Authentication for Webservice
Hi All,
I have exposed my outbound interface as a webservice sucessfully
But the problem is I need to provide a User Id to contact XI SOAP adapter. I dont require any authentication for this webservice client. How can I disable the authentication check for this particular webservice.
I have seen some forum posts, which suggested me to make some modification in web.xml which will disable auth for all webservices. Is it possible for me to disable the authentication check only for this particular webservice?
Regards,
Jai Shankar
Jai,
><i>How can I disable the authentication check for this particular webservice.</i>
Check this thread. But this will turn of Authentication for all SOAP Sender Adapters.
User Names and Passwords in SOAP adapter
><i>I have seen some forum posts, which suggested me to make some modification in web.xml which will disable auth for all webservices. Is it possible for me to disable the authentication check only for this particular webservice?</i>
Its either for all SOAP adapters or for none . there is no middle ground.
Better way is to use Access Control List.
Regards
Bhavesh
Similar Messages
-
OSB: HTTP digest authentication for WebServices
Hi,
How do I configure HTTP digest authentication for WebServices offered by the OSB (Proxy Services with WS as transport)?
Best regards
DimoDid you figure out how to do it.?
-
Regarding Kerberos authentication for webservices.
Hi,
I need to use kerberos authentication for my receiver webservice. I am working in PI7.1 . Which adapter I can use for this ( WS-RM adapter or SOAP adapter) and How to configure it for kerberos. I mean, which value of authentication parameter refers to kerberos authentication.
Regards,
Reyaz hussainHi Reyaz,
To tell you frankly i never come across this kerberos protocol but since you would like to use there is certainly a chance after the launch of PI 7.1. The launch has Opened the Door to the World of Web Services Reliable Messaging. "The Integration Directory enables you to easily configure scenarios where the Integration Server acts as a message hub between WS-RM-enabled applications and any other application or technical system. Thus, you can configure scenarios where either a Web Service client calls the Integration Server and the message is then routed to any other application, or the other way around where any application calls a Web Service provider via the Integration Server. In the Integration Directory you can do the complete configuration of the Integration Server inbound or outbound processing."
https://www.sdn.sap.com/irj/scn/wiki?path=/display/profile/2007/07/25/new+news&focusedcommentid=44360
Regards
joel -
User authentication for webservices
Hi,
I am using Oracle R12.
I want to know how oracle handles user authentication when calling custom APIs through Integrated SOA Gateway.
I know that we are using security headers to do this. The header part is given below.
<soapenv:Header>
<xx:SOAHeader>
<xx:Responsibility>INVENTORY_VISION_OPERATIONS</xx:Responsibility>
<xx:RespApplication>INV</xx:RespApplication>
<xx:SecurityGroup>STANDARD</xx:SecurityGroup>
<xx:NLSLanguage>AMERICAN</xx:NLSLanguage>
<xx:Org_Id>204</xx:Org_Id>
</xx:SOAHeader>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>uname</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rerr6et6eHFV</wsse:Nonce>
<wsu:Created>2013-02-13T08:58:50.649Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
But when a person is simply logging in to the application how can we choose a responsibility without know what responsibilities a person has?
The <xx:SOAHeader></xx:SOAHeader> is not mandatory. So can i simply not pass this header? Or is there a default responsibility that can be specified for all users?
Also in what scenarios is the <wsse:Security> header not required? I recently checked and found that even without providing the Security header, it is possible to execute service in ISG. Hence the question.
Thanks,
AnoopHi,
Ok, so you want to know for an user , what responsibility you should use in order to be able to perform the invocation?
Here is an example for Sysadmin user
Select usr.user_name,usr.user_id, resp.RESPONSIBILITY_NAME ,
resp.RESPONSIBILITY_KEY, grp.SECURITY_GROUP_KEY, grp.SECURITY_GROUP_ID,
APP.APPLICATION_SHORT_NAME ,APP.APPLICATION_ID
From FND_USER_RESP_GROUPS furg, FND_USER usr, fnd_responsibility_vl
resp,FND_SECURITY_GROUPS grp,FND_APPLICATION APP
where furg.user_id=usr.user_id
and furg.RESPONSIBILITY_ID=resp.RESPONSIBILITY_ID
and furg.SECURITY_GROUP_ID=grp.SECURITY_GROUP_ID
and furg.RESPONSIBILITY_APPLICATION_ID=APP.APPLICATION_ID
and usr.user_name='SYSADMIN'
regards
Mihai -
Digest authentication for webservices
Hi,
Does WLS9.2 support digest authentication?
protocol described in RFC 2617 (http://www.ietf.org/rfc/rfc2617.txt)
ThanksDid you figure out how to do it.?
