
  Amit
  Message was edited by:
          Amit Kumar

• How to configure a Proxy in OSB with Digest Authentication?

  Hello, Guys.
  I need a help with this subject.
  I have a demand to configure a Proxy in OSB 11.1.1.6 with Digest Authentication. I'm using a Embedded Ldap with Identity Asserter.
  I'have configured a DefaultAuthenticator and the DefaultIdentityAsserter to support Digest Password and create a new LdapIdentityAsserter pointing to my embedded Ldap.
  When I'll create a new Proxy, in the security options, i can see the digest options to authenticate my username and password. I selected the one of all the options, but in the time of the Proxy test the authentication didn't work.
  Could anyone help me?
  Thanks you.

  Unfortunately, a reference trigger can't be used for continuous acquisition after the trigger. The maximum post-trigger count is either 2^24 or 2^32 depending on your hardware. Depending on your sampling rate and how many samples you expect to acquire before issuing a software stop, using the max post-trigger count may be sufficient for you. There are a couple of other options I can think of that you might want to try:
  1.) If possible, play with the trigger condition such that it occurs at the start of your pre-trigger data and use it as a start trigger instead. I suspect this may not be possible.
  2.) Set up a continuous acquisition and implement detection of the trigger condition through software. This is more software work and is more CPU intensive than the hardware solution, but it can definitely be made to work.
  3.) With some creative use of the counters, you may be able to latch the sample clock number that trigger occurred on. This would allow you to setup a continuous acquisition and use the hardware to tell you where the trigger occurred instead of figuring it out in software. What I'm thinking is you would set up a buffered event counting task with the ai/SampleClock as the timebase source of the counter and the trigger signal as the sample clock of the counter. By reading the first count value, you should know which AI sample the trigger occurred. From there, you can seek to the right position in the buffer and begin reading data indefinitely.
  Good luck!

• HTTP Basic authentication for proxy service and its wsdl?

  Hello:
  For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
  My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
  Is this possible to configure on OSB / WLS? How?
  Greetings!
  Edited by: user4483647 on 02-sep-2010 12:59
  Edited by: user4483647 on 02-sep-2010 13:25

  If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
  http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
  Edited by: mneelapu on Apr 2, 2009 2:09 PM

• Regarding Kerberos authentication for webservices.

  Hi,
        I need to use kerberos authentication for my receiver webservice.  I am working in PI7.1 . Which adapter I can use for this ( WS-RM adapter or SOAP adapter) and How to configure it for kerberos. I mean, which value of authentication parameter refers to kerberos authentication.
  Regards,
  Reyaz hussain

  Hi Reyaz,
  To tell you frankly i never come across this kerberos protocol but since you would like to use there is certainly a chance after the launch of PI 7.1. The launch has Opened the Door to the World of Web Services Reliable Messaging.  "The Integration Directory enables you to easily configure scenarios where the Integration Server acts as a message hub between WS-RM-enabled applications and any other application or technical system. Thus, you can configure scenarios where either a Web Service client calls the Integration Server and the message is then routed to any other application, or the other way around where any application calls a Web Service provider via the Integration Server. In the Integration Directory you can do the complete configuration of the Integration Server inbound or outbound processing."
  https://www.sdn.sap.com/irj/scn/wiki?path=/display/profile/2007/07/25/new+news&focusedcommentid=44360
  Regards
  joel

• Authentication for Webservice

  Hi All,
  I have exposed my outbound interface as a webservice sucessfully
  But the problem is I need to provide a User Id  to contact XI SOAP adapter. I dont require any authentication for this webservice client. How can I disable the authentication check for this particular webservice.
  I have seen some forum posts, which suggested me to make some modification in web.xml which will disable auth for all webservices. Is it possible for me to disable the authentication check only for this particular webservice?
  Regards,
  Jai Shankar

  Jai,
  ><i>How can I disable the authentication check for this particular webservice.</i>
  Check this thread. But this will turn of Authentication for all SOAP Sender Adapters.
  User Names and Passwords in SOAP adapter
  ><i>I have seen some forum posts, which suggested me to make some modification in web.xml which will disable auth for all webservices. Is it possible for me to disable the authentication check only for this particular webservice?</i>
  Its either for all SOAP adapters or for none . there is no middle ground.
  Better way is to use Access Control List.
  Regards
  Bhavesh

• HTTP Digest Authentication

  Hi,
  To authenticate users I have to use digest authentication (RFC2617). However, it seems there is no support for this authentication in BEA webserver 8.1.
  How can I best implement this? Any tips on where to find classes which I can reuse, I hope I do not have to develop this from scratch.
  Thanks,
  Steve

  Steve, did this ever get solved? I have the same issue trying to use Mappoint.
  Thanks.

