Dynamic Username and password in SOAP reciever

Hi,
We have a requirement where we have to post the data to a webservice using SOAP reciever. However, the challenge is that we have multiple username/PWD and based on a field in source message, decide at the runtime, which Username/PWD to choose.
Please suggest how can we proceed.

Authentication Keys
If authentication is required for the receiver system, you can enter a password and a confirmation for each key value. This means that you do not need to write passwords in the enhanced message header.
If you want to specify or display authentication keys, select View Authorization Keys.
You can enter and confirm passwords for each authentication key value (TAuthKey or TproyxAuthKey).
http://help.sap.com/saphelp_nw04/helpdata/en/29/5bd93f130f9215e10000000a155106/content.htm
Add field inside SOAP header PI 7.1

Similar Messages

  • Dynamic username and password for UsernameToken in Receiver Soap Adapter.

    Hi All,
    I am using AXIS Frame work for WS Security Authentication in Receiver SOAP channel. I deployed AXIS and used WSDoAllSender handler. I want to set the username and password parameters in the module dynamically. These have to be extracted from the payload. 
    kindly give me pointers to dynamically assign Username and Password.
    Regards,
    Saipriya.

    continued from the previous entry
    1.  configure the following four handlers in the request chain
    Handler dc
    Handler xireq
    Handler wssec
    Handler trp
    For the xireq and trp handler, you can use the default setting.
    For the dc and wssec handlers, you use the following setting:
    dc: handler.type =  java:com.sap.aii.axis.xi.XI30DynamicConfigurationHandler
    dc: key.1 = write http://sap.com/xi/axis username
    dc: value.1 = user
    wssec: handler.type = java:org.apache.ws.axis.security.WSDoAllSender
    wssec: action = UsernameToken
    wssec: passwordType = PasswordText
    wssec: passwordCallbackClass = com.sap.aii.axis.security.DefaultPasswordCallbackHandler
    2. Create an external password file with user password pairs. For example, if you have three users: orange, banana, and apple, with their passwords: orange, yellow, red,  you create a file with content:
    orange:orange
    banana:yellow
    apple:red
    You name this file to ".password" and place it at the engine's classloader directory (e.g.,
    /usr/sap/E07/JC90/j2ee/cluster/server0)
    3. Prepare the input message containing the user name in the dynamic configuration header that looks like:
    <ns3:DynamicConfiguration xmlns:ns3="http://sap.com/xi/XI/Message/30">
      <ns3:Record name="username" namespace="http://sap.com/xi/axis">orange</ns3:Record>
    </ns3:DynamicConfiguration>
    The namespace and name must match the value used in the key.1 property of the dc handler. As long as they match, you can use any names.
    In this example, the user name value "orange" will be extracted by the dc handler and inserted into the message context.
    4. Send a test message.
    Best regards, Yza

  • OSB 11g - Authentication - Username and password in SOAP body

    Hi,
    I have a PS based on the WSDL provided by the client. According to the WSDL the client will send the username and password (to be used for authentication) in SOAP Body. I have extract the username and password from the body and authenticate it and then only process the data.
    The approach I am thinking of is to create two PS. The first PS will be called by client to send the data. There will be no authentication required for this PS. Once this PS (PS-1) receives the message it will extract the username, password and data from the SOAP body. It will then set the username and password in the HTTP header of the second PS (PS-2) and the data in the SOAP body of PS-2.
    PS-2 will be under basic authentication. PS-2 will accept the data as the only payload. Upon receiving the data it will do the normal processing.
    But I do not see any way to set the HTTP header (Authorization) for the second PS. Is my approach correct? Is there another/better approach?
    I went through this link [http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/model.html] and found that we may have to configure another Authentication provider. How to do that?
    Thanks,
    Sanjay

    Hi Sanjay,
    Your approach seems correct to me (using two proxies) but instead of setting the username and password in HTTP header, you may set it as SOAP header and use Custom Authentication method in OSB. To know more about it, please refer -
    http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15866/message_level_cust_auth.htm#i1069719
    Regards,
    Anuj