-
How to apply Authentication for a webservice getting SOAPFaultException :(
Hi ,
I am working with weblogic 10.1.3 and running build.xml in eclipse for EE
I would like to know the steps to include security parameters to authenticate with weblogic server and call webservice
I have written a build.xml that takes input as wsdl , When I run the build.xml it generates
all the necessary stubs and interfaces
I have written a main program that imports generated classes and invoke the webservice method
below are buidl.xml and two classes( main program and one java class) which I used to invoke webservice
Build.xml
=====
<project name="webservices-simple_client" default="all">
<!-- set global properties for this -->
<property name="wls.hostname" value="localhost" />
<property name="wls.port" value="8002" />
<property name="example-output" value="output" />
<property name="clientclass-dir" value="${example-output}/srcclasses" />
<property name="clientclassfiles-dir" value="${example-output}/classfiles" />
<path id="client.class.path">
<pathelement path="${clientclass-dir}" />
<pathelement path="${java.class.path}" />
</path>
<taskdef name="clientgen" classname="weblogic.wsee.tools.anttasks.ClientGenTask" />
<target name="clean">
<delete dir="${clientclass-dir}" />
<delete dir="../src/com/bea/wlcp/wlng/ws/presence" />
<delete dir="../src/org/csapi/schema/paralyx/common/v2_1" />
<delete dir="../src/org/csapi/schema/paralyx/presence/consumer/v2_3/local" />
<delete dir="../src/org/csapi/schema/parlayx/presence/v2_3" />
<echo message="Cleaning Completed" />
</target>
<target name="build-client">
<clientgen wsdl="http://${wls.hostname}:${wls.port}/parlayx21/presence/PresenceConsumer?WSDL" destdir="${clientclass-dir}" generatepolicymethods="true" packageName="com.bea.wlcp.wlng.ws.presence" />
<javac srcdir="${clientclass-dir}" destdir="${clientclassfiles-dir}" includes="*/.java" />
<copy overwrite="true" todir="../src">
<fileset dir="${clientclass-dir}" />
</copy>
<copy overwrite="true" todir="../src">
<fileset dir="${clientclassfiles-dir}" />
</copy>
<delete dir="${clientclass-dir}" />
<delete dir="${clientclassfiles-dir}" />
<echo message="Building Completed" />
</target>
<target name="all" depends="clean,build-client" />
</project>
======================================================
import java.net.URI;
import javax.xml.rpc.Stub;
import javax.xml.ws.BindingProvider;
import java.net.Proxy;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.List;
import weblogic.webservice.wsdl.WsdlPort;
import weblogic.wsee.connection.transport.http.HttpTransportInfo;
import weblogic.wsee.jaxrpc.ServiceImpl;
import org.csapi.schema.parlayx.common.v2_1.PolicyException;
import org.csapi.schema.parlayx.common.v2_1.SimpleReference;
import org.csapi.schema.parlayx.presence.consumer.v2_3.local.SubscribePresence;
import org.csapi.schema.parlayx.presence.consumer.v2_3.local.SubscribePresenceResponse;
import com.bea.wlcp.wlng.et.core.module.session_manager.GTUsernameTokenPolicy;
import com.bea.wlcp.wlng.et.core.module.session_manager.SessionManagerService_Impl;
import com.bea.wlcp.wlng.ws.presence.PresenceConsumer;
import com.bea.wlcp.wlng.ws.presence.PresenceConsumerService_Impl;
import com.bea.wlcp.wlng.ws.sessionmanager.SessionManager;
import com.bea.wlcp.wlng.ws.sessionmanager.SessionManagerService;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
@SuppressWarnings("deprecation")
public class Main {
@SuppressWarnings("unchecked")
public static void main(String[] args) throws javax.xml.rpc.ServiceException,PolicyException{
try{
/*PresenceConsumerService_Impl pcs_impl = new PresenceConsumerService_Impl("http://localhost:8002/parlayx21/presence/PresenceConsumer?WSDL");
PresenceConsumer pc = (PresenceConsumer) pcs_impl.getPresenceConsumer();
UserCredentialsvalidation gt = new UserCredentialsvalidation("sdpai","sdp");*/
SimpleReference rf = new SimpleReference();
rf.setCorrelator("correlatorid");
rf.setEndpoint(URI.create("http://localhost:8002/PresenceConsumerService/services/PresenceConsumer"));
rf.setInterfaceName("PresenceConsumer");
SubscribePresence sb = new SubscribePresence();
