Error in setting up HTTP Header Variable Authentication
Hi,
I am trying to set-up SSO for SAP Biller Direct aplication (deployed on SAP J2EE 7.0) using HTTP Header variable authentication.
As per SAP documentation I have created a new login module "HeaderVariableLoginModule" pointing to class "com.sap.security.core.server.jaas.HeaderVariableLoginModule".
Then I have added this new login module to Statck "Ticket" and the new config looks as below. HTTP header when UID is passed is USI_LOP.
Name Flag Options
com.sap.security.core.server.jaas.HeaderVariableLoginModule Sufficient ume.configuration.active= tue,
Header=USI_LOP
BasicPasswordLoginModule Optional
CreateTicketLoginModule Optional ume.configuration.active= tue
EvaluateTicketLoginModule Sufficient ume.configuration.active= tue
The problem I am now having is that the authentication through HTTP_HEADEr does not work. Even though I ahve increased the trace level for JAAS module to debug, there is not any type of information generated in the log.
Each time I call the Biller Direct URL from the extrenal web server which also passes the HEADER variable for Authntication, the authrisation just fails and I am being shown a Logon Screen to pust UID/PASSWORD.
Can someone please guide me, how I can debug this? There is very no information whether anyone tried to login with HEADER varibale and that has failed...
Also, I am not pretty sure whether I am using the right Authentication Stack, which is is Ticket in my case..
But when I enter the application without any URL redirects and enter UID and password directly for Biller Direct, I get the following in log file, which makes me believe that I am using the right stack.
LOGIN.OK
User: CONDLG
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.HeaderVariableLoginModule SUFFICIENT ok false false
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule OPTIONAL ok true true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true true
4. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false false
Central Checks true
Any help will be very much apprecated..
Thanks,
Vikrant Sud
Vikrant,
The reason why it is not working is because your login modules in ticket stack are in wrong order and with wrong flags. The first one should be EvaluateTicketLoginModule with flag=SUFFICIENT, then the Header Variable login module, with flag=OPTIONAL, then CreateTicketLoginModule with flag=SUFFICIENT, then BasicPasswordLoginModule with flag=REQUISITE, and lastly CreateTicektLoginModule with flag=OPTIONAL
Thanks,
Tim
Similar Messages
-
SSO to other apps via HTTP header variable
We are on NW EP6.0 SP16. We need to add the "user id" as http header variable so that other apps which are non SAP can access our header variable and log on with that user id. Is this available by default? Or we want to achieve this how best we can achieve this.
We can use the code to get the user id and add it to header variable. If we use this route which is the jsp page we need to add the code?
ThanksHi,
we can you login modules provided by SAP to accomplish this.. you can use header variable authentication login module to acheive your requirement.
please refer: http://help.sap.com/saphelp_nw04/helpdata/en/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
Hope that helps.
Regards,
S.Divakar -
How to set custom HTTP header for single sign on
Currently we just begin to use an application called "etran". This application requires user name and password to login. Now, my assignment is to integrate etran application in our internal application. This means that somewhere in our internal application, there is a link leads to the etran application.
It is going to be single sign on, that means that once user logs into our internal application, when he/she clicks on the etran link, no sign on to etran is needed.
I consult with the technical people in etran. they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?
Thanks in advance for your help.sharon38_74 wrote:
they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?Your application need to act like a proxy. You can invoke a HTTP request programmatically using java.net.URLConnection. You can set request headers using URLConnection#setRequestProperty(). Also see the API docs: [http://java.sun.com/javase/6/docs/api/java/net/URLConnection.html]. You only need to know the header field name where to set the Base64-encoded value in. You need to Base64-encode the value yourself. -
ESB requires "SOAPAction" to be set in HTTP header?
I'm trying to insert an ESB flow between an existing web service and client. The service and client were previously built with Apache Axis.
By generating an appropriate WSDL (doc/wrapped rather than Axis' default RPC style) for the existing service, I'm able to connect the ESB to the service.
The problem is that the existing client (built using Axis) sets the SOAPAction in the HTTP header to empty (SOAPAction: ""), and the ESB appears to require this to be set to the desired operation. If this is a hard requirement, then I can't directly connect the existing client to the ESB flow.
So, the question is whether it's possible to have the ESB relax the requirement for the SOAPAction header. And if so, how?
