External REST Service Authentication
Hello everyone.
Often creating complex business application using SharePoint Online, I need to externalize business logic to external service in order to use .net code and third-party assemblies.
In my case I'm developing a Rest Service hosted by an Azure Web Site.
My question is:
Can I obtain an access Token from SharePoint, containing the current user information, pass it to external Rest Service and then reuse it to return to SharePoint using the current user credentials?
Can you give be documentation about it?
Thanks,
Sergio
Regards,
Bubu
http://zsvipullo.blogspot.it
Please mark my answer if it helped you, I would greatly appreciate it.
Can you give me more details on this.
Currently i am assuming it like this
You have a SharePoint online where you are running workflow from where you call an external rest service request.
from this rest service you want to query sharePoint online using Current user context.
if that is the case the above method can be also and cannot be ni will explain how
when you care an app than you can get data from sharePoint using 2 authentication context 1 is User 2nd is App Only.
but to create a user context / access token user must be present as it uses browser redirection to generate a token and pop up a dialog to user to provide credentials.
but to get the app only context you can do it without any pop or user interaction where you call the sharepoint using app client ID and Secret.
now it depends on your requirement what you want to do if your external rest service just require current user information from sharepoint than you can modify your Opeartion contract so that you can pass current user name in Rest method body param. and use
the app only access token to get data filtered by current user Name.
So there are possibility if you can explain in detail what exactly you want to do than we can figure out a solution for you.
Whenever you see a reply and if you think is helpful,Vote As Helpful! And whenever you see a reply being an answer to the question of the thread, click Mark As Answer
Similar Messages
-
Rest service DELETE doesn't work with OSB
Hi,
I am using OSB 11g, I am using OSB proxy to monitor external rest services call. I've created a business service that point to the external rest service and I created a proxy that is routed to my business service. I modified the flow by adding a piplinepairNode -->requestPipline-->stage -->created two assign and created two variable one for the id and another one for the productID. Then I modified the business service flow as follow:
created two insert, one to define the method, which is DELETE and another one to set the relative-URI to the productID variable and I set the response to replace the . in the body with $body, following this post: http://blogs.oracle.com/jeffdavies/entry/restful_services_with_oracle_s_1
When I test it using osb console Execute, I can see my productID variable is set to $inbound and it is passed all the way to the business service, where it should call the external rest service with the relative-URI, which is set to my productID. it doesn't work, I get 404 error, which is undefined, I believe the reason is because business service is trying to call the external rest service with
http://localhost:{port}/deleteProduct and the rest service expect this URL
http://localhost:{port}/deleteProduct/2 or {productID}
can you please help and tell me what I'm doing wrong?
appreciate any kind of help
Thanks
M.Please refer -
http://blogs.oracle.com/jeffdavies/entry/enhanced_rest_support_in_oracl
Regards,
Anuj -
Cannot register ISE endpoint through External RESTful Interface
The ISE External RESTful Service API says that the endpoint registration request should have an Accept header, but the example given uses a Content-Type header. When I try to use an Accept header, I get a Resource media type exception titled "Wrong media type, check Content-Type request header". Using the Content-Type request header results in a CRUD operation exception titled "Canot find endpoint with ID register". It looks like the server thinks this is an update endpoint request. The update endpoint API also has an Accept header in the description, but a Content-Type header in the example. Detailed information follows
Request: PUT
URL = https://192.168.001.001:9060/ers/config/endpoint/register
Content-Type header = application/vnd.com.cisco.ise.identity.endpoint.1.0+xml
Content =
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:endpoint
xmlns:ns2="ers.ise.cisco.com"
xmlns:ns3="identity.ers.ise.cisco.com" id="endpointID" description="description-465">
<link type="application/xml" href="https://192.168.001.001:9060/ers/config/endpoint/endpointID" rel="self"/>
<groupId><groupID</groupId>
<identityStore></identityStore>
<identityStoreId></identityStoreId>
<mac>00:11:22:33:44:90</mac>
<portalUser>user90</portalUser>
<profileId>profileID-46</profileId>
<staticGroupAssignment>true</staticGroupAssignment>
<staticProfileAssignment>false</staticProfileAssignment>
</ns3:endpoint>
Response:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:ersResponse
xmlns:ns2="ers.ise.cisco.com" operation="PUT-update-endpoint">
<link type="application/xml" href="https://192.168.001.001:9060/ers/config/endpoint/register" rel="related"/>
<messages>
<ns2:message type="ERROR" code="CRUD operation exception">
<title>Canot find endpoint with ID register</title>
</ns2:message>
</messages>
</ns2:ersResponse>
Any help would be appreciated.This could be server side error type 500 I think
-
Hi all,
I kindly ask if it's possible to expose a REST web service with PI to be called from an external application.