sb.setApplication("sdp");
sb.setPresentity(URI.create("tel:1234"));
sb.setReference(rf);
System.out.println(" Before calling subscribe presence ==" );
//SubscribePresenceResponse spr = pc.subscribePresence(sb);
System.out.println(" Hi There here 2226678565");
System.out.println(" Hi There here 333");
//raja
String strUrl = "http://localhost:8002/parlayx21/presence/PresenceConsumer?WSDL";
Stub objStub = (Stub) new PresenceConsumerService_Impl().getPresenceConsumer();
objStub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY,"sdpai");
objStub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY,"sdp");
objStub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY,strUrl);
PresenceConsumer port = (PresenceConsumer) objStub;
String returnVal = "";
System.out.println(" Hi There here 77");
SubscribePresenceResponse spr = port.subscribePresence(sb);
System.out.println(spr);
//ended here
catch(Exception e)
e.printStackTrace();
=======================================
UserCredentialsvalidation.java
import com.bea.wlcp.wlng.et.core.module.session_manager.SessionManagerService_Impl;
import com.bea.wlcp.wlng.schema.ews.common.ServiceException;
import com.bea.wlcp.wlng.ws.sessionmanager.SessionManager;
import com.bea.wlcp.wlng.ws.sessionmanager.SessionManagerService;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import javax.xml.rpc.Stub;
import java.util.ArrayList;
import java.util.List;
public class UserCredentialsvalidation implements PolicyBase {
private String username;
private String password;
public UserCredentialsvalidation(String username, String password) {
this.username = username;
this.password = password;
String sessionManagerURL="http://localhost:8002/session_manager/SessionManager";
SessionManagerService accessservice = null;
try {
accessservice = (SessionManagerService) new SessionManagerService_Impl(sessionManagerURL+"?WSDL");
SessionManager port = accessservice.getSessionManager();
System.out.println(" port >>>>>");
System.out.println(" port >>>>>" +port);
UserCredentialsvalidation pbase = new UserCredentialsvalidation();
pbase.prepareStub((Stub)port,username,password);
} catch (Exception e) {
System.out.println(" helo helo");
// TODO Auto-generated catch block
e.printStackTrace();
public UserCredentialsvalidation() {
// TODO Auto-generated constructor stub
public void prepareStub(Stub stub,String username,String password) throws Exception {
List<ClientUNTCredentialProvider> credProviders = new ArrayList<ClientUNTCredentialProvider>();
System.out.println(" username >>> " + username.getBytes());
System.out.println(" password >>> " + password.getBytes());
credProviders.add(new ClientUNTCredentialProvider(username.getBytes(),
password.getBytes()));
System.out.println("setting standard wssec");
stub._setProperty("weblogic.wsee.security.wss.CredentialProviderList",
credProviders);
System.out.println("Getting property from stub== " + stub._getProperty("weblogic.wsee.security.wss.CredentialProviderList"));
@Override
public void prepareStub(Stub port) throws Exception {
// TODO Auto-generated method stub
=========================================
When I run the main program I am getting below exception
Before calling subscribe presence ==
Hi There here 2226678565
Hi There here 333
Hi There here 77
java.rmi.RemoteException: SOAPFaultException - FaultCode {http://schemas.xmlsoap.org/soap/envelope/}Server FaultString Unable to add security token for identity FaultActor nullNo Detail; nested exception is:
weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Unable to add security token for identity
at com.bea.wlcp.wlng.ws.presence.PresenceConsumer_Stub.subscribePresence(PresenceConsumer_Stub.java:37)
at Main.main(Main.java:62)
Caused by: weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Unable to add security token for identity
at weblogic.wsee.codec.soap11.SoapCodec.decodeFault(SoapCodec.java:355)
at weblogic.wsee.ws.dispatch.client.CodecHandler.decodeFault(CodecHandler.java:115)
at weblogic.wsee.ws.dispatch.client.CodecHandler.decode(CodecHandler.java:100)
at weblogic.wsee.ws.dispatch.client.CodecHandler.handleFault(CodecHandler.java:88)