If I can't get the ESB to accept SOAP requests with an empty SOAPAction, then I'll have to create a custom adapter or insert an additional proxy layer (yuk). Anyone else have any suggestions?This is all done automatically by FB.
Just to try something out I just now made a simple app with a label only and tried to upload to Google... FAILED!!!!
"Market requires versionCode to be set to a positive 32-bit integer in AndroidManifest.xml"
LOL, FB can't even create this. :-/
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<application xmlns="http://ns.adobe.com/air/application/3.1">
<!-- Adobe AIR Application Descriptor File Template.
Specifies parameters for identifying, installing, and launching AIR applications.
xmlns - The Adobe AIR namespace: http://ns.adobe.com/air/application/3.1
The last segment of the namespace specifies the version
of the AIR runtime required for this application to run.
minimumPatchLevel - The minimum patch level of the AIR runtime required to run
the application. Optional.
-->
Message was edited by: KesherMedia.Com -
How do I set the Http Header POST URL in SAAJ?
Hi ,
I am a newbie in the field of web services. I was trying to create a SOAP request with Http Header POST information having a POST url like
the following:
POST /OMASTI.xml HTTP/1.1
Content-Type: multipart/related; boundary="eladeladeladeladeladeladeladeladelad"; type=text/xml; start=11814460
Content-Length: 54596
Host: unspecified
SOAPAction: ""
to that effect I did the following in the SAAJ client:
MimeHeaders md = message.getMimeHeaders();
md.setHeader("SOAPAction" ,"\"\"");
md.setHeader("POST" ,"/OMASTI.xml");
However what I got was :
POST / HTTP/1.1
Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
SOAPAction: ""
POST: /OMASTI.xml
Content-Type: multipart/related; type="text/xml"; boundary="----=_Part_2_32124414.1153146262750"
Content-Length: 3352
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Java/1.5.0_07
Host: www.google.com
Connection: keep-alive
I have two POSTs in the header. How do I fix it? Please Help ASAP.
Regards,
ZeusHi,
Please forgive my ignorance. I did the same as you said. and then checked the Http request being sent out using ethreal software... it was the same as I had told earlier. Is only POST supported by the connection object? And the does the URL that comes in the Mime header as POST refer to the URL to which the request was sent? what I mean is that if the mime header says
POST /OMASTI.xml HTTP 1.1, does it mean that the URL that was passed to the connection object was "/OMASTI.xml" ? I had given the url as http://www.google.com to test the request being sent.. I only have a sample SOAP request which shows a HTTP header with the post url as I said before. I need to create a SOAP request with the same sort of Http header and the body needs to follow a certain OMA-STI protocol. My experience in the SOAP domain is almost nil. So please enlighten me.
Thanks in advance,
zeus -
How can I set "SOAPAction" http header using SAAJ
When I send soap request, http header's like below
SOAPAction: ""
But, I'd like to send like this
SOAPAction: "http://tempuri.org/HelloWorld"
How can I that using SAAJ ?
My code is
String xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
"<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n" +
" <soap:Body>\n" +
" <HelloWorld xmlns=\"http://tempuri.org/\" />\n" +
" </soap:Body>\n" +
"</soap:Envelope>";
Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new ByteArrayInputStream(xml.getBytes()));
DOMSource domSource = new DOMSource(doc);
SOAPMessage message = MessageFactory.newInstance().createMessage();
message.setProperty(SOAPMessage.CHARACTER_SET_ENCODING, "utf-8");
message.setProperty(SOAPMessage.WRITE_XML_DECLARATION, "true");
message.getSOAPPart().setContent(domSource);
message.writeTo(System.out);
SOAPConnection connection = SOAPConnectionFactory.newInstance().createConnection();
SOAPMessage response = connection.call(message, helloURL);
connection.close();
SOAPBody body = response.getSOAPBody();
if ( body.hasFault() )
SOAPFault newFault = body.getFault();
System.out.println("SoapBody has fault.");
System.out.println("code=" + newFault.getFaultCodeAsName());
System.out.println("message=" + newFault.getFaultString());
System.out.println("actor=" + newFault.getFaultActor());
else
System.out.println("Call Successed.");
System.out.println(body);
}message.getMimeHeaders().addHeader("SOAPAction", "http://tempuri.org/HelloWorld");
-
Content-Type is net being set in HTTP header. Server returns 400 Bad Request error.