I've created many scenarios in wich I created a SOAP service (from service interface) in PI and I was able to call the service from an external application (e.g. SOAPUi).
Is it possible to make the same thing exposing a REST service (the url should contain parameters).
I've seen some discussions and blogs with examples of usage of "SOAP Axis" but it seems it's be possible only to invoke an external service.
Is it possible also to create a REST web-service?
If yes could you please provide examples or step-by-step procedure?
Thanks in advance for any help.
Stefano.Hi Stefano,
please check the below link where REST adapter key features.
>>>I kindly ask if it's possible to expose a REST web service with PI to be called from an external application.
It can be used to expose internal applications as REST services or to consume external REST services by calling these services from SAP PI.
http://scn.sap.com/community/pi-and-soa-middleware/blog/2011/11/08/rest-adapter-for-netweaver-sap-pi
Thanks and Regards,
Naveen -
Dynamic Invocation on REST Services
Hi,
I am new to OAG. Couldnt find documentation on below questions. Can you please provide inputs.
Question's:
1. Would it be possible to use single policy to invoke few external REST services. We want to externalize the URL in "Routing-->Connect to URL" activity.
2. For some cases we would like to Set target URL based on the Request Relative URL. Is this possible?
Thanks
Ramana.Hi Stefan,
One other question.
I would like to extract value from the variable ${http.request.path}
Ex: If ${http.request.path} = /test/ramana/details, I would like to define variable say "customer" and assign "ramana" to customer.
Use Case: I want to set this variable "customer" to "Service Context".
I tried to use "Extract Path Parameters", ad explained in Extract Path Parameters
But I am unable to add success path from Extract Path Parameters to Set Service Context .
Policy Path:
Extract Path Parameters --> Set Service Context --> Connect to URL.
Can you please help.
Thanks
Ramana. -
Hi,
I have a little problem, maybe it is stupid but... I'm invoking an external restful service using bpel component and http binding. In bpel component I have receive, invoke and reply elements. I'm sending a request and I know that is bad so I should get response with some message but I received empty payload like this:
<env:Envelope
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://www.w3.org/2005/08/addressing">
<env:Header>
<wsa:MessageID>urn:D91BC430F07D11E2BFAD03BF00B9D76D</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:FaultTo>
<wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
</wsa:FaultTo>
</env:Header>
<env:Body>
<processResponse
xmlns="http://xmlns.oracle.com/RestTest1/RestTest1/BPELProcess1"/>
</env:Body>
</env:Envelope>
I know tha my restful service response is:
<HTML>
<HEAD>
<TITLE>Error 400 Bad Request</TITLE>
</HEAD>
<BODY>
<H1>Error 400 Bad Request</H1>
<H2>Request-URI is in an unknown single-character namespace.</H2>
</BODY>
</HTML>
What can I do to see this response i my bpel process response? It is a problem that I get HTML? In osb I see every error, message... Other thing is when I'm using mediator component I get fault with message invalid or null response. I want to see in my response what restful service send me back.