at weblogic.wsee.handler.HandlerIterator.handleFault(HandlerIterator.java:309)
at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.java:269)
at weblogic.wsee.ws.dispatch.client.ClientDispatcher.handleResponse(ClientDispatcher.java:213)
at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:150)
at weblogic.wsee.ws.WsStub.invoke(WsStub.java:87)
at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:337)
at com.bea.wlcp.wlng.ws.presence.PresenceConsumer_Stub.subscribePresence(PresenceConsumer_Stub.java:32)
... 1 more
Caused by: weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
at weblogic.wsee.security.wss.SecurityPolicyDriver.processIdentity(SecurityPolicyDriver.java:175)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:73)
at weblogic.wsee.security.WssClientHandler.processOutbound(WssClientHandler.java:71)
at weblogic.wsee.security.WssClientHandler.processRequest(WssClientHandler.java:55)
at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:74)
at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:141)
at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:107)
at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:132)
... 4 more
==========================================================
I am working for 3 days to solve this issue, but helpless
Please tell me I am going in right way , I read many forums and implemented different ways , but getting same problem, that too before calling webservice method .
Do i need to do anything more apart from adding username and password parameters
Please tell me the exact steps how to perform authentication with webservices
Your answer will help me a lot .
Thanks in Advance
Regards
RajasekharPlease find the modified file Main.java
import java.net.URI;
import javax.xml.rpc.Stub;
import javax.xml.ws.BindingProvider;
import java.net.Proxy;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.List;
import weblogic.webservice.wsdl.WsdlPort;
import weblogic.wsee.connection.transport.http.HttpTransportInfo;
import weblogic.wsee.jaxrpc.ServiceImpl;
import org.csapi.schema.parlayx.common.v2_1.PolicyException;
import org.csapi.schema.parlayx.common.v2_1.SimpleReference;
import org.csapi.schema.parlayx.presence.consumer.v2_3.local.SubscribePresence;
import org.csapi.schema.parlayx.presence.consumer.v2_3.local.SubscribePresenceResponse;
import com.bea.wlcp.wlng.et.core.module.session_manager.GTUsernameTokenPolicy;
import com.bea.wlcp.wlng.et.core.module.session_manager.SessionManagerService_Impl;
import com.bea.wlcp.wlng.ws.presence.PresenceConsumer;
import com.bea.wlcp.wlng.ws.presence.PresenceConsumerService_Impl;
import com.bea.wlcp.wlng.ws.sessionmanager.SessionManager;
import com.bea.wlcp.wlng.ws.sessionmanager.SessionManagerService;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
@SuppressWarnings("deprecation")
public class Main {
@SuppressWarnings("unchecked")
public static void main(String[] args) throws javax.xml.rpc.ServiceException,PolicyException{
try{
/*PresenceConsumerService_Impl pcs_impl = new PresenceConsumerService_Impl("http://localhost:8002/parlayx21/presence/PresenceConsumer?WSDL");
//PresenceConsumer pc = (PresenceConsumer) pcs_impl.getPresenceConsumer();*/
UserCredentialsvalidation gt = new UserCredentialsvalidation("sdpai","sdp");
SimpleReference rf = new SimpleReference();
rf.setCorrelator("correlatorid");
rf.setEndpoint(URI.create("http://localhost:8002/PresenceConsumerService/services/PresenceConsumer"));
rf.setInterfaceName("PresenceConsumer");
SubscribePresence sb = new SubscribePresence();
sb.setApplication("sdp");
sb.setPresentity(URI.create("tel:1234"));
sb.setReference(rf);
System.out.println(" Before calling subscribe presence ==" );
//SubscribePresenceResponse spr = pc.subscribePresence(sb);
System.out.println(" Hi There here 2226678565");
System.out.println(" Hi There here 333");
//raja
String strUrl = "http://localhost:8002/parlayx21/presence/PresenceConsumer?WSDL";
Stub objStub = (Stub) new PresenceConsumerService_Impl().getPresenceConsumer();
objStub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY,"sdpai");
objStub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY,"sdp");