  • Avoid using Username and password in SOAP Envelope

    Hi Team
    I am working on calling the sercured web-service from PLSQL and able to call it successfully and get the response.
    In the SOAP envelope, I have header and body.
    Header contains the WS Security which includes username and password to authenticate the web-service and body contains the actual input pay load for service.
    Currently, header has username and password as 'hard-coded', is there a way to avoid the usage of username and password.
    We already tried to SIF for EBS methodology where in following steps are done:
    1) Create and event in EBS.
    2) Pass the event along with payload to SOA.
    3) SOA receives the event and triggers web-service and gets the response.
    4) Pass the response to EBS.
    This technique does avoid usage of username and password but takes 20 seconds to do the job. However, the appraoch above takes hardly 1 second.
    Please let me know in case any one has any idea on how to avoid credentials usage in SOAP envelope.
    Thanks
    Mirza Tanzeel

    How about doing away with that approach entirely?
    Password authentication requires one to keep a secret, secret. And that is the primary problem as how does one safely guard the secret, and manage the secret (by regularly changing)?
    Relying on secrets is a problem. I have never been a fan of password based security.
    Instead:
    a) use HTTPS to secure communication between sender and receiver
    b) use robust firewall rules to ensure that only sender is allowed to communicate with receiver
    c) implement sound network management and exception reporting (to detect and prevent violations on network infrastructure level)
    If you lack in the network infrastructure and administration areas, then:
    a) make the web service endpoint on server on localhost only (do not expose it to the outside world)
    b) establish a trusted ssh connection between sender and receiver using strongly encrypted RSA/DSA keys
    c) configure sender with a service that opens a reverse tunnel to target, exposing the web service as a local port on its localhost

  • Username and password for SOAP sender call

    Hello,
    does anyone know how to provide the username and password to a SOAP sender call, e.g. XI receives the ws via soap and needs to know which userid and password to check. When you use a SOAP client they use basic authentication which sends the request first to XI and XI send a request back for password. This would work for an online app but not for ws from machine to machine. I read some docu about query strings but no where it has an example what to put either on the request URL, the adapter or the SOAP envelope. SOAP 1.1 seems to have left that open and IBM has an example using SOAP Header which did not work with XI.
    Thanks
    Stefan

    Hi,
    do you use the javax.xml.rpc.Call class? Because then
    you can supply username and password to the call via
    the addParameter method. I think I did that with XI 3.0
    and it worked. If you need more information please consult
    the javax.xml.rpc.Call javadoc.
    Best regards,
    Hermann

  • Username and password through SOAP header

    Hi Gurus
    I am developing web service model in webdynpro by consuming third-party WSDL. This third party web service expecting me to send the user name &password through SOAP header.
    Can any body tell me how to pass the username password through SOAP header using webdynpro model?

    Hi,
       In WD there's no direct way to access the SOAP message header. If the web service defines implicit headers in JAX-RPC then you have to use the setProperty methods of the javax.xml.rpc.Stub interface so that the JAX-RPC handler can retrieve these via the getProperty methods.
    Regards,
    Satyajit.

  • Username and password token retrieval from SOAP web services

    We are implementing one JAX-WS Web services which requires to retrieve the username and password in SOAP header elements and use those for further use/processing.
    When we are retrieving username/password it’s coming as null. Please help ...
    if (Boolean.FALSE.equals(context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY))) {     
    try {
    SOAPMessage sm = context.getMessage();
    //SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
    SOAPEnvelope envelope = sm.getSOAPPart().getEnvelope();
    SOAPHeader sh = envelope.getHeader();
    System.out.println("Message: "+envelope);
    System.out.println("Envelope: "+envelope);
    System.out.println("Header: "+sh.toString());
    Iterator it = sh.examineAllHeaderElements();
    while(it.hasNext()){
    System.out.println(it.next());
    String username;
    username = sh.getAttribute("Username");
    // username = sh.getAttributeValue("Username");
    //String password = sh.getAttribute("Password");
    System.out.println("uid:"+username);
    //System.out.println("pass: "+password);
    context.put("Username", username);
    //context.put("Passsword", password);
    // default scope is HANDLER (i.e., not readable by SEI
    // implementation)
    context.setScope("Username", MessageContext.Scope.APPLICATION);

    <S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
    <S12:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>TestUser</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TestPassword</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </S12:Header>
    </S12:Envelope>

  • Calling A Secured webservice using Username and password in the Soap header

    I want to call a secured webservice.
    The Username and password should be sent with the payload in the SOAP Header
    as
    <wsse:Security S:mustunderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="SecurityToken-XXXXXXXXXXXXXXXXXXXXXXXXX" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>uname</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    Can you please send me the steps?
    I tried with giving the username and password under Service Account.
    I tried to create a wspolicy under business service. But nothing works...
    Please help me at the earliest.
    Also please give me steps in sequence.