Thanks in advance,
AdrianReading the docs on RESTFul services
http://www.ddj.com/architect/199902676
http://www.webreference.com/programming/basic_soa/
It is not in BPEL. The question we can ask is, why do you want RESTFull service. Looking at the difference:
!http://www.webreference.com/programming/basic_soa/table3-1.gif!
SOAP services overlaps the functionality of RESTFull. Only RESTFul do not have a WSDL definition.
Marc -
Invoking an external web service through a JCD with Basic Authentication
Group,
I am trying to invoke an external web service (written in ASP.Net) from a jcd (5.1.2). The web service is guarded by Basic Authentication. I have entered the crudentials into the External Web service environment component and deployed the project. I receive the following error from the .invoke() method:
request requires HTTP authentication: Unauthorized
I have tried the same request through SoapUI using the same crudentials and get back the response correctly. Has anyone tried invoking an external web service with basic authentication through a jcd in 5.1.2 before?
One other item of note. I have another jcd calling a different external web service deployed on the same domain. I hope that this isn't interfering with the execution of this service as it doesn't require any crudentials to execute.Hey Chris.
I am just starting to write a jcd that calls an external web service but cannot find any sample code nor instructions on how to do it in the supplied documentation. Could you send me a code sample from your one?
Cheers
Matt -
Issue with calling external web service with authentication details ...
Hi,
I am facing a deployment issue with Oracle ESB. I am trying to call an external Web Service with authentication from ESB SOAP Service. It is working fine with my local ESB version 10.1.3.3.0 Build PCBPEL_10.1.3.3.0_GENERIC_070615.0525; however it is getting an error at our development ESB version 10.1.3.3.1 Build PCBPEL_10.1.3.3.1_GENERIC_RELEASE.
I am getting following error.
An unhandled exception has been thrown in the ESB system. The exception reported is: "org.collaxa.thirdparty.apache.wsif.WSIFException: exception during SOAP invoke: Server was unable to process request. ---> Object reference not set to an instance of an object.; nested exception is: javax.xml.rpc.soap.SOAPFaultException: Server was unable to process request. ---> Object reference not set to an instance of an object. at com.collaxa.cube.ws.wsif.providers.oc4j.jaxrpc.WSIFOperation_JaxRpc.populateFaultMessage(WSIFOperation_JaxRpc.java:3086) at com.collaxa.cube.ws.wsif.providers.oc4j.jaxrpc.WSIFOperation_JaxRpc.invokeOperation(WSIFOperation_JaxRpc.java:1728) at com.collaxa.cube.ws.wsif.providers.oc4j.jaxrpc.WSIFOperation_JaxRpc.invokeRequestResponseOperation(WSIFOperation_JaxRpc.java:1473) at com.collaxa.cube.ws.wsif.providers.oc4j.jaxrpc.WSIFOperation_JaxRpc.executeRequestResponseOperation(WSIFOperation_JaxRpc.java:1196) at oracle.tip.esb.server.common.wsif.WSIFInvoker.executeOperation(WSIFInvoker.java:867) at oracle.tip.esb.server.common.wsif.WSIFInvoker.nextService(WSIFInvoker.java:770) at oracle.tip.esb.server.common.wsif.WSIFInvoker.nextService(WSIFInvoker.java:790) at oracle.tip.esb.server.service.impl.outadapter.OutboundAdapterService.nextService(OutboundAdapterService.java:208) at oracle.tip.esb.server.service.impl.outadapter.OutboundAdapterService.processBusinessEvent(OutboundAdapterService.java:127) at oracle.tip.esb.server.dispatch.InitialEventDispatcher.dispatchNonRoutingService(InitialEventDispatcher.java:118) at oracle.tip.esb.server.dispatch.InitialEventDispatcher.dispatch(InitialEventDispatcher.java:95) at oracle.tip.esb.server.dispatch.BusinessEvent.raise(BusinessEvent.java:1424) at oracle.tip.esb.utils.EventUtils.raiseBusinessEvent(EventUtils.java:112) at oracle.tip.esb.server.service.EsbRouterSubscription.onBusinessEvent(EsbRouterSubscription.java:307) at oracle.tip.esb.server.dispatch.EventDispatcher.executeSubscription(EventDispat
Could one of you please help me out to understand why it is happining.