objStub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY,strUrl);
PresenceConsumer port = (PresenceConsumer) objStub;
String returnVal = "";
System.out.println(" Hi There here 77");
SubscribePresenceResponse spr = port.subscribePresence(sb);
System.out.println(spr);
//ended here
catch(Exception e)
e.printStackTrace();
==============================
When I run the main program getting below exception
port >>>>>
port >>>>>com.bea.wlcp.wlng.ws.sessionmanager.SessionManager_Stub@19c0bd6
username >>> [B@1cd280b
password >>> [B@29ac
setting standard wssec
Getting property from stub== [[ClientUNTCredentialProvider: username=sdpai password=is set]]
Before calling subscribe presence ==
Hi There here 2226678565
Hi There here 333
Hi There here 77
java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://schemas.xmlsoap.org/soap/envelope/}Server] FaultString [Unable to add security token for identity] FaultActor [null]No Detail; nested exception is:
weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Unable to add security token for identity
at com.bea.wlcp.wlng.ws.presence.PresenceConsumer_Stub.subscribePresence(PresenceConsumer_Stub.java:37)
at Main.main(Main.java:62)
Caused by: weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Unable to add security token for identity
at weblogic.wsee.codec.soap11.SoapCodec.decodeFault(SoapCodec.java:355)
at weblogic.wsee.ws.dispatch.client.CodecHandler.decodeFault(CodecHandler.java:115)
at weblogic.wsee.ws.dispatch.client.CodecHandler.decode(CodecHandler.java:100)
at weblogic.wsee.ws.dispatch.client.CodecHandler.handleFault(CodecHandler.java:88)
at weblogic.wsee.handler.HandlerIterator.handleFault(HandlerIterator.java:309)
at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.java:269)
at weblogic.wsee.ws.dispatch.client.ClientDispatcher.handleResponse(ClientDispatcher.java:213)
at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:150)
at weblogic.wsee.ws.WsStub.invoke(WsStub.java:87)
at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:337)
at com.bea.wlcp.wlng.ws.presence.PresenceConsumer_Stub.subscribePresence(PresenceConsumer_Stub.java:32)
... 1 more
Caused by: weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
at weblogic.wsee.security.wss.SecurityPolicyDriver.processIdentity(SecurityPolicyDriver.java:175)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:73)
at weblogic.wsee.security.WssClientHandler.processOutbound(WssClientHandler.java:71)
at weblogic.wsee.security.WssClientHandler.processRequest(WssClientHandler.java:55)
at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:74)
at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:141)
at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:107)
at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:132)
... 4 more -
Using Web Dynpro authentication for a Web Service call
Hi all,
I want to develop a Web Dynpro that calls a Web Service running on the same Web AS (7.0). The Web Dynpro will be integrated in a Portal. The web service that has to be called is automatically generated when we create a guided procedure :
http://help.sap.com/saphelp_nw2004s/helpdata/en/44/44c59fd7c72e84e10000000a155369/frameset.htm
In my Web Dynpro, I imported the WSDL of this WS and created a model.
The first time I tried to call the WS in my Web Dynpro I got an authentication error :
Service call exception; nested exception is: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://<myHostName>:50100/GPRuntimeFacadeWS/GPProcessExposing?style=document&pid=CA544E9B629A11DB91480017A48D672A&pver=0.5"
So I hard-coded an HTTP authentication :
model._setUser("myWASuser");
model._setPassword("myPassword");
And the Web Service call now works.
Now the next step is that the WS call is made by the user that runs the Web Dynpro. So I found this documentation :
http://help.sap.com/saphelp_nw04/helpdata/en/59/e8e95d1eba48dfa86ae91ad8816f5d/frameset.htm
It would resolve my authentication problem, AND the transport issue : at the moment the Web Service URL is stored in the Logical Port of the WD model, and at transport time, a rebuild of the WD project will be needed.