Hi,
I am trying to access an XML WebService. This service requires the content type of the request to be set to "text/xml". As you can see in the source code, I am setting the req.ContentType property to "text/xml".
However, this content type seems not to be added to the HTTP headers. The server returns a 400 Bad Request error as can be seen in the log.
I've attached a System.Net.trace log and it states:
[Public Key]
Algorithm: RSA
Length: 2048
Key Blob: 30 82 01 0a 02 82 01 01 00 bc 09 30 8a 1e 03 4d 7a ea 16 d3 a8 5e d8 5b 00 c4 8a c5 9f 26 bd 7d d6 cb 8b d0 db bd 93 2d 2b 3b 84 f6 20 79 83 34 67 51 37 21 ea 56 5e 18 d8 a3 db 72 43 0e 14 77 e2 64 cb 07 b6 2a 81 c7 f5 16 dd 19 c7 d9 68 0b 3a 81 5c f0 05 c9 ed 2b 37 00 31 41 37 8b 3a 73 4a 4d ab d7 d8 87 79 35 82 01 97 e3 3c be bb 84 e5 94 bb 87 52 e3 9f b5 fb 3e 33 38 c3 eb 73 42 ee ba 1e c5 4a 33 18 a1 0d 8a d2 10 a8 c5 3....
System.Net Information: 0 : [26780] SecureChannel#31884011 - Remote certificate was verified as valid by the user.
System.Net Information: 0 : [26780] ConnectStream#26966483 - Sending headers
API-VERSION: 1
Host: test.myhost.com
Content-Length: 329
Expect: 100-continue
Connection: Keep-Alive
System.Net Information: 0 : [26780] Connection#3888474 - Received status line: Version=1.1, StatusCode=100, StatusDescription=Continue.
System.Net Information: 0 : [26780] Connection#3888474 - Received headers
System.Net Information: 0 : [26780] Connection#3888474 - Received status line: Version=1.1, StatusCode=400, StatusDescription=Bad Request.
System.Net Information: 0 : [26780] Connection#3888474 - Received headers
0: Content-type
1: text/xml
X-Debug-Token: a810dc
X-Debug-Token-Link: /service/_profiler/a810dc
Connection: keep-alive
Content-Length: 3440
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Date: Tue, 14 Apr 2015 11:07:11 GMT
Server: Apache
...and here's the implementation of the web request:
private void ButtonSend_Click(object sender, EventArgs e)
WebHeaderCollection whCol = new WebHeaderCollection();
whCol.Add("API-VERSION", "1");
//whCol.Add("Content-Type", "text/xml; charset=UTF-8"); <-- That doesn't work in .NET. Content-Type has to be set on the ContentType-Property
string msg = _textBoxReq.Text;
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(_textBoxURL.Text);
byte[] data = Encoding.UTF8.GetBytes(msg);
req.Method = "POST";
req.ContentType = "text/xml; charset=UTF-8";
req.ContentLength = data.Length;
req.Headers = whCol;
req.GetRequestStream().Write(data, 0, data.Length);
string xml = "";
try
using (HttpWebResponse resp = (HttpWebResponse)req.GetResponse())
using (System.IO.StreamReader sr = new System.IO.StreamReader(resp.GetResponseStream()))
xml = sr.ReadToEnd().Trim();
catch (WebException we)
using (System.IO.StreamReader sr = new System.IO.StreamReader(we.Response.GetResponseStream()))
xml = sr.ReadToEnd().Trim();
_textBoxRes.Text = xml;
Can anyone help?
Thanks,
MiRiHi _MiRichter,
Well Done!
Thank you very much for sharing the solution to us.
Best Regards,
Amy Peng
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Error when Setting value to Bind variable in View Link used in HGrid
Hi
I have requirement to pass profile id as bind variable, I have created a VO based on below Query.
select 'N' Is_Selected, 'N' Is_Already_Selected, 'N' Is_Selected_Copy, a.*
from XXPA_STATE_CONST_DTLS_V a, xxpa_state_const_dtls b
where a.child_id = b.child_id(+)
and b.profile_id(+) = :1
View Link Query that is being generated is
SELECT * FROM (select 'N' Is_Selected, 'N' Is_Already_Selected, 'N' Is_Selected_Copy, a.*
from XXPA_STATE_CONST_DTLS_V a, xxpa_state_const_dtls b
where a.child_id = b.child_id(+)
and b.profile_id(+) = :1) QRSLT WHERE PARENT_ID = :Bind_ChildId
it Shows Errors as
## Detail 0 ##
java.sql.SQLException: Missing IN or OUT parameter at index:: 1
could anyone tell what could be the wrong. Do we need to set bind variable in view link Explicitly? or any other alternative.