Thanks in advance.
Jyotirmoy.Hi Mahesh,
One you are missing is authentication token or credentials.
Please refer to the following articles.
http://www.cleverworkarounds.com/2014/02/05/tips-for-using-spd-workflows-to-talk-to-3rd-party-web-services/
A Series of articles related to Web Service in SPD Workflow
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 1
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 2
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 3
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 4
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 5
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 6
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 7
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 8
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 9
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 10
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 11
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 12
Please don't forget to mark it answered, if your problem resolved or helpful -
[OSB1031] how to call a RESTful service from OSB with authentication
Hi all,
I called successfully a RESTful service from OSB.
We have a business service, named OrderTracer, that wraps the call to the RESTful service.
The RESTful service requires an authentication so we are trying to find out how the OSB business service should authenticate itself against the RESTful service.
In addition the RESTful service accepts username/password coded as base64.
So we defined a Service Account with static resource type and we added the reference to this service account in the business service.
But when the OSB business service calls the RESTful service, we got an error:
<fault>
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380000</con:errorCode>
<con:reason>Unauthorized</con:reason>
<con:location>
<con:node>RouteNode</con:node>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>
</fault>
Does anyone have any hint ?
Any clue would be of great help.
Thanks in advance
ferpHi,
There's a sample on JSON REST here...
http://java.net/projects/oraclesoasuite11g/downloads/download/OSB/osb-206-JSONREST.zip
For other samples, see this...
http://java.net/projects/oraclesoasuite11g/pages/OSB
Cheers,
Vlad -
Authentication : accessing an LDAP via an external web service ?
Hi,
I know it is possible to use an external web service to authenticate a user on a portal.
But I would like to know it is possible for a user to :
- open hiw browser and navigate to the Enterprise Portal
- the portal is asking a user and password
- then the portal call a web service giving the user/password
- the web service (enternal and already existing) check the authentication through the LDAP
- the web service reply OK/NOK to the portal with a SAP USER ID (or another information)
- the portal if authentication ok send a logon ticket to the user
I didn't find any clear information telling it is possible.
So if someone can help on this matter ...
Many thanks.
Naguy C.
Edited by: NAGUY CAILLAVET on Feb 13, 2009 2:28 PMHello,
First, thank you Sandor for your answer.
I understand that it is possible to create a BPEL process that exposes multiple operations/messages. This would be exactly what I need: a single process (web service) that will expose many operations. Could anyone, please, point me to such an example?
So far I thought that there is possible to have only one operation exposed with a BPEL process, what is delimited between the receive/reply blocks (in the synchronous case).
Regards,
Marinel -
Is it possible to invoke an external REST web-service hosted in WebLogic web application from an Adobe LiveCycle Process (ES-4) with parameters as input and manipulating the response depending on the type of parameters it gets back. Then invoking an Adobe Form and prepopulating the Form based on the response parameters? Do you have sample projects that do this invocation. The part highlighted in red is what I need examples.
You can simply use "Execute Script" operation in Workbench and make use of java.net.URL. Below links should help :
http://www.mkyong.com/webservices/jax-rs/restfull-java-client-with-java-net-url/
http://www.adobe.com/devnet/livecycle/articles/building-xml.html
http://help.adobe.com/en_US/livecycle/9.0/workbenchHelp/help.htm?content=000581.html
Hope this helps.
-Wasil -
Getting "Origin is not allowed" When Trying to Invoke RESTful Service from Another Domain
I am having problems trying to invoke my RESTful web service from a different domain. I'm well aware of the normal restrictions of cross-site / cross-domain scripting but in Oracle documentation it says that all origins are allowed by default when creating a RESTful service without using authentication.