• Http proxy setting for webservice client.

  Hi !
  I have set the following option for accessing the webservice through the proxy(webservice
  outside the firewall).
  I'm using weblogic v7.0 with sp1.
  -Dweblogic.webservice.transport.http.proxy.host=xxxx
  -Dweblogic.webservice.transport.http.proxy.port=8088
  It works fine and my soap client is able to access the webservice lying outside
  the firewall.
  But when I use the same setting, the soap client fails for accessing the webservice
  which are
  inside the firewall.
  I get "Connection refused".
  Is there any option to specify not to use proxy for specific hosts and ports ?
  For example http.nonProxyHost
  Any pointers will be of great help.
  Thanks
  Kumar Raj

  I have not worked in SoA server, but since it uses weblogic server underlying (I assume), you can try setting the -Dhttp.proxyHost , -Dhttp.proxyPort system properties ( https for secured URL's) to WLS to specify the proxy details. Also the product might not have the capability to pass user credentials for authentication at the proxy. The version of OSB we are using had this problem. To overcome this you might require to add the URL to the proxy free list in your proxy server. This prevents the proxy from prompting for the user name when you access that URL.

• Http proxy authentication for JDev 10.1.3

  Hi,
  I found the http proxy settings in the "tools->preferences->Web Browser and Proxy" but there are no settings for the username and password. Is there some other way that I can add these.
  The problem is that whenver JDeveloper wants to do some http stuff it (or something else is doing it) asks me for the proxy user name & password - this happens over and over again. If JDev is doing this then surely it should remember the username & password.
  I sometimes get a JDeveloper dialog "waiting for the connection" come up over the proxy auth dialog and I have to cancel the function so I can authenticate, then re-request the function.
  I wish I didn't have the proxy authentication but I have no choice in this dev environment. I do get to choose JDeveloper at least.
  Regards,
  Simon.

  Hi,
  I get it when I 'check for updates' and I get it again when I 'go to JavaDoc' - and this is the one where the "waiting for connection dialog" pops on top of the proxy log in and I have to cancel it to log in. Then all subsequent 'go to JavaDoc' requests go straight through.
  I would prefer it if I could just configure (in proxy preferences) the username and password so it never asks me. I dont care if it less secure storing the password since I think authenticating proxies are a dumb idea anyway. If the password is not supplied then JDev can ask for it like it does now to keep the security-paranoid people happy.
  Also, this morning I got this Exception which appeared at the same time I got a proxy auth window. When JDev finally started all my previously open windows were lost. No real problem but unexpected. Here is the stack dump:
  java.lang.NullPointerException
       at oracle.jdevimpl.webdav.api.DAVAuthenticator.getPasswordAuthentication(DAVAuthenticator.java:79)
       at java.net.Authenticator.requestPasswordAuthentication(Authenticator.java:300)
       at sun.net.www.protocol.http.HttpURLConnection$1.run(HttpURLConnection.java:267)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.net.www.protocol.http.HttpURLConnection.privilegedRequestPasswordAuthentication(HttpURLConnection.java:263)
       at sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication(HttpURLConnection.java:1427)
       at sun.net.www.protocol.http.HttpURLConnection.resetProxyAuthentication(HttpURLConnection.java:1246)
       at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:950)
       at oracle.ide.net.HttpURLFileSystemHelper.exists(HttpURLFileSystemHelper.java:191)
       at oracle.jdevimpl.webdav.net.WebDAVURLFileSystemHelper.exists(WebDAVURLFileSystemHelper.java:423)
       at oracle.ide.net.URLFileSystem.exists(URLFileSystem.java:498)
       at oracle.ideimpl.editor.EditorUtil.getNode(EditorUtil.java:126)
       at oracle.ideimpl.editor.EditorUtil.loadContext(EditorUtil.java:91)
       at oracle.ideimpl.editor.TabGroupState.loadStateInfo(TabGroupState.java:950)
       at oracle.ideimpl.editor.TabGroup.loadLayout(TabGroup.java:1758)
       at oracle.ideimpl.editor.TabGroupXMLLayoutPersistence.loadComponent(TabGroupXMLLayoutPersistence.java:31)
       at oracle.ideimpl.controls.dockLayout.DockLayoutInfoLeaf.loadLayout(DockLayoutInfoLeaf.java:123)
       at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:631)
       at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:628)
       at oracle.ideimpl.controls.dockLayout.AbstractDockLayoutInfoNode.loadLayout(AbstractDockLayoutInfoNode.java:614)
       at oracle.ideimpl.controls.dockLayout.DockLayout.loadLayout(DockLayout.java:302)
       at oracle.ideimpl.controls.dockLayout.DockLayoutPanel.loadLayout(DockLayoutPanel.java:128)
       at oracle.ideimpl.editor.Desktop.loadLayout(Desktop.java:353)
       at oracle.ideimpl.editor.EditorManagerImpl.init(EditorManagerImpl.java:1824)
       at oracle.ide.layout.Layouts.activate(Layouts.java:758)
       at oracle.ide.layout.Layouts.activateLayout(Layouts.java:179)
       at oracle.ideimpl.MainWindowImpl$2.runImpl(MainWindowImpl.java:734)
       at oracle.javatools.util.SwingClosure$1Closure.run(SwingClosure.java:50)
       at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:199)
       at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
       at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
       at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)

