Basic HTTP Authentication

Hi everyone,
I'm trying to make a portal/gateway environment where a user can be automatically logged in other applications using Basic HTTP Authentication.
To do this I have enabled the Basic HTTP Authentication in the psconsole (under Secure Remote Access > default > Core).
I have also added a couple of LDAP attributes in the Portal LDAP: sunPortalGatewayWWWAuthorization.
Are these the only two steps needed? Or am I forgetting something?
Could someone tell me how the values in the sunPortalGatewayWWWAuthorization can be formed? I am currently using someone else's code, which used to work on a Portal Server 6 environment. I'm not sure if I understand well how those Basic Authentication values are formed.
Thanks a lot!
Sten

Thank you Yvan, for your reply.
I have looked at the Access Manager in the old environment, and did not see any SSO functionality being enabled.
The old environment does not have a psconsole, so I was not able to check the settings over there.
What bothers me, is that I do not know what kind of values should be stored in the sunPortalGatewayWWWAuthorization attribute. A basic http authentication string would look like this: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
(This would be a Base64 encoding of Aladdin:open sesame).
But in the Portal LDAP it seems that everything is encoded in Base64. As far as I understand the code is doing the following:
- Make-up string: "+hostname+|Authorization: Basic +username+:+password+"
- additionally, it looks like the whole string is being encrypted too, using a PBEWithMD5andDES algorithm
Is this a requirement for the Gateway? Or is this for some kind of security reason? And is this correct?
Thanks,
Sten

Similar Messages

Basic http authentication not working when consuming Web Service in BPEL.

Hi,
I am consuming an AXIS Web Service from BPEL 10.1.3. The Web Service uses basic http
authentication so we need a way to get username and password into the http
header. In the Oracle BPEL Process Manager Administrator's Guide 10g
(10.1.3.1.0) section 1.3.4.1 HTTP Basic Authentication (10.1.2.0.2) is stated
that this can be done using the properties httpUsername and httpPassword. I
have set the 2 for the partner link in bpel.xml but username and password does
not get in to the http header. Has anybody got an idea?
Regards Pete

I'm having the same sorts of problems with 10.1.3.1.0. I've got a deployed BPEL suitcase that's trying to hit a BASIC AUTH-secured web service running on a WebLogic 8.1 server. I've set up my partner link according to the documentation, and the BPEL console Descriptor tab even shows the parameters correctly:
partnerLinkBindings
client
     wsdlLocation      awardService.wsdl
spsAwardSubmitPartnerLink
     basicHeaders      credentials
     basicUsername      ko1
     basicPassword      xxxxx
     wsdlLocation      IAwardDraftServiceRef1.wsdl
However, when I funnel the resultant call to the endpoint specified in IAwardDraftServiceRef1.wsdl, none of the fields I would expect show up in the HTTP header:
POST /pd2WebServices/service/IAwardDraftService HTTP/1.1
Host: vm-orcl-app-srv:4444
Connection: Keep-Alive, TE
TE: trailers, deflate, gzip, compress
User-Agent: Oracle HTTPClient Version 10h
SOAPAction: ""
Accept-Encoding: gzip, x-gzip, compress, x-compress
Content-type: text/xml; charset=UTF-8
Content-length: 3800
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Body><IAwardDraftSubmitNew xmlns="http://www.caci.com/pd2/pub">
<IAwardDraft>
<accessController/>
<agreementEndDate/>
Is there some other configuration piece I'm missing?? I've tried the other variation using httpBasicHeaders, with the same results. I even noted that the "Oracle® BPEL Process Manager Administrator's Guide" says that "Starting with Oracle BPEL Process Manager release 10.1.3, all partner link properties are automatically propagated into the HTTP header." I've tried putting "extra" parms in the partner link bindings, but they don't show up either.
What am I missing??
Thanks,
Mike