I have created a very simple service and am trying to invoke it using jQuery.Ajax calls from a different domain and I am getting XMLHttpRequest cannot load http://address_to_my_web_service. Origin http://calling_from_address is not allowed by Access-Control-Allow-Origin.
I understand that using JSONP instead of JSON is actually the best practice around cross-site scripting but it appears as though APEX does not support JSONP because with JSONP, there are URI parameters added to the base request (callback).
I am stuck and would greatly appreciate any help.
I'm starting to wonder if this could be a bug because Oracle documentation says all origins should be allowed when using a service that does not require authentication. I also tried to force the origin to be allowed by typing it in and also using the wildcard '*' and it still did not work.
Thanks,
Mark Williamson
EDIT: It is now working after adding a URI prefix to my web service module.The SSL handshake works differently to a browser as it is making the connections automatically.
The browser asks every time if you want to trust an expired certificate, and it also recommends not to. Its impractical to manually check every service call to say do you trust the certificate so the functionality doesn't exist. I doubt any integration product does this. Therefore there isn't a option to ignore the certificate if it has expired.
This makes sence as the certificate is untrustworthy. The whole idea around SSL is trusting the site you are communicating with, all parties need to be trusted. This stops hackers from replicating their site and intercepting data.
If the administrator of the remote site is not willing to renew the certificate, are they really interested in SSL. I suggest they expose a non SSL service.
cheers
James -
Consuming an External Web Service using HTTPS and WS Security
Hello everyone,
I'm having a problem setting the security information in a SOAP header using a generated ABAP Client Proxy to consume an external web service that requires a User ID and Password in the Header section of the SOAP message. I need to use HTTPS. I'm on a WAS 7.01 SP08 system so from my readings, SAP is supposed to be able to add the username and password into the header section of the message. I can't seem to get SAP to add this information added to the header.
Here are the steps that I have taken to set the security values.
1) Created the client proxy from the WSDL in SE80. Basic Authentication on the Configuration tab was turned on automatically.
Note, Transport Security is set to None. I cannot change it.
2) Created an outbound set user name profile in transaction WSPROFILE with the appropriate username and password.
3) Added the profile to the default port in transaction LPCONFIG as an outbound under the WS Security section of the screen.
When I called the external Web Service, I got back the following error message:
com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5509E: A security token whose type is [http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken] is required.
So, after reading through this Forum, I saw that I needed to use the SOAMANAGER. I set up a Proxy in the SOAMANAGER and manually created the Logical Port. This was the only way I could figure out how to set the Authentication Settings in the Logical Port to "User ID / Password". I then entered the User ID and Password.
However, I am still getting the same error message. I feel I am close but missing some small configuration to tell SAP to use WS Security with a Username token.
I'm not sure what I'm doing wrong, so any help would be appreciated.
Thanks,
StephenI had this error again so I thought I would post my solution:
The issue is SAP needs to know the certificates being used by the web site being called. These certificates are automatically installed in your browser but need to be manually installed in SAP. This is what I did:
How to find/install new certificates
Make sure you run Internet Explorer as an Administrator so you can export the certificates
Go to the web site that SAP is trying to call in Internet Explorer
Double click on the lock in the address bar
View certificates
Find the certificates that are being used
Tools --> Internet Options --> Content --> Certificates
Click on the “Trusted Root Certification Authorities” tab
Find the certificate identified in step iii
Export as a CER certificate
Click on the “Intermediate Certification Authorities” tab
Find the certificate identified in step iii
Export as a CER certificate
Go to STRUST in SAP
Import the Certificates in the “Anonymous” or “Standard” SSL client
Save
RESTART the ICM via t-code SMICM <-- Critical!!!
Test -
External Web Service - User and password in HTTP header
Hi!
How is it possible to add user and password in the HTTP header in a external web service call?
I have created a "Portal Service from WSDL file - Client side" with the wizard in SAP Developer Studio. I following the Java Development Guide - Web Service Security, and use the <i>secured service connection</i>. I have also created a new <i>System Landscape</i>, but should the new system be based on HTTP, my own PAR or what?