• User authentication for webservices

  Hi,
  I am using Oracle R12.
  I want to know how oracle handles user authentication when calling custom APIs through Integrated SOA Gateway.
  I know that we are using security headers to do this.  The header part is given below.
     <soapenv:Header>
       <xx:SOAHeader>
          <xx:Responsibility>INVENTORY_VISION_OPERATIONS</xx:Responsibility>
          <xx:RespApplication>INV</xx:RespApplication>
          <xx:SecurityGroup>STANDARD</xx:SecurityGroup>
          <xx:NLSLanguage>AMERICAN</xx:NLSLanguage>
          <xx:Org_Id>204</xx:Org_Id>
       </xx:SOAHeader>
       <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <wsse:UsernameToken wsu:Id="UsernameToken-1">
             <wsse:Username>uname</wsse:Username>
             <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
             <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rerr6et6eHFV</wsse:Nonce>
             <wsu:Created>2013-02-13T08:58:50.649Z</wsu:Created>
          </wsse:UsernameToken>
       </wsse:Security>
    </soapenv:Header>
  But when a person is simply logging in to the application how can we choose a responsibility without know what responsibilities a person has?
  The  <xx:SOAHeader></xx:SOAHeader> is not mandatory. So can i simply not pass this header? Or is there a default responsibility that can be specified for all users?
  Also in what scenarios is the <wsse:Security> header not required? I recently checked and found that even without providing the Security header, it is possible to execute service in ISG. Hence the question.
  Thanks,
  Anoop

  Hi,
  Ok, so you want to know for an user , what responsibility you should use in order to be able to perform the invocation?
  Here is an example for Sysadmin user
  Select usr.user_name,usr.user_id, resp.RESPONSIBILITY_NAME ,
  resp.RESPONSIBILITY_KEY, grp.SECURITY_GROUP_KEY, grp.SECURITY_GROUP_ID,
  APP.APPLICATION_SHORT_NAME ,APP.APPLICATION_ID
  From FND_USER_RESP_GROUPS furg, FND_USER usr, fnd_responsibility_vl
  resp,FND_SECURITY_GROUPS grp,FND_APPLICATION APP
  where furg.user_id=usr.user_id
  and furg.RESPONSIBILITY_ID=resp.RESPONSIBILITY_ID
  and furg.SECURITY_GROUP_ID=grp.SECURITY_GROUP_ID
  and furg.RESPONSIBILITY_APPLICATION_ID=APP.APPLICATION_ID
  and usr.user_name='SYSADMIN'
  regards
  Mihai

• Digest Authentication with OC4J standalone

  Hi,
  I am using oc4j 9.0.3 standalone web container . I used axis application as soap engine for deploying a web service in the oc4j . I want to implement HTTP digest authentication for my webservice.
  I am forced to use the same verison of OC4J due to some reasons. Could anyone help me in knowing the procedure for the HTTP digest authentication implementation using oc4j903 asap.
  Advance thanks for help

  could anyone please reply to this thread asap

• Httpurlconnection digest authentication

  We have an applet which runs after requesting a page from an http server. This applet then makes thousands of http requests (SOAP) to the same server. Our problem is that when we set the server to require digest authentication for the soap service, the httpurlconnection is sending the soap request, getting back an unauthorized, then sending the auth information with the next request. So every request is getting huge overhead, 2 round trips, when it should be 1. For the first request, java vm pops up its little window and asks for credentials, then for the rest of the requests it uses those same credentials, but does not automatically send them until the server requests them. How can I set it so that for each request, it automatically sends the credentials with the cnonce, instead of sending no credentials, getting an unauthorized reply, then sending again with the credentials? I tried System.setProperty("http.auth.digest.validateServer", "true");, but that did not change anything. All help is appreciated.

  A brute-force way I have discovered is to clear out the entire AuthCacheValue map:
  AuthCacheValue.setAuthCache(new AuthCacheImpl());
  However, both AuthCacheValue and AuthCacheImpl are part of the sun.net.www.* classes, so this method would be very fragile and raises issues of incompatibility.