    Now i made sure that the endpoint is available!
    Now am getting this error:
    <soapenv:Fault>
    <faultcode>soapenv:Server</faultcode>
    <faultstring>BEA-380002: localhost1</faultstring>
    <detail>
    <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
    <con:errorCode>BEA-380002</con:errorCode>
    <con:reason>localhost1</con:reason>
    <con:location>
    <con:node>RouteNode1</con:node>
    <con:path>request-pipeline</con:path>
    </con:location>
    </con:fault>
    </detail>
    </soapenv:Fault>
    Also in the invocation trace i can observe the following things:
    Under Invocation Trace:-
    ========================
         Receiving request =====> Initial Message context
         ===============================================
         under added header:-
         ==================
         <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
         </soap:Header>
         under RouteNode1
    ================
         Route to "TargetMyService_BS"
    $header (request):-
    <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    </soap:Header>
    Under Message Context changes:-
    *===============================*
    I can find this element also:-
    con:security>
    *<con:doOutboundWss>false</con:doOutboundWss>*
    *</con:security>*
    eventhough we enabled ws security, how the above tag can be false?
    I think its getting failed to populate the header with the required login credentials.
    The other doubt i have is:-
    =================
    I have chosen the service account type is static...is this right?

  • Username and password validation on SOAP Web Service

    Hi,
    I'm pretty new to web services and c# .net framework.  
    I'm developing an app that uses a third party's API/ Web services. My first task is getting this log in(authentication) to working.
    Right now its nothing more than a simple Login form:
    The code behind the "Log In" button is so far:
    Here I've instantiated the SOAP web service that I'm using. And when I got to test/debug my form and type in my username and password and click the "Log In" button nothing happens..."of course" 
    So my question is, how could I validate whether the username and password were sent to the web service and whether the authentication is true or false?

    I'm trying to figure that part out...of how I can get it to return the bool. How can I check to see if it returns a bool?(because i'm not really sure if it does or doesn't just yet)
    I'm not expecting it to say "Hey you're logged in" because the actual application doesnt work that way. The actual desktop client will log you in with a (Domain Name\ Username) and windows authenticate
    that you're who you say you are, check the SQL Server and Database and Logs you in. 
    So im trying to figure out how I can manually set it up to where it let the user know that they have Logged in successfully.
    And you're saying that the code i have right now SHOULD log the users in correctly?  

  • SOAP Lookup with username and password

    I am doing a lookup using a Java UDF from PI message mapping using a SOAP receiver channel by passing a username and password to get a value from a webservice. This is passed to a field in the target side. Everything works fine.
    But I want to avoid hardcoding the username and password sent in the XML for the lookup in the UDF. Anyone has any suggestions?
    Thank you.

    Hi Param,
    Are you passing the userid and password in url of SOAP Lookup?  You can try using value mapping to get the password for a given username..
    Else maintain it in SOAP channels and for each user id try selecting a different SOAP channel..  HEre also you can use value mapping for userid = soapchannel relationship.
    Regards
    Suraj

  • SOAP URL without username and password

    Hello Everyone,
    its a synchronous SOAP - PI -ECC scenario .
    I have created HTTP URL through sender agreement in integration for testing.
    However, customer now wants HTTPS URL without Username and password in  production URL. How do i create this .
    Regards,
    Ravi

    Hello,
    However, customer now wants HTTPS URL without Username and password in production URL. How do i create this .
    You can disable basic authentication for the sender SOAP Adapter by following William's reply in this thread
    http://forums.sdn.sap.com/thread.jspa?threadID=236507
    However, the authentication will be disabled for all SOAP Sender, so you should weigh-in the impacts of granting that request.
    Hope this helps,
    Mark
    Edited by: Mark Dihiansan on Feb 13, 2012 3:51 AM

  • Dynamically pass the username and password to report server to invoke reports

    Hi
    The scenario is as follows:-
    9iAS is installed under - Windows 2000 (web server and report Server 6i) and everything works fine.
    We have developed a page using pl/sql cartrige (oracle 8i), from that a report is invoked with some parameters. However, the userid and password is stored under keymap file (cgicmd.dat).
    Is there anyway to pass dynamically the username and password to report server in order to invoke the report.?
    Can any one advise?
    null