Its very Urgent.
Regards
VimalHi,
I have faced similar problem some time ago. I could not find any solution except removing bind parameters in where clause. I tried to change binding style but it also didn't work. I think the problem is caused by view link's where clause. -
How to set the header variables in weblogic
Hi,
We have a following set up in our environment.
We have weblogic and on the top of it we have apex listener deployed which redirects Oracle Apex.
My Issue:
How can we set up the header variables in weblogic once the user is authenticated against weblogic server.
We are struck here, not knowing how to set the header variables in weblogic server. Its fairly straight forward for Oracle Access Manager or others..
Thanks
Ramesh P.maybe you are looking for the routing options
http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/userguide/modelingmessageflow.html#wp1125348 -
How to Set UserId in Http Header for SSO?
Hello All,
I have a requirement to set the userid into the HTTP Header so that i can use the "Header Variables for User Authentication" module provided by SAP to achieve the SSO .
Could some 1 let me know how can I achieve this? I know abt the HTTPServlet.setheader() method, But i need to set it using my JAVA application. Is there any way to set the HTTP Header using Java. I have already done a lot of googling, but havent got any results.
I am sure that, there must definitely be a way in which we can add the user id into the HTTP header, in all the results, they tell abt adding it using the HTTP Servlet or PHP and so on, but i need to add it from JAVA.(setting REMOTE_USER as "mysapuserid")
I have already added the "HeaderVariableLoginModule" in my login stack in the 2nd position, as per
http://help.sap.com/saphelp_nw04/helpdata/en/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
Any pointers will be helpful,
Meghana
Edited by: Meghana Phadke on Apr 14, 2008 2:49 PMHi
As I understand, your java application is an EP client, check framework HttpClient :
http://hc.apache.org/httpclient-3.x/
http://hc.apache.org/httpclient-3.x/tutorial.html
Hope this help
Jakub Krecicki -
Header variable: Content Disposition for downloading file over HTTP?
Hi All,
I have a general content server question...Is there anyway to pass a parameter or set a setting on the content server to send the file with the header variable content-disposition set so that when a user selects a file within a browser, it doesn't open in place but asks the user whether they want to open or save the document?
Note - I'm actually using this with ArchiveLink and displaying the link in the Portal but this forum seems the closest I can get to asking this question.
Regards,
MattThanks Athol.
Although there's quite a bit of configuration options there for displaying files, there doesn't appear to be anything that let's you manipulate the HTTP header variables to set content-disposition.
Any other ideas?
Cheers,
Matt
ps. If you want to artificially see the behaviour I'm after, within IIS, you can predefine this header variable for the contentserver.dll but this makes every HTTP request act like a file that wants to be downloaded, and it calls every file contentserver.<suffix>. From a user perspective, there's nothing worse than a document opening in place in your window (losing the underlying application), or within another IE window, hence why I'd like it to act like a file download. -
How to set Header variables through Jsp
Hi,
Can anybody help me with the code.
I need to send user id in http header variable from jsp to a third party tool, which will read user id from the http header.
i am tryng to test if ui can set the variable using th efollowing code
<%response.addHeader("REMOTE_USER" ,"user1"); %>
and to get that i am using response.getHeader("REMOTE_USER");
The header variable is not set.
can you let me know if is possible , can we set user defined header variables??
Any help will be highly appreciated
Thanks in advanceHi,
If you'd like to send some additional headers from your jsp it would make sense to add it to your request than the response. Unfortunately, neither a servlet or jsp is allowed to modify the request object. You would need to write a filter to achieve this.
See the below url for more information on creating filters.
http://java.sun.com/products/servlet/Filters.html
cheers,
vidyut -
OAM 10.1.4.3 HTTP Header authentication. Any documentation?
Thanks in advance,
I've located a document that outlines how to achieve this in a 10.1.3.x environment here:
http://download.oracle.com/docs/cd/B31017_01/web.1013/b28957/coreid.htm
under the "Web Application Using HTTP Header Variables through Oracle Access Manager" heading.
