Disable JWS BASIC Auth dialog ?

Similar Messages

• OAM - Basic Auth dialog continues to show despite config.xml changes

  I have set enforce-valid-basic-auth-credentials to false in config.xml of the application domain I am running some apps from.
  The applications are all configured for BASIC authentication.
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>myrealm</realm-name>
  </login-config>
  The problem is that after logging on from the OAM default FORM page the Basic Authentication dialog is still being presented.
  I have referenced the following SR's to try find more info:
  OIM/OAM SSO Weblogic Authentication Pop up After Login [ID 1081011.1]
  OAM Configuration Steps Needed to Prevent a Second Authentication Prompt by Weblogic [ID 559442.1]

  The issue has been resolved.  There was no interesting work-a-round or fix involved.

• How to prevent basic auth dialog box?

  Hi all,
  I have a webservice protected with basic authtentication.
  From my understanding I thought it would be possible to prompt the
  user for a user name and password using a flex form and then do a
  setCredentials on the WebService object to provide the server with
  the needed info, thus avoiding the broswers dialog box.
  However this does not work and I still get the browser dialog
  box. Even worse if I log out of the flex application and try and
  log in as a new user it seems the old credentials are cached by the
  browser so the new user get security errors as the flex usernam and
  basic auth username do not match up. This is how the app has been
  coded.
  Any idea?
  thanks

  I'm sorry you're question is not clear to me. Please explain a bit further.
  tanzim                                                                                  
  If your query is resolved then please click on “Accept as Solution”
  Click on the LIKE on the bottom right if the post deserves credit

• Browser: Basic Auth login/password dialog has no "Remember Me" box, Browser re-requests password on every app restart

  Hi
  I'm new to BlackBerry and am at a loss how to solve this. Having to re-type Basic Auth l/p info *every* time after you restart Browser app just doesn't seem real in year 2013. Am I missing something obvious here?

  Here is the image above reposted - jpeg
  A new image that is png.  Hope this helps

• IE6 WinXP Java2 and Basic Auth

  This only happens on WinXP (Pro is what I'm using), not WinME, Win2K or Win98/Win98SE.
  When I request a page with an embedded Java applet (with applet tags) that is "protected" with Basic Auth over SSL I first enter the Basic Auth credentials (username/password) in the IE6 dialog and then a second dialog appears, a Java one, to enter the same Basic Auth credentials again.
  On Win2k/WinME/Win9x only once am I required to enter the BA credentials with the IE6 dialog.
  What's up?

  I solved the problem of the double Basic Auth sign-ins accessing a HTTPS/SSL page containing <APPLET> tags by disabling JRE 1.4 and reverting to JRE 1.3.1.
  IMHO, JRE 1.4 is seriously broken WRT SSL/<APPLET>/Basic Auth.

• Any way to set "enforce-valid-basic-auth-credentials" from the WL console?

  Someone recently advised me to set "enforce-valid-basic-auth-credentials" to "false" in my laptop config.xml to avoid some annoying login prompts to the application I'm deploying locally. I haven't tried this yet because I wanted to know if there was a page in the WebLogic admin console that can set this flag.
  If not, how exactly does this get set in the config.xml? Where does it go, and exactly what would the element look like?

  Hi David,
  <font color=red> Admin Console does not provide any feature to enable or disable "EnforceValidBasicAuthCredentials" </font><br>
  You can use WLST script If you don't have access to "config.xml" like following:
  "ChangeEnforceValidBasicAuthCredentials.py"
  connect('weblogic','weblogic','t3://localhost:7001')
  edit()
  startEdit()
  cd('SecurityConfiguration')
  cd('base_domain')
  set('EnforceValidBasicAuthCredentials','false')
  save()
  activate()
  print 'Now Restart Your Server...'Above is a Non-Dynamic Change...It means ...once you run the Script ..you need to restart the Server to reflact the changes...
  In the Above Script
  base_domain = is the Domain name
  weblogic= Admin UserName
  weblogic= Admin Password
  t3://localhost:7001 = Is the Admin Server URL
  How to run the above script:
  Before running the above WLST please run the "setWLSEnv.sh"/ "setWLSEnv.cmd". Then
  java weblogic.WLST /app/myScriptLocations/ChangeEnforceValidBasicAuthCredentials.py.
  Thanks
  Jay SenSharma
  http://middlewaremagic.com/weblogic  (Middleware Magic Is Here)

• LDAP Basic Auth with IAS6.0SP2

  Hi, has anyone been able to get this working? I can't find much documentation on it.
  My web.xml has:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>myrealm</realm-name>
  </login-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>myresource</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>myrole</role-name>
  </auth-constraint>
  </security-constraint>
  but I don't know what (if anything) I should put in the ias-web.xml.
  I've added my LDAP server to the configuration of the application server - but so far it doesn't even popup the authenication dialog box.
  Any clues?