So I applied what is said in the doc : from the point of view of the Web Service consumer, I just had to add :
model._setHTTPDestinationName("STARTGP");
(where STARTGP is the name of the destination I created in the Visual Administrator with a "Logon Ticket" authentication.)
before the execute(), and I removed my hardcoded authentication.
Unfortunately, nothing changes... I still get a 401 authentication error.
Does anyone have an idea about this ? Or maybe a workaround ?
Thanks in advance for any suggestion.
Regards,
JulienHello Julien,
I have a scenario similar to yours. A client webdynpro application accessing a EJB methods exposed as web service. Those EJB's methods calls R3 RFC's. The client requirements' was to allow SSO through all the layers (Webdynpro -> EJB WS -> RFC). The Webdynpro and EJB's are deployed on the same WAS.
Solution:
1 - Create a RFC Destination on Visual Administration provide the R3 connection parameters and set the Authentication for "Current User (Logon Ticket)". Save your Destination;
2 - In your EJB Project open your Web Service Configuration, on the Security page, set:
Authentication Mechanism: HTTP Authentication
Basic (username/password)
Use SAP Logon Ticket
3 - In your EJB, implement the following code to create JCO Client for the RFC invocations:
Object obj = ctx.lookup(DestinationService.JNDI_KEY);
DestinationService dstService = (DestinationService) obj;
RFCDestination dst = (RFCDestination) dstService.getDestination("RFC", "<YOUR_RFC_DESTINATION_NAME>");
Properties jcoProperties = dst.getJCoProperties();
JCO.Client jcoClient = JCO.createClient(jcoProperties);
4 - In your EAR Project, open your "application-j2ee-engine.xml" and add the References:
"tc/sec/destinations/service" as Service
"tc/sec/destinations/interface" as Interface.
5 - Create your EAR File and Deploy;
6 - Check if the web service now requires Authentication: go to http://<host>:<port>/index.html and click on Web Services Navigator. Test your Web Service. Your Web Service should requiere you to log in before execute the test;
7 - Go back to your Visual Administrator and create a HTTP Destination. Provide your WS URL (should be something like "http://<host>:<port>/<WS_NAME>/Config1?style=document"). Choose Authentication: Logon Ticket. Save your Destination;
8 - Go to your webdynpro project, import your WS Model. (If you have already created it, you have to delete it and import it again, refer to this blog on how to reimport WS Models: /people/bertram.ganz/blog/2005/10/10/how-to-reimport-web-service-models-in-web-dynpro-for-java How To Reimport Web Service Models in Web Dynpro for Java );
9 - Open your model's Logical Ports node, go to the Security tab, and choose "Use SAP Logon Ticket";
10 - In your webdynpro code, before you call the ws invocation (should be something like that: <YOUR_NODE_DEFINITION>.modelObject().execute();), include the following line:
<YOUR_NODE_DEFINITION>.modelObject()._setHTTPDestinationName("<YOUR_HTTP_DESTINATION_NAME>");
11 - Save All Metadata and deploy your Webdynpro App. Test your results.
I hope it helps you, as the documentation on how to implement this scenario is scattered through the SDN and all the SAP help portal.
Best regards,
Paulo. -
hi,
I am setting authentication for ADS. When i click on Webservice security, under services, i get "Error while loading service web service security" in visual admin.
Can you also add a point as to why do we need ads authentication.I was accessing Visual Administrator thorugh my local file (by Pasting the server directories ) system and connecting to a remote server.hence i had issues.
Solution is to access visual admin directly from the server where it is installed. -
User Authentication for Web Services
Hi,
I am developing a web services that resides in Intranet. Thus, would like to implement application layer of user authetication, i.e. to match the input user name and password against Database record through a web service logon() method. If authentication is passed, the client program is allowed to call subsequence web service methods, else exception needs to be thrown when calling subsequence methods.
As understand that each method call to web services is treated seperately. Thus, how can we implement the authentication so that the client program only passes in the user name and password at once through logon() method, instead of perfoming the authentication for each method?
Appreciate the advice. Thanks.Hi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks. -
"Team Foundation Server" is preventing authentication for whole team !!
I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
1st
Error (from administrative events):
The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception.
More information is included below.
Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
Tried so far:-
- changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
2nd
Error (from application server):
DistributedCOM error
The application-specific permission settings do not grant
Local Activation permission for the COM Server application with CLSID
{000C101C-0000-0000-C000-000000000046}
and APPID
{000C101C-0000-0000-C000-000000000046}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20)
from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
Other
Fixes I tried
- Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
loading up using w3wp.exe from processes.
Concern
- by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?Hi Amr,
For your first error, you can change the "Diagnostic Logging" path, aslo change the path of the usage and health data connection the same with your ULS log location. Check this
blog for more detils and make sure you follow the instructions. Restart SharePoint tracing service after the operations. You can also check this
thread for more references. If you still have any other concerns about SharePoint, you can open a new thread in SharePoint forum for a better response.
About the second error, seems it's not related to TFS. You can also run TFS best practice analyzer to check if there any configuation issues on your application tier server. However, you can also refer to this
blog
to get this issue resolved. If the problem persists, you can elaborate more details about your scenario and the reproduce steps or open a new thread related forum.
Best regards, -
I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
1st Error (from administrative events):
The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception. More information is included below.
Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
Tried so far:-
- changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
2nd Error (from application server):
DistributedCOM error
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{000C101C-0000-0000-C000-000000000046}
and APPID
{000C101C-0000-0000-C000-000000000046}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
Other Fixes I tried
- Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
loading up using w3wp.exe from processes.
Concern
- by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?Hi Kpdn,
Thanks for your post.
All your participation and support are very important to build such harmonious/ pleasant / learning environment for MSDN community.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Open Authentication for Wireless Access
Hello,
The standalone implementation of an existing wireless network is configured as Open Authentication with a TKIP Cipher. The client key management is set to WPA PSK.
What exacly is the authentication for? I see that MAC and EAP are available options. Would these options be used to block or authorize the actual wireless devices that connect to the AP?
The next thing I see is Client Authenticated Key management and I am using WPA PSK. What exactly happens once I enter thsi PSK from the client? Is it only used to encrypt the data?
Thanks,
KevinHi Kevin,
Using WPA we can configure either Enterprise or pre shared key.. Enterprise comprises of EAP and pre shared key is just the PSK..
if we are using EAP then auth will be done by the RADIUS and the encryotion will still be TKIP.. now coming back to PSK, this is shared key which will authenticate the users locally...
EAP is more secured auth compared to PSK..
Now regarding the "auth open" line.. see there are 2 kinds of auth in 802.11.. here while using wireless we need to auth twice, dot11 authentication and followed by the psk or EAP auth.. the auth open statement will force us to get the dot11 auth successful and then we move towards needed auth like PSK or EAP.. and another is Shared auth is very similar to WEP using open auth!!
in the nut shel we have 3 kinds of auth..
1> open - Dot11 auth
2> Shared - Nothing but WEP
3> 802.1X suite - EAP
again, the below link may give you some insights as well!!
http://www.cisco.com/en/US/docs/wireless/access_point/12.2_13_JA/configuration/guide/s13auth.html#wp1035025
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra -
User Authentication for subfolder not working in Web Browser
We are using Oracle Application Server 10.1.2.3 and Database Server 10.2.0.5 for our application.
One of the functionalities of the Application is to send emails with attachments.
The logic is that the Application would generate the attachment file on the Application Server.
Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.
Exchange and Relay Server is also set in the Application.
The problem is that the folder containing the folder which stores the attachments is having user authentication set.
Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.
Alias created in httpd.conf
Alias /int-dir/ "/apps/interface/"
The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.
Application Server : 10.12.213.21
Database Server : 10.12.213.22
Email Server : 10.12.213.44
Configuration as per httpd.conf
Alias /int-dir/ "/apps/interface/"
<Location /int-dir/>
AuthName "Interface folder"
AuthType Basic
AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
require user scott
</Location>
<Location /int-dir/email>
Options Indexes Multiviews IncludesNoExec
Order deny,allow
Deny from all
Allow from 10.12.213.21
Allow from 10.12.213.22
Allow from 10.12.213.44
</Location>
Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :
http://10.12.213.21:7778/int-dir/ - it prompts for user authentication
However if we use the following URL :
http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.
I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.