Embedding basic http authentication credentials in JNLP file

I want to embed basic http authentication credentials in the JNLP file.
Basically, I want the jars to be behind basic http authentication in order to distribute the application only to authorized users (I understand this is not strong security, but it's fine for my purposes) who are all on Windows, and once the java app is initially installed, I never want to have to enter the http login credentials again.
So I set up the http authentication and in the jnlp file I have:
<jnlp
spec="1.5*"
codebase="http://username:[email protected]"
href="program.jnlp">
This doesn't seem to phase the JWS authenticator. So on the first launch from the desktop shortcut I put the credentials in manually and select "save this password in my password list". It seems like I'm in the clear as the next time I launch the application from a desktop shortcut I am not asked for any credentials, but every time the Windows machine is restarted, I get the JWS authenticator again...the password is no longer saved.
Is there a way to embed the username/password in the JNLP file to get past the JWS authenticator without having to retype the username and password every time the machine is restarted? Or to permanently save the password in the JWS authenticator password list? Or any other way to set it up where once the application is initially installed, the http authentication credentials never have to be manually entered again?
Thanks!

Hi everybody,
I manage to do almost all (I suppose), but I need last help.
Through SM59 I created the HTTP Destination needed; then, I implemented the code given by SAP here:
http://help.sap.com/saphelp_47x200/helpdata/en/2d/64d053e74911d6b2e400508b6b8a93/content.htm
I ran the program, and it gives me the error: "Binder not found for soapAction = null.
I suppose that I should give the link to the soapAction, but I don't know where in the code.
Have you any idea?
Thanks and Regards,
Francesco

Internationalizing Basic HTTP authentication browser dialog for UserID

Is it possible to have multibyte user ID for Basic HTTP authentication? Based on RFC2617 user ID has to be *Text, which basically is ASCII. But I thought maybe someone has a workaround for this limitation. Our entire web app is internationalized, we use UTF-8 as encoding for JPS pages and request processing, and that all works fine, but there is one area where we use Basic HTTP authentication, and so far I was not able to find a way to internatianalize that. Once the resource is reqested, we process request in the servlet and if the user is not authenticated we send authentication challenge response to the browser. Response encoding is set to UTF-8. After user enters the credentials, I process those in the same servlet , again using UTF-8. Of course when I tried to input the japanese ( multibyte)userID, the authentication is failing. I think the browser is corrupting DBCS data once it Base64 encodes it... Does anyone have ideas whether it is possible to internationalize this at all?

You'll probably need your own ServletFilter to process the authentication header, since servers will mostly decode headers in the locale encoding, regardless of any charset in the Content-type header of the request. Getting browsers to use UTF-8 encoding before base64 might be a bit tricky though.
It is probably better to use form based login. The procedure for getting UTF-8 encoded form parameters is a well understood FAQ for this forum.

JAAS NTLoginModule for basic http authentication

Hi all,
Can someone point me to the right direction on this subject? I'd like to use JAAS' NTLoginModule to get a user's credentials, then use those credentials to authenticate the user into something that requires a basic http authentication... specifically, a domino web service. (I don't want the user to have to type in his/her password).
First, is this even doable? and Second, what would I need to do to get this working?
Thanks in advance.

I am using IIS 6 with Windows Integrated Authentication which passes all HTTP requests to Tomcat 5.5 for processing via the ISAPI plug-in jk1.2 It does nothing else. Don't ask the obvious, I can't tell you. It just is.
I have a new requirement for a new web application on our intranet. I would like to be able to identify my users without them typing anything in. How can I capture any part of the Window's user credential's from within my Java web application on Tomcat?
I'm looking at HttpServletRequest.getRemoteUser() and HttpServletRequest.getUserPrincipals() and I'm thinking I can (minus establishing my own Tomcat realms, etc...).
Any thoughts? Even if you don't know how, just tell me if you know this can be/is being done somewhere.

Performing Basic HTTP Authentication on the iPhone

Hi,
I need to perform a HTTP Request with Basic Authentication on the iPhone. To perform the request I use the NSURLConnection and NSMutableURLRequest. The request basically works but I can't get the authentication working. Is there a "convenient" way to do HTTP authentication or do I have to do it by hand?
Best regards,
Michael

Ok thanks - that explains it:
From the Apple article: "
Note: Touch ID cannot be used for purchases if Require Password in Settings > General > Restrictions is set to Immediately."
Not sure why - but clearly intentional.