    Check out
    http://serverfault.com/questions/371907/can-you-pass-user-pass-for-http-basic-authentication-in-url-parameters
    Kind regards,
    Margriet Bruggeman
    Lois & Clark IT Services
    web site: http://www.loisandclark.eu
    blog: http://www.sharepointdragons.com

  • Dynamically Obtaining Username and Password

    Hi,
    I am using Oracle Application Server and implementing a Servlet in it.
    The issue I am having is , how do I dynamically get the username and password to connect to the database? Should I use a configuration file and hard code it? Is there any specific file I can read from?
    Besides, there are other properties such as the Server name, DB name etc which I would like to read. There is an XML properties file. Is there a text version for it?
    Please let me know.
    Thanks in advance.
    Menon

    Hi,
    According to the previous reply , keeping username and password on properties file is a good strategy.
    you dont need to hardcode anything inside your servlet or jsp.
    Properties file is an ordinary text file . you dont need to confuse withe urself.
    or else
    you can register your database with ur web server.
    To implement that , you need to do some work with web.xml. Please refer
    documentation of your web server for more information.
    thanks,
    nvseenu

  • Usernames and passwords

    Hey I have been really wanting to add an interface were users can create multiple usernames and passwords on my iweb page instead of the password protect feature that only allows 1 username and pass. is this possible?

    You create .htaccess with a text edit application. It's a file with rules for the folder you place it in your server. First off you need to create the file. Since files that start with a "." (period) are hidden OS files in OSX they can not be created in Text Edit. I use TextWrangler to create a text file and save as .htaccess to the Desktop which can then be uploaded to a folder on your host to create rules for the directory its placed in.
    After the file has been saved as .htaccess you will not see it on your Desktop since files that begin with "." are hidden by default in OSX. You can create an automator workflow finder action that uses terminal to display and hide files that begin with "." look here for more info.
    Then check out some different codes you can insert into the .htaccess file. Usually searching Google for desired_feature .htaccess will find what you're looking for. For instance if you search for password protection .htaccess like this then you can find the code and method for creating a password-protected site using .htaccess
    I've never used .htaccess for iDisk and can't say for sure if it's supported for iDisk - EDIT: actually I just tried and it isn't. I should've known this already. In which case if you're using MobileMe you're left at the mercy of their available features. Sorry, man. Time to switch hosts which allow for more dynamic features?
    So now the drumroll question... Where are you hosting your site? You hinted MobileMe but it's not certain. Where you host depends on what programming features, if any, are available.