  Hi, has anyone been able to get this working? I can't find much documentation on it.
  My web.xml has:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>myrealm</realm-name>
  </login-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>myresource</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>myrole</role-name>
  </auth-constraint>
  </security-constraint>
  but I don't know what (if anything) I should put in the ias-web.xml.
  I've added my LDAP server to the configuration of the application server - but so far it doesn't even popup the authenication dialog box.
  Any clues?

• Disable weblogic basic authentication from application side

  I am using a restful service for my application and i want to disable basic authentication of weblogic from application not from config.xml
  please help

  You can comment out the security constraint and login config in the web.xml of your application.
  <!--
  <security-constraint>
      <display-name>Constraint-0</display-name>
      <web-resource-collection>
        <web-resource-name>Constraint-0</web-resource-name>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>admin</role-name>
      </auth-constraint>
      <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
    </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config> -->
  -Faisal
  http://www.weblogic-wonders.com

• Forms based authentication + Basic authentication = no way to use the basic auth!!!!

  Hi,
  I setup a test sharepoint site, claims mode, with both the forms and basic authentication  enabled.
  I expect to see the page asking me which authentication method I want to use, but I never see this page!!!
  I have to select the windows authentication (NTLM or Kerberos) to see this page!
  why using only the Basic authentication did not prompt the user?
  and how to be authenticated using the basic authentication rather than the forms auth when both are enable for the same site?
  >I do NOT want to extend my site to have 2 zones... my question is ONLY with 1 zone configured.

  What is the business purpose for using Basic Auth over NTLM/Kerberos?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• SOAPProxyAdapter - BASIC Auth relay config

  I'm hoping I can use BlazeDS to solve a particular problem.
  A Flex client needs to connected to a SOAP service, which all works fine.  The service is communicated with over a SSL channel using Basic Authenication, and when a call is made the browser pops up a login box. 
  This is fine, but since there is no session as such (the browser resends authentication with each message) there is no means to implement a logout. 
  So ideally we would specify the username and password inside the Flex application, then these credentials could be discarded.  If I understand correctly, the Basic authentication dialog is shown when the first call is made to the webservice by design, and passing credentials which have been input into Flex will require use of the SOAPProxyAdapter.  This would seem to be confirmed by the fact even if the flex WebService setCredentials method is used, the basic box still appears.
  So I am planning to use a destination, and then use the setRemoteCredential method to relay authentication information entered into the flex app.
  With this config in proxy-config.xml:
  >   
  >       
  >      
  >            https://xxxx/xxxx/xxxx?wsdl
  >            https://xxxx/xxxx/xxxx
  >            xxxx
  >            xxxx
  >       
  >       
  >   
  The destination works perfectly, and I can call and interact with the service using the account specified in the xml file.  However, if I remove the remote-username and remote-password, and reconfigure my Flex app to initiate my generated service proxy as follows:
  > srv=new ProxyClass("WebserviceProxy");
  > srv.addgetRoleEventListener(getRole);//method on service
  > srv.addEventListener(FaultEvent.FAULT,fault);
  > srv.getWebService().setRemoteCredentials(username.text,password.text);
  > srv.getWebService().useProxy=true;
  Then I get the following:
  > 16:27:54,476 INFO  [AuthChallengeProcessor] basic authentication scheme selected
  > 16:27:54,492 INFO  [HttpMethodDirector] No credentials available for BASIC 'servicerealm'@localhost:8080
  I suspect that it must be possible, but there is some condition not being met and the credential is not being relayed.
  Have anyone had any success configuring the SOAPProxyAdapter to pass credentials specified in Flex to a remote web service?  Is there anything wrong in my approach?

  This has turned out to be due to the generated web service wrapper not providing the remote credentials when making requests. Not ideal but I am now tweaking the generated wrapper after any updates to the WSDL as follows:
  >private function call(operation:WSDLOperation,args:Object,token:AsyncToken,headers:Array=null):void
  > {
  >..snip...
  > if(!this.useProxy)
  > {
  > var dcs:ChannelSet = new ChannelSet();
  > dcs.addChannel(new DirectHTTPChannel("direct_http_channel"));
  > inv.channelSet = dcs;
  > }
  > else inv.setRemoteCredentials(_remoteUser,_remotePassword);
  > var processRes:AsyncResponder = new AsyncResponder(processResult,faultResult,wrappedData);
  > inv.invoke(message,processRes);
  > }
  > private var _remoteUser:String = "";
  > private var _remotePassword:String = "";
  > public override function setRemoteCredentials(remoteUsername:String, remotePassword:String, charset:String=null):void {
  > _remoteUser=remoteUsername;
  > _remotePassword=remotePassword;
  > super.setRemoteCredentials(remoteUsername,remotePassword);
  > }
  There is probably a far more elegant way to achieve this, but it does accomplish what I was after, so I won't be spending any more time looking at it.
  I've logged it against Flex Builder 3 - Web Service Introspection