Removing Basic HTTP Authentication required by Adapter Engine

Hi guys,
can you please help me with this issue? I'm sending a SOAP requests to PI but I need to remove required authentication by WAS as the sending system is not able to provide username and password.
Thank you,
Peter

Peter,
AFAIK if you remove authentication, it will remove it for all the SOAP scenarios and cannot be achieved for a single scenario.
Check the reply from Bhavesh in this thread:
Re: SOAP User ID/Password - Authoraization
If you want to refer more similar threads check this:
https://forums.sdn.sap.com/search.jspa?threadID=&q=%22remove+authentication%22&objID=f44&dateRange=all&numResults=15&rankBy=10001
Regards,
Neetesh

Http authentication code

how to generate basic http authentication code of type digest(auth_type="digest") using jdeveloper,

When the following code is used to authenticate the HTTP send request using "digest" authentication type. It gives the error below.
// authentication code
Properties props = new Properties();
props.put(OracleSOAPHTTPConnection.AUTH_TYPE, "digest");
props.put(OracleSOAPHTTPConnection.USERNAME, "userid");
props.put(OracleSOAPHTTPConnection.PASSWORD, "password");
m_httpConnection.setProperties(props);
//Error
[SOAPException: faultCode=SOAP-ENV:IOException; msg="WWW-Authenticate" header is incorrect; targetException=java.io.IOException: "WWW-Authenticate" header is incorrect]
     at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
     at oracle.soap.transport.http.OracleSOAPHTTPConnection.send(OracleSOAPHTTPConnection.java:765)
     at org.apache.soap.messaging.Message.send(Message.java:125)
     at mypackage1.SampleStub.Sample(SampleStub.java:184)
     at mypackage1.SampleStub.main(SampleStub.java:57)

Safari 5.1 HTML5 HTTP basic access authentication issue video does not load

I have a .m4v video referenced in a page with the HTML5 video tag in a folder which is in a password protected folder housed on iPage.
Safari 5.0.5 plays the video fine. Safari 5.1 fails to load/play the video in the protected folder. If I move the video to a not protected folder, Safari 5.1 plays it fine.
This is on iPage. Back on MobileMe all is fine with 5.1.
I think this is a HTTP basic access authentication issue with 5.1.
Anyone have similar issue? Work around?

Yes, I can also confirm this behaviour. This is in Safari 5.1.1, but I also see the exact same thing in WebKit nightlies.

Adobe PDF Viewer X in Safari 5 not displaying documents protected by HTTP Authentication

I have the latest Adobe Reader X release (10.0.0) for Mac OS X 10.6 in Safari 5.0.3. The PDF Viewer is unable to display files hosted on directories protected by HTTP Authentication. The progress bar keeps spinning forever.
I've tried it on several Macs and various Apache web servers, with both Basic and Digest Authentification.
Adobe PDF Viewer running on Mac OS X 10.5 doesn't have this problem. Adobe PDF Viewer X running on Windows XP with Safari 5 doesn't either. So it is specific to the latest release for Mac OS X 10.6.
Any idea for a fix? I can't revert to a previous version of Reader since the older plug-in doesn't run in 64-bit Safari (the default on Snow Leopard) - please don't tell me to force Safari to run in 32-bit mode.
Is it at least a known bug that will be fixed soon?

You mean disabling HTTP Authentication? Yes, of course. And it works without it. That's how I know that the cause of the problem is HTTP Authentication.

Webservice with HTTP authentication

Hi,
how do i supply the userid an password for a http authenticated webservice. I already choose the option for http authentication on the security tab on the logical port.
Alos tried to find it in the Visual Admin to the server but i am stuck.
Greetings Danny.

