HTTP header question

Similar Messages

• Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method

  Hello SDN community,
  in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
  As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
  I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
  My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
  Is there an application to be built on the java stack to deal with the authentication, modify http header?
  What will the Java stack return? a sap long ticket? a token?
  How will the redirect work (to by example a BSP which is in the ABAP stack)?
  SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
  A lot of questions about how this SSO http header should work,
  I would be very greatful for any help, or info,
  Kind regards,
  Tanguy Mezzano

  Hi Tanguy,
  to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
  Here are some answers to your question:
  in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
  The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
  My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
  You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
  So everything's is in a Java Client application without using any redirection.
  If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
  No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to  procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
  That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
  This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
  The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
  This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
  I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
  So my problem now, is how to call the servlet from the client browser:
  I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
  <FORM method="POST" action="SSORedirect2" >
  A JSP is a servlet too. There is just no JAVA Class involved!
  You do not need any POST Request to invoke a Servlet.
  I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE web-app (View Source for full doctype...)>
  - <web-app>
    <display-name>WEB APP</display-name>
    <description>WEB APP description</description>
  - <servlet>
    <servlet-name>SSOredirect2</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
    </servlet>
  - <servlet>
    <servlet-name>SSORedirect2.jsp</servlet-name>
    <jsp-file>/SSORedirect2.jsp</jsp-file>
    </servlet>
  - <security-constraint>
    <display-name>SecurityConstraint</display-name>
  - <web-resource-collection>
    <web-resource-name>WebResource</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
  - <auth-constraint>
    <role-name>DefaultSecurityRole</role-name>
    </auth-constraint>
    </security-constraint>
  - <security-role>
    <role-name>DefaultSecurityRole</role-name>
    </security-role>
    </web-app>
  If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
  e.g.
  <servlet>
    <description>
    </description>
    <display-name>AuthenticatorServlet</display-name>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <url-pattern>/AuthenticatorServlet</url-pattern>
  </servlet-mapping>
  You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
  I have also to pass my http header and the redirectUrl in the GET request.
  If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
  I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
  Thx for your input very helpful,
  But again 0 points
  Cheers

• SSRS web services 401 if you pass "Authorization" http header

  We use both SSRS 2008 R2 and 2012. When i access a report using url access (direct ssrs server hit) and add a "Authorization: Bearer xyzelkalklsjsdfalsjdf" http header, i get a 401 from somewhere in the request pipeline. I have a custom httpmodule
  registered at the top of the chain which does some OAuth related security checks. But when this header is included, the request never reaches the httpmodule. If i change the header slightly ex: "YAuthorization: ljlxzcvc..", then the request reaches
  the httpmodule and everything works. So obviously SSRS is looking for a particular header named "Authorization" and does something with it. Point to note: we have implemented a custom forms authentication module and we are doing some rich authorization
  using the extensible ssrs api. 
  Now my questions are:
  1. What is happening here? Who is acting on my request before my HttpModule registered on top in ssrs\reporting service\web.config gets it?
  2. How do i ensure my httpmodule executes before whatever component is terminating my request with a 401

  Sorry if this sounds like I am new to this but I am.
  So, the extended version is the format that would be used if you were not utilizing the files that the wsdl2java function creates?
  And this is done to when you want more flexibiility for the user to call your service?
  So, you would push to have the stub files used when you want to control how the web service is used?
  thanks for the feedback.

• ESB requires "SOAPAction" to be set in HTTP header?

  I'm trying to insert an ESB flow between an existing web service and client. The service and client were previously built with Apache Axis.
  By generating an appropriate WSDL (doc/wrapped rather than Axis' default RPC style) for the existing service, I'm able to connect the ESB to the service.
  The problem is that the existing client (built using Axis) sets the SOAPAction in the HTTP header to empty (SOAPAction: ""), and the ESB appears to require this to be set to the desired operation. If this is a hard requirement, then I can't directly connect the existing client to the ESB flow.
  So, the question is whether it's possible to have the ESB relax the requirement for the SOAPAction header. And if so, how?
  If I can't get the ESB to accept SOAP requests with an empty SOAPAction, then I'll have to create a custom adapter or insert an additional proxy layer (yuk). Anyone else have any suggestions?