• Web Services with HTTP Basic Auth

  Hi,
  I am having a problem connecting to web services which
  require HTTP Basic Authentication from a Flex application. I have
  useProxy set to true and call setRemoteCredentials prior to
  attempting the call, but the credentials do not appear to be set on
  the request (the request fails with fault.faultString = "HTTP
  request error", faultCode = "Server.Error.Request". The messages on
  the server indicate that the user name and password were not
  specified.
  I do have the proxy-config.xml file set up properly (I think
  -- I followed the example in the mx.rpc.soap.mxml.WebService class
  description, at least).
  I can verify that the WSDL (which doesn't require BASIC auth
  to access) is being loaded properly, but when I make the request,
  it fails. Is this a known problem?
  I am using Flex Builder 2.0.1 to build my SWF files.
  Thanks,
  Brendan

  Thanks for the pointer, I did try it, but it didn't help.
  As I said in the original post, the problem is with HTTP
  Basic Authentication, so adding a header for WSSE to the service
  request didn't help. It needs to be an HTTP Authorization header,
  not a SOAP Security header.
  Brnedan

• Dynamic proxy invokes basic auth web service

  My dynamic proxy client works fine with any web service except the basic auth secured one.
  I know how to use stub client to work around this issue. But I haven't found a way to get around when dynamic proxy clients are used.
  Any idea is appricated. Thanks

  Paula-
  Given that you can work around this issue with the stub client,
  you should be able to work around the issue in the dynamic proxy client
  in the same way-
  I am interested that you say workaround the issue with the stub client.
  Is there a problem that you have noted?
  If you can let me know how you worked this issue with the stub,
  and what problems you have specifically had with the dynamic proxy client
  I will look at the issue to see if it a bug.
  Please let me know what environment you are working in, the version of jaxrpc 1.x,
  what container, jdk or jre and a sample client program that would help me understand
  the problem.
  Thanks,
  Kathy

• Basic Auth with WebView

  Hello everyone,
  we have integrated some JavaFX components within a swing application recently. One of the components that we have decided to add is a WebView component that should access an html page with the account settings of the logged in user.
  However, this page has restricted access with HTTP Basic Auth type of authorization and for this reason the WebView gets the 401 HTTP error.
  Is it possible to perform the HTTP Basic Auth programmatically (by setting username and password) with the WebView?
  Thanks in advance for your help,
  LM

  I have solved by using java.net.Authenticator

• BASIC Auth

  I've got a J2EE application running under WL6.1 and that uses BASIC Auth. Durring
  development I need to test with various users. How do I log a user out so I can
  run the app under a different user?
  Thanks,
  Matt

  The following should work :
  a) use HttpSession.invalidate() to invalidate
  the current user session , and
  b) use HttpServletResponse.sendRedirect() to
  redirect to the main page.
  Let me know if it does not work.
  jason
  "Matt Connors" <[email protected]> wrote:
  >
  I've got a J2EE application running under WL6.1 and that uses BASIC Auth.
  Durring
  development I need to test with various users. How do I log a user out
  so I can
  run the app under a different user?
  Thanks,
  Matt

• Basic auth interop problem, servlet WS works, EJB WS not (Sun AS 8)

  After spending some time I managed to add HTTP basic auth to a simple web service. I have implemented two variants, an JAX-RPC servlet web service and an EJB web service.
  A (Sun) JAX-RPC client works pretty well against both web services. I do the required steps with the stub (set user/pwd) and things work. I do get the correct principal in the server side, fine.
  When I do NOT set the authentication properties at the stub, the servlet based WS responds something like HTTP error 403 (?) or so, which leads to "authentication required". The EJB based response is not that adequate, it's something like "internal server error, EJBLocalAccessException or so" but from the given message you could get the idea what's wrong.
  Anyway, I got the impression that this stuff
  return HTTP error to flag "auth required"
  is not happening for some reason in my EJB based web service. I found this problem in Sun AS 8 and I think it's the same problem when I test stuff with Oracle's OC4J ...
  Some client implementations have obviously problems to get the idea that user authentication is required. In other words, the clients cannot invoke the EJB WS. I tried it with Perl Soap::Lite, MS SOAP Toolkit 3.0 and MS .Net 1.1 stuff. All this clients work well (with authentication) when I consume the servlet based web service. But the EJB based web service is not working at all. I do get there just "not allowed" and the SOAP client runtime is not handing over any user credentials (because it's obviously not correctly asked for it by an appropriate AS response).
  Anyone else experienced this problems with EJB WS???
  Interesting question: why is the JAX-RPC client working? Is it sending the properties set at the stub in any case? Or do they "handle" the internal error coming from Sun AS explicitly or so? Strange, in a way. :-)
  Thanx for any help here!
  Merten

  I guess the reason was that I wrote
  <login-config>
  <auth-method>Basic</auth-method>
  </login-config>
  instead of required
  <login-config>
  <auth-method>BASIC</auth-method>
  </login-config>
  At deploy time, I got no error message. At usage time, I just got this AccessLocalException. That's not really nice ...
  Merten