There are two ways to do this
<b>Option 1: Hard code the Username/Password</b>
For this, use the method _setUser and _setPassword.
These are methods for your model class Request_<WebService>_PortType.... (the model class for the webservice). I invoked these methods in the wdDoInit method of the component controller class.
For example, i imported the WSDL for the RFC SXMB_GET_MESSAGE_LIST and used it like this:
Request_SXMB_GET_MESSAGE_LISTPortType_SXMB_GET_MESSAGE_LIST oRequest =
new Request_SXMB_GET_MESSAGE_LISTPortType_SXMB_GET_MESSAGE_LIST();
oRequest._setUser("bcuser");
oRequest._setPassword("password");
<b>Option 2: Use HTTP Destinations</b>
Open Visual Administrator and goto node Services, Destination Service. Create a HTTP destination with the URL of the webservice, maybe choose basic authentication and give the username / password. Now, you could use this HTTP destination in the component controller class. Even though there is a method _setHTTPDestinationName, this did not work for me. I had to write the following code to retrieve the URL, username, password from the HTTP destination
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import java.net.HttpURLConnection;
     InitialContext ctx ;
     Object obj;
     DestinationService dstService;
     Destination destination;
     HTTPDestination httpDestination ;
     HttpURLConnection httpurlconnection = null;
     Properties destprop = null;
     String url = "";
     String username = "";
     String password = "";
          ctx = new InitialContext();
          obj = ctx.lookup(DestinationService.JNDI_KEY);
          dstService = (DestinationService) obj;
          destination = dstService.getDestination("HTTP","NC_IS");
          destprop = destination.getDestinationProperties();
          httpDestination = (HTTPDestination) destination;
          url = httpDestination.getUrl();
          username = destprop.getProperty("USERNAME");
          password = destprop.getProperty("PASSWORD");
(I know the java code sucks and the purists will hang me; nevertheless it works)
Besides the code, you need to do the following as well:
(1) In the Package explorer, select your project, right click, cick on "Set Additional Libraries.."
(2) Select security.class and tc/sec/destinations/interface
(3) Click on menu Project > Properties, goto Webdynpro refereces node in the tree and add the following
    (a) Interface References: tcsecdestinations~interface
    (b) Service References: tcsecdestinations~service
All the best, try option 1 first before you embark on the second one.
Regards, Parag.

HTTP Authentication problem

http authentication giving some errors, portion of oracle authentication working fine. Please help me.
Error is:
Warning: Cannot modify header information - headers already sent by (output started at d:\inetpub\wwwroot\vars.php:5) in
d:\inetpub\wwwroot\login.php on line 4
Warning: Cannot modify header information - headers already sent by (output started at d:\inetpub\wwwroot\vars.php:5) in
d:\inetpub\wwwroot\login.php on line 5
My softwares are:
PHP: 4.3.4
OS: Windows 2000 Server
Oracle 8i client;
Code is:
-------------------- login.php ------------------------
<?include"vars.php";?>
<?php
function authenticate() {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
exit();
if(!isset($PHP_AUTH_USER)) {
authenticate();
echo "Authorization Failed.";
exit;
}else {
$dbconn=ocilogon($dbUser,$dbPass,$dbName);
$parsed=ociparse($dbconn,"select username from users where username='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'");
ociexecute($parsed);
$nrows = ocifetchstatement($parsed, $results);
if ($nrows == 0) {
authenticate();
else {
for ($i = 0; $i < $nrows; $i++)
setcookie("USERID", $results["USERNAME"][$i]);
$UserID = $results["USERNAME"][$i];
?>
------------------- vars.php ----------------------
<?php
$dbUser="scott";
$dbPass="tiger";
$dbName="db";
?>

Is there any extra whitespace outside the <?php ?> tags?
It might be treated as HTML text and cause the default
header to be sent before authenticate() is called.
There is something similar mentioned in this thread:
Re: fetching blob results in "Call to a member function on a non-object "
-- CJ

HTTP Authentication Methods

Testing HTTP Authentication Methods for URL https://mail.domain.co.nz/rpc/rpcproxy.dll?cl-cas01.domain.local:6002.
The HTTP authentication test failed.
Tell me more about this issue and how to resolve it
Additional Details
Not all the required authentication methods were found.
Methods Found: Negotiate
Methods Required: NTLM
Any ideas how to get around this with the exchange connectivity tester? If I change from negotiate to basic or ntlm, I then have issues with clients on the local network.