How can I check that the user and password is added to the HTTP header or the SOAP envelope? Do I have to scan http traffic with a proxy as Paros or can I find the request sent from SAP EP in the logs?
Cheers
AsleHello All,
I have been struggling a bit while putting a reasonable security framework on a jax-rpc style web service. I'm using JWSDP1.2 to set up the webservice. I've tried to outline my problem below. Please correct me where I'm wrong.
I've been through the Sun's WS tutorials, but they are not really clear on security. However, from them I surmised that there are two decent authentication techniques. HTTP Basic and mutual authentication (MA) . Both have their drawbacks though. HTTP Basic suffers from poor encryption while MA is a bit difficult to set up on both client and server sides. Another problem with MA is that there is no central repository for users/passwords.
OK, what I would really like to do is use my own user database to verify users/passwords i.e. use a HTTP Basic like authentication (but at application level) but run it over SSL for encryption. It seems simple, but is it possible?
Also, I have noted that when I use HTTP Basic on the service side, and use a java client, then setting username/password has no effect. In other words, I can always access the web-service, even with wrong username/password.
Sorry for the long post. Hope someone can help. Thanks. -
Help: consuming an external web service with user name token
Hello Together!
I need to consume an external web service secured with WS-UserNameToken. The way, how did I do it:
1. I generated a web service consumer (proxy) in SE80 from the wsdl file
2. I created logical port for the consumer in SOAMANAGER
3. I created security profile in WSSPROFILE with telpmate SET_USERNAME and assigned it to consumer operation in LPCONFIG (I use LPCONFIG, because I didn't find any way to do it in SOAMANAGER)
3. I called the web service and got the error back: session token is missing or invalid or has inspired
My questions are:
1. is this possible to consume an external webservice in SAP, which is secured with WS-Usernametoken?
2. do I need therefore any settings in java stack? do I need java stack in general?
3. Is this any way to configure the consumer without writing programs, which set header parameter manually?
4. if the answer on the third question is no, do you have any examples, how to implement session management in report? (I mean sending session id and checking the validaty of id)
I appriciate any help of you!
best regards AnnaHi,
it should be possible to use WS-UserNameToken for consuming web service. It should be available on AS BAP 7.0 and higher. This profile should be under category Document authentication. You can try to dump a message send from SAP to see what is going out of SAP. This should be supported in ABAP so you don't need a Java stack. What exactly do you want to configure? Do you want to just set user name and password for that service which will be used for any calls of that proxy?
Cheers
Maybe you are looking for
-
When will I ACTUALLY get my new phone
Ordered my iphone 6 on 10/2 with a ship date of 10/31. Never got any kind of notification that it wasn't going to ship until I got an email on the afternoon of 10/31. Now it supposedly will ship 11/10. Should I expect to get my phone before Christmas
-
several of my songs in itunes gives me the can't locate ! sign. in going to the info for each of those songs i noticed the path to locate the file was in proper format except for the slash marks which were / instead of \ . how can i change the slas
-
Win 7 won't recognize Japanese Apple Keyboard
Hi I have installed Windows 7 on my iMac using Bootcamp. As I frequently type in Japanese in my Mac environment I have an Apple Japanese USB Keyboard attached. Windows 7 only recognizes it as a Apple US keyboard. Does anyone know how to change? I hav
-
Downloading as .txt including header,itab footer with specific path
i have a specifix path like C://asd , an internal table itab, and a footer and header. I tried to use GUI_DOWNLOAD but, i can only send an internal table to this function. I need to download these things .txt like this format The account 21324.23
-
HT4864 How do I directly change the incoming mail server for icloud in Mail? It's grayed out.
How do I directly change the incoming mail server for icloud in Mail? It's grayed out. I ask this because I have suddenly stopped receiving most e-mails in Mail. I've found that my incoming mail server (p01-imap.mail.me.com) is different from what