  • How to catch exception while validating the username and password in hbm

    Hi,
    I do want to set the username and password dynamically in hibernate.cfg.xml
    Here below is my configuration file.
    {code<hibernate-configuration> 
    <session-factory> 
           <property name="hibernate.bytecode.use_reflection_optimizer">false</property> 
           <property name="hibernate.connection.driver_class">oracle.jdbc.driver.OracleDriver</property> 
           <property name="hibernate.connection.pool_size">10</property> 
           <property name="show_sql">true</property> 
           <property name="hibernate.dialect">org.hibernate.dialect.OracleDialect</property> 
           <property name="hibernate.hbm2ddl.auto">update</property> 
           <property name="current_session_context_class">thread</property> 
           <property name="show_sql">true</property> 
         </session-factory> 
    </hibernate-configuration>{code}
    Also im getting that session factory object like the below code.
    public class Sessions {        private static SessionFactory sessionFactory;      private static Configuration configuration = new Configuration();        static {          try {              String userName = GuigenserviceImpl.userName;              String password = GuigenserviceImpl.password;              String hostName = GuigenserviceImpl.hostName;              String portNo = GuigenserviceImpl.portNo;              String sId = GuigenserviceImpl.sId;                  configuration                      .setProperty("hibernate.connection.username", userName);              configuration                      .setProperty("hibernate.connection.password", password);              configuration.setProperty("hibernate.connection.url",                      "jdbc:oracle:thin:@" + hostName + ":" + portNo + ":" + sId);                try {              configuration.configure("/hibernate.cfg.xml");              sessionFactory = configuration.buildSessionFactory();              GuigenserviceImpl.strAccpted = "true";              }              catch (Exception e) {                    e.printStackTrace();                  GuigenserviceImpl.strAccpted = "false";              }            }          catch (HibernateException hibernateException) {              GuigenserviceImpl.strAccpted = "false";              hibernateException.printStackTrace();          }          catch (Throwable ex) {                GuigenserviceImpl.strAccpted = "false";              ex.printStackTrace();              throw new ExceptionInInitializerError(ex);          }      }          public static SessionFactory getSessionFactory() {          return sessionFactory;      } 
    So, in this above scenario, suppose if im giving the wrong password means exception should be caught and the string variable "GuigenserviceImpl.strAccpted" should be assigned to false.
    But im getting the SQL Exception only in console like wrong username and password. And finally i couldn't able to catch the exception in Sessions class, static block.
    Anyone can help me in catching that SQL Exception in my Sessions class and i need to handle that SQL Exception in my class.
    Im getting this following exception message in my console.
      INFO: configuring from resource: /hibernate.cfg.xml  Apr 6, 2009 2:47:00 PM org.hibernate.cfg.Configuration getConfigurationInputStream  INFO: Configuration resource: /hibernate.cfg.xml  Apr 6, 2009 2:47:00 PM org.hibernate.cfg.Configuration doConfigure  INFO: Configured SessionFactory: null  Apr 6, 2009 2:47:00 PM org.hibernate.connection.DriverManagerConnectionProvider configure  INFO: Using Hibernate built-in connection pool (not for production use!)  Apr 6, 2009 2:47:00 PM org.hibernate.connection.DriverManagerConnectionProvider configure  INFO: Hibernate connection pool size: 10  Apr 6, 2009 2:47:00 PM org.hibernate.connection.DriverManagerConnectionProvider configure  INFO: autocommit mode: false  Apr 6, 2009 2:47:00 PM org.hibernate.connection.DriverManagerConnectionProvider configure  INFO: using driver: oracle.jdbc.driver.OracleDriver at URL: jdbc:oracle:thin:@192.168.1.12:1521:orcl  Apr 6, 2009 2:47:00 PM org.hibernate.connection.DriverManagerConnectionProvider configure  INFO: connection properties: {user=scott, password=****}  Apr 6, 2009 2:47:01 PM org.hibernate.cfg.SettingsFactory buildSettings  WARNING: Could not obtain connection metadata  java.sql.SQLException: ORA-01017: invalid username/password; logon denied        at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:70)      at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:131)      at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:204)      at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455)      at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:406)      at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:399)      at oracle.jdbc.driver.T4CTTIoauthenticate.receiveOauth(T4CTTIoauthenticate.java:799)      at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:368)      at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:508)      at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:203)      at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33)      at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:510)      at java.sql.DriverManager.getConnection(DriverManager.java:525)      at java.sql.DriverManager.getConnection(DriverManager.java:140)      at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)      at org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:84)      at org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2073)      at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1298)      at com.beyon.ezygui.server.Sessions.<clinit>(Sessions.java:39)      at com.beyon.ezygui.server.GuigenserviceImpl.testRPC(GuigenserviceImpl.java:322)      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
    Thanks in advance.
    Thanks & Regards,
    Kothandaraman N.

    Hi,
    Myself hardcoded that username and password checking like the below code.
    String name = loginData.get("userName").toString();
              String pswd = loginData.get("pswd").toString();
              String hstName = loginData.get("hName").toString();
              String prtNo = loginData.get("portNo").toString();
              String sid = loginData.get("sId").toString();
              SessionFactory sessionFactory = null;
              try {
                   if (name.trim().equals(userName) && pswd.trim().equals(password)
                             && hstName.trim().equals(hostName)
                             && prtNo.trim().equals(portNo) && sid.trim().equals(sId)) {
                        sessionFactory = Sessions.getSessionFactory();
                        strAccpted = "true";
                   } else {
                        strAccpted = "false";
              } catch (Exception e) {
                   e.printStackTrace();
                   strAccpted = "false";
              }I have my own values in string objects, then comparing that values with the values from login form. If both values are matching, then i will do configurations in hibernate.
    ResourceBundle resourceBundle = ResourceBundle
                   .getBundle("com.beyon.ezygui.server.Queries");
         public static final String connection_url = resourceBundle
                   .getString("connection.url");
         public static final String userName = resourceBundle.getString("userName");
         public static final String password = resourceBundle.getString("password");
         public static final String hostName = resourceBundle.getString("hostName");
         public static final String portNo = resourceBundle.getString("portNo");
         public static final String sId = resourceBundle.getString("sId");The above are the String objects i'm checking for the match with values from login form.
    Thanks & Regards,
    Kothandaraman N.

Maybe you are looking for