I have two questions:
1. Is there any updated documentation for 10.1.4.x as there are different.
2. I'm using the oracle HTTP server as a reverse proxy and have my webgate installed there. The instructions assume you are using OC4J and ask you to make modification to files that do not exist in an OHS scenario. How can I configure my HTTP server to pass through the headers to the access server for authentication?
DamionDid you figure this out, Damion? We're facing a similar issue and I can't find any documentation anywhere...
-
Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method
Hello SDN community,
in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
Is there an application to be built on the java stack to deal with the authentication, modify http header?
What will the Java stack return? a sap long ticket? a token?
How will the redirect work (to by example a BSP which is in the ABAP stack)?
SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
A lot of questions about how this SSO http header should work,
I would be very greatful for any help, or info,
Kind regards,
Tanguy MezzanoHi Tanguy,
to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
Here are some answers to your question:
in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
So everything's is in a Java Client application without using any redirection.
If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
So my problem now, is how to call the servlet from the client browser:
I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
<FORM method="POST" action="SSORedirect2" >
A JSP is a servlet too. There is just no JAVA Class involved!
You do not need any POST Request to invoke a Servlet.
I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE web-app (View Source for full doctype...)>
- <web-app>
<display-name>WEB APP</display-name>
<description>WEB APP description</description>
- <servlet>
<servlet-name>SSOredirect2</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
- <servlet>
<servlet-name>SSORedirect2.jsp</servlet-name>
<jsp-file>/SSORedirect2.jsp</jsp-file>
</servlet>
- <security-constraint>
<display-name>SecurityConstraint</display-name>
- <web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
- <auth-constraint>
<role-name>DefaultSecurityRole</role-name>
</auth-constraint>
</security-constraint>
- <security-role>
<role-name>DefaultSecurityRole</role-name>
</security-role>
</web-app>
If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
e.g.
<servlet>
<description>
</description>
<display-name>AuthenticatorServlet</display-name>
<servlet-name>AuthenticatorServlet</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticatorServlet</servlet-name>
<url-pattern>/AuthenticatorServlet</url-pattern>
</servlet-mapping>
You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
I have also to pass my http header and the redirectUrl in the GET request.
If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
Thx for your input very helpful,
But again 0 points
Cheers -
Accept language in Http Header of Aqualogic portlet.
Hi, we have developed one web page using ASP.Net and hosted in the Aqualogic portlet server, when ever we access that page from different location/browser, we are getting "en-us" as accept language in the Http header variable of Request object, but it should change based on the location and browser.
Please let us know,do we have to modify any settings in the aqualogic portal?
Note: We are getting different accept language from the same code when hosted on the web server/local(Without Aqualogic).
Thanks in Advance.
Edited by: 993251 on Mar 12, 2013 11:08 PM>
by using Client Cert authentication I have to set HTTPS required to true.
>
Yes.
>
When I try to invoke this service with http request, it redirects to https service.
This actually just trashes the entire idea of terminating SSL in the load balancer.
>
Not necessarily. Although direct HTTP request to WebLogic is redirected to HTTPS enabled port, you can still use this settings with WebLogic plugin. I'm not aware of your deployment, but I use Apache plugin for WebLogic, terminate SSL on Apache and I'm still able to send requests authenticated by certificate from client through HTTPS.
I don't know about F5, but I guess there should be similar feature as well.
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/cluster/load_balancing.html
Maybe you are looking for
-
Atheros Driver to W2K in Satellite M30X - Please help-me
Friends, Due IT policies in my company i can't use the Windows XP. I have to my work a Satellite M30X with a wifi mini PCI board, the model is Atheros MB51, and the code is AR5BM5 (i think so thats a part number). My actual OS is W2k. My problem is,
-
Can you AirPlay to an Apple TV with the MacBook closed? I have a late 2011 MacBook Pro.
-
Best Approach to store 1.2 billion records
Hello All, In our OLTP database there will be few tables with 1.2 billion records. The row length is approximate 50 bytes. Please can I know what are best options to store this historical data. Would it be advisable to store all this records go in on
-
Db Export when database is in read only mode
Hi All, I have to perform a full database export when database is in read only mode. My db version is 9i. Kindly let me know whether that export file is valid enough to do full import in new database and make database oprational. Thanks.
-
I would like someone to change Firefox to fix this issue because i do not like to use outdated browsers