  This is all done automatically by FB.
  Just to try something out I just now made a simple app with a label only and tried to upload to Google... FAILED!!!!
  "Market requires versionCode to be set to a positive 32-bit integer in AndroidManifest.xml"
  LOL, FB can't even create this. :-/
  <?xml version="1.0" encoding="utf-8" standalone="no"?>
  <application xmlns="http://ns.adobe.com/air/application/3.1">
  <!-- Adobe AIR Application Descriptor File Template.
            Specifies parameters for identifying, installing, and launching AIR applications.
            xmlns - The Adobe AIR namespace: http://ns.adobe.com/air/application/3.1
                                The last segment of the namespace specifies the version
                                of the AIR runtime required for this application to run.
            minimumPatchLevel - The minimum patch level of the AIR runtime required to run
                                the application. Optional.
  -->
  Message was edited by: KesherMedia.Com

• HTTP Header fields in SOAP adapter - Part 2

  Hi All,
  With regards to my previous thread HTTP Header fields in SOAP adapter
  my header issue is solved and hence I have closed the thread but still I am not able to make the connection successful. The new problem is below
  My vendor requirement is to specify the header as "Ent-sender" but when we give the same in XI in communication channel it automatically convets into uppercase "ENT-SENDER".  Due to case-sensitive in vendor server the connection is not gettingestablished.
  Please help me out how to solve the problem.
  <b>Note:</b> Sorry for the new thread as it was created due to new problem and also the previuos thread is already too long.
  Regards,
  Dhill

  Hi Neaves,
    Thank you, I jave seen the note and find the below solution will be some what realated to my prblem.
  <u><b>The nosoap mode lets the adapter send the XI payload directly without wrapping it in the SOAP envelope. Although the main use of this mode is to send some plain text content directly to some web server, one can use this mode to send their own SOAP message (e.g., with arbitrary headers) to an external web service (See related questions). In this case, the XI payload must be formatted in the SOAP envelope.
             To use the nosoap mode, the channel must be configured to use no SOAP envelope.</b></u>
  If yes, can you please let me know how to use nosoap mode otherise let me the other possibilities.  I am already using tcpg2.zip to trace the SOAP adapter in which it was confirmed that XI is changing the header automatically into CAPS whatever case we give,
  Regards,
  Dhill

• HTTP Header parameters in iView.

  Hello,
  My question is how to build an iView that will call
  some application by URL, but will also provide a few
  parameters in http header? Should it be a Java iView,
  or it can be done with iView based on URL iView
  template?
  Thank you,
  Yuri

  Hi,
  Use the Application integrator iView type (can be DL from the SDN) and after create an asp file like:
  <%
  String Username_Value = ""; // get it from request an code it
  String Password_Value = ""; // get it from request an code it
  %>
  <HTML><HEAD></HEAD><BODY>
  <form id="formX"
  name="formX"
  method="POST"
  action="http://system.domain.int/test/domcfg.nsf/PassToLdap?
  openagent&UrlPath=mail"
  style="DISPLAY:none">
  <input type="hidden" name="UserID" value="
  <%=Username_Value %>">
  <input type="hidden" name="UserP" value="
  <%=Password_Value %>">
  </form>
  <SCRIPT>
  formX.submit();
  </SCRIPT>
  </BODY></HTML>
  then create a system and  create an iView based on that system.
  it cannot be a url iView.
  Tuval

• Can I send an HTTP Header from an iView

  Hello Developers,
  I'm trying to run an external web application from a URL iView.  In the URL I point it to a reverse proxy that starts the web application.  The reverse proxy requires a user name in the field HTTP_USER.  Sending a value as a URL Parameter doesn't work.
  My question is, can I include the Portal users name in a HTTP Header and sendt the Header from the iView?
  Thank you

  Hello,
  you can get the servlet response and set a header value using the following code :
  HttpServletResponse res = aRequest.getServletResponse(true);
  res.setHeader("header name","header value");
  Hope it helps.
  Regards
  Guillaume

• How to set custom HTTP header for single sign on

  Currently we just begin to use an application called "etran". This application requires user name and password to login. Now, my assignment is to integrate etran application in our internal application. This means that somewhere in our internal application, there is a link leads to the etran application.
  It is going to be single sign on, that means that once user logs into our internal application, when he/she clicks on the etran link, no sign on to etran is needed.
  I consult with the technical people in etran. they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?
  Thanks in advance for your help.

  sharon38_74 wrote:
  they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?Your application need to act like a proxy. You can invoke a HTTP request programmatically using java.net.URLConnection. You can set request headers using URLConnection#setRequestProperty(). Also see the API docs: [http://java.sun.com/javase/6/docs/api/java/net/URLConnection.html]. You only need to know the header field name where to set the Base64-encoded value in. You need to Base64-encode the value yourself.