Please help me if you can.
Thanking you in advance,
GLad to give any more information that i can.
dxbrockyThanks for your response. I fixed the problem by selecting "full site" or "full website" at bottom of the web page. After making this selection the zoom function returned. Thanks again for your interest.
-
How to set up and test the Basic Authentication for HTTP protocol
Hi,
I tried configuring the password based Basic Authentication for sending xml document using ebMS - HTTP protocol. I set username and password while configuring the transport server for both trading partners. I want to know, is that sufficient for basic authenticaton. When I open the URI http://localhost:7778/b2b/transportServlet, it is not asking any authentication (username/password). Please note that I have not used SSL certificate. Anyone please help me out to configure Basic authentication.Hi Ramesh,
Thanks for ur response. Could you please tell me where to set the Additional Transport header : authtype-basic#realm=myRealm(in which property file). In enqueue code, I could see the following attributes
queue
msgID
replyToMsgID
from
to
eventName
doctypeName
doctypeRevision
msgType
payload
attachment
subscriber
Is it possible to set username/password in the enqueue attributes?
Do i need to add username/password and Transport header in the input XML and defined that elements in xsd? -
Authentication for multiple AD domains
Hello,
Currently we have MS AD datasource as UME for all our internal portal users. We also have spnego setup for authentication for our EP 7.0 The user path and group path is of the form dc=dom1 dc=company dc=domain dc=com.
Now we are planning to add additional domains to authenticate users .
Will the configuration differ if they are maintained on a different ldap server altogether or when only the user and group paths are different for the new domains as shown below? The user path and group path is of the form dc=dom2,dc=company,dc=domain,dc=com and
dc=dom3,dc=company,dc=domain,dc=com.
It seems that we have to change the datasource file for the additional ldap scenario.But are both of these the same,Would appreciate if someone could clarify this.
RgdsVineeth,
Within the 1 file, you can setup n-number of datasources. Below is an example.
As for having SPNego work for only 1 of those datasources (AD domains), I can't say if that will work. We have SPNego working for all our domains. There is probably something you can do within AD or your domain controller to limit Kerberos authentication.
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->
<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
<dataSource id="PRIVATE_DATASOURCE1" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT"/>
<principal type="OOOO"/>
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT"/>
<principal type="OOOO"/>
</principals>
</responsibleFor>
<privateSection/>
</dataSource>
<dataSource id="PRIVATE_DATASOURCE2" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT"/>
<principal type="OOOO"/>
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT"/>
<principal type="OOOO"/>
</principals>
</responsibleFor>
<privateSection/>
</dataSource>
<dataSource id="PRIVATE_DATASOURCE3" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT"/>
<principal type="OOOO"/>
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT"/>
<principal type="OOOO"/>
</principals>
</responsibleFor>
<privateSection/>
</dataSource>
</dataSources>
Maybe you are looking for
-
MiniDP port doesn't play sound via HDMI
I have connected it from the computer to the HD tv, and the video works. But the sound will not transfer, The sound preferences doesn't show any outputs but the internal speakers, and I checked the MIDI setup Utility, and it also did not show it as a
-
Zoom in-out and rotation in trackpad
Zoom in-out and rotation in trackpad doesn't work in iPhoto, Aperture, Preview, Finder. Any solution? It works perfect at safari
-
Config Assistant Failover to boot interpreter
Toshiba Satellite 2805-S302 PIII 750 128MB Solaris 2.8 Feb 2000 no patches loaded/Linux/NT4 This is what I am getting from boot: SunOS Secondary Boot version 3.00 Solaris Intel Platform Edition Booting System Running Configuration Assistant... error:
-
Open .indd layout files in InCopy, different extension possible?
Hey, I'm trying to open InDesign layout files in InCopy, so I can edit the incx/icml files. The layout is opened by another application, which runs the default application, and for .indd thats InDesign and not InCopy. Inca files are not available. Is
-
MBP 2.2 (Presently) or iMac 2.4 2.8 20" or 24"????
I have the matte, 5 weeks old, never seems to run out of horse power, I guess I really love the displays and hope Apple offers them in the future. Anyway, I know with LEGIT iWork 08, Ilife 08, MS OFFICE, and more, that I could get at least $1800 (5 w