This link does not work. Could you update this post with the information that helped fix your issue? I am receiving the same error. Everything works internally. I have a casarray with 3 client access servers. If I try and connect using Outlook Anywhere externally,
all the tests pass except for the last one which states:
Testing HTTP Authentication Methods for URL https://casarray.mydomain.com/rpc/rpcproxy.dll?casarray.mydomain.com:6002.
The HTTP authentication test failed.
Additional Details
An HTTP 500 response was returned from Unknown.
HTTP Response Headers:
Content-Length: 3423
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 03 Jun 2014 01:59:11 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 2135 ms.
Here is the full test:
Testing RPC/HTTP connectivity.
The RPC/HTTP test failed.
Additional Details
Elapsed Time: 10139 ms.
Test Steps
Attempting to resolve the host name casarray.mydomain.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: MyIpAddress
Elapsed Time: 262 ms.
Testing TCP port 443 on host casarray.mydomain.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 213 ms.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Additional Details
Elapsed Time: 1347 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server casarray.mydomain.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=casarray.mydomain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)14, OU=GT62161020, SERIALNUMBER=4/00u9cheL7q8Gq41IXnlvVd8mb8-rjb, Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US.
Elapsed Time: 1260 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name casarray.mydomain.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=casarray.mydomain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)14, OU=GT62161020, SERIALNUMBER=4/00u9cheL7q8Gq41IXnlvVd8mb8-rjb.
One or more certificate chains were constructed successfully.
Additional Details
A total of 1 chains were built. The highest quality chain ends in root certificate CN=GeoTrust Global CA, O=GeoTrust Inc., C=US.
Elapsed Time: 32 ms.
Analyzing the certificate chains for compatibility problems with versions of Windows.
Potential compatibility problems were identified with some versions of Windows.
Additional Details
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 4 ms.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.
Additional Details
The certificate is valid. NotBefore = 5/6/2014 10:15:31 AM, NotAfter = 5/9/2015 5:16:00 PM
Elapsed Time: 0 ms.
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.
Elapsed Time: 6179 ms.
Testing HTTP Authentication Methods for URL https://casarray.mydomain.com/rpc/rpcproxy.dll?casarray.mydomain.com:6002.
The HTTP authentication test failed.
Additional Details
An HTTP 500 response was returned from Unknown.
HTTP Response Headers:
Content-Length: 3423
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 03 Jun 2014 01:59:11 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 2135 ms.

Basic HTTP Auth in HTML component

When I use the HTML component in AIR and visit a page which
has basic HTTP Auth and enter the correct username/password the
credentials window just comes back up. In Firefox, IE, Safri and
Opera it seems to be working. Can anyone please help?

I checked out what is happening between HTMLLoader and your
site using Wireshark. Your site is configured to use
NTLM / Negotiate
authentication.
Hittting ok after entering the username and password seems to
send the Authenticate header correctly from AIR. Though I got the
dialog back because I do not know the correct credentials (and this
is supposed to work over the intranet only).
At a protocol level, nothing seems to be wrong. If you can
capture network traffic while using IE (where it works in your
case) and then using AIR, it would help us get to the
problem.

StageWebView HTTP authentication

Is there a way to perform basic authentication using StageWebView on mobile devices?
The problem is that mobile (iOS, Android) implementations don't provide authentication dialog and documentation about this is pretty unclear.
On this link: http://helpx.adobe.com/air/kb/stagewebview-differences-platforms-air-sdk.html it's suggested to use URLRequest as a workaround.
I made a test with URLLoader that successfully authenticates with HTTP headers provided through URLRequest and loads data from the same service but it doesn't affect StageWebView.
Am I doing something wrong or this just can't work?
Cheers,
Tomislav

Hi Tomislav,
I did not find a way to authenticate. What I did in the end is use a
proxy who authenticates for me. A lot of hassle for something simple
like http authentication but Adobe is not very helpful in resolving this
issue.
Hope a proxy also works for you.
Cheers,
Ron

Basic HTTP Authentication

Similar Messages

Maybe you are looking for