• Custom Inserted HTTP Header not showing up in Iplanet Logs

  ALL:
  I have some iPlanet Enterprise/6.0 web servers sitting behind a LoadBalancer. The LoadBalancer is setup in an 'one-armed mode', and takes a client HTTP request passes it onto the server, but during this process, changes the client source IP to that of local static IP that the LoadBalancer has. Due to our setup we cannot change this.
  By changing the client source IP to a local address, we have lost any useful user session tracking that was done by source IP.
  To get around this, I have the LoadBalancer inserting an HTTP header with the client real source IP. Reading the NSAPI Programmer's Guide (Table 7-1 "http://docs.sun.com/source/816-5686-10/07_magnu.htm"), there is an option "%Req->headers.headername%" that can be used with 'flex-int' to log any header value.
  My output from snoop looks as follows:
  HTTP: ----- HyperText Transfer Protocol -----
  HTTP:
  HTTP: GET /plugin.do HTTP/1.1
  HTTP: OrigClientAddr:10.5.4.28
  HTTP: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
  HTTP: Accept-Language: en-us
  HTTP: Accept-Encoding: gzip, deflate
  HTTP: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  HTTP:
  I have set the value to "%Req->headers.OrigClientAddr%" and it still does not show up in the log file. Any clues?
  Works fine in Apache with:
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{OrigClientAddr}i\" \"%{User-Agent}i\"" headerinsert
  CustomLog logs/access_log headerinsert

  Always nice to find resolution to one's own question.
  Fix was to change the header value to all lower case.
  From:
  "%Req->headers.OrigClientAddr%"
  To:
  "%Req->headers.origclientaddr%"

• HTTP Header SOAPAction Problem

  hi Everyone,
  this is an extract of my test soap program:
  SOAPConnectionFactory soapfactory = SOAPConnectionFactory.newInstance();
  SOAPConnection connection = soapfactory.createConnection();
  URL endpoint = new URL("http://url.asmx");
  MessageFactory messagefactory = MessageFactory.newInstance();
  SOAPMessage message = messagefactory.createMessage();
  SOAPPart soapPart = message.getSOAPPart();
  SOAPEnvelope envelope = soapPart.getEnvelope();
  SOAPBody body = envelope.getBody();
  soapFactory = SOAPFactory.newInstance();
  Name insertNewUser = soapFactory.createName("insertNewUser","","namespace");
  SOAPBodyElement bodyElement = body.addBodyElement(insertNewUser);
  response = connection.call(message, endpoint);
  response.writeTo(System.out);
  connection.close();when i send the call, this the response from the server:
  <?xml version="1.0" encoding="utf-8"?>
  <soap:Envelope xmlns:soap="...">
  <soap:Body>
  <soap:Fault>
  <faultcode>soap:Client</faultcode>
  <faultstring>Server did not recognize the value of HTTP Header SOAPAction:.</faultstring>
  <detail />
  </soap:Fault>
  </soap:Body>
  </soap:Envelope>
  This is my question:
  How can I set the HTTP Header SOAPAction?
  Thanks.
  Roberto

  Hi try out the following code.
  MimeHeaders hd = message.getMimeHeaders();
  hd.addHeader("SOAPAction", "http://tempuri.org/HelloWorld");This will add the SOAP Action header to ur HTTP headers.
  Regards
  Aditya

• ACE One-Arm Source-NAT HTTP Header Insert

  Hellow ACE Gurus,
  This is probably a dumb question but I'm looking for info on HTTP Header Insert for SSL sessions.  Does the HTTP header re-write action list work for SSL traffic?  I guess I'm not clear on whether or not the header is encrypted and if the ACE can modify on an HTTPS session.  Any input would be greatly appreciated.
  /r
  Rob

  Hi Rob,
  When using HTTPS, all the data is encrypted, including the HTTP headers.
  In such a situation, if you want to insert headers (or do any other kind of L7 processing), you will have to configure the ACE to do SSL termination. Once the connection is decrypted, the ACE can do any processing it needs before sending the connection towards the server either in clear text or again using HTTPS.
  I would recommend you to have a look at the link below. This is an example of how to configure an ACE for end-to-end SSL (so, HTTPS on both sides of the ACE). In the example, the only L7 processing that is being done is matching on the URL, but it would be enough to replace that part with whatever header insertion commands you need
  http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
  If you still need more help to understand any of the points involved in the process, please, do not hesitate to contact me again.
  Regards
  Daniel

• OAM 10.1.4.3 HTTP Header authentication. Any documentation?

  Thanks in advance,
  I've located a document that outlines how to achieve this in a 10.1.3.x environment here:
  http://download.oracle.com/docs/cd/B31017_01/web.1013/b28957/coreid.htm
  under the "Web Application Using HTTP Header Variables through Oracle Access Manager" heading.
  I have two questions:
  1. Is there any updated documentation for 10.1.4.x as there are different.
  2. I'm using the oracle HTTP server as a reverse proxy and have my webgate installed there. The instructions assume you are using OC4J and ask you to make modification to files that do not exist in an OHS scenario. How can I configure my HTTP server to pass through the headers to the access server for authentication?
  Damion

  Did you figure this out, Damion? We're facing a similar issue and I can't find any documentation anywhere...

• Load Balance Reverse Poxy using ACE and HTTP Header Sticky

  Dear all,
  I have a reverse proxy that makes HTTP and HTTPS requests to an ACE.
  For implement persistence I want to configure HTTP HEADER Stickyness using the X-Forwarder-For information but I don't know:
  How to implement it ( I'l apreciate a little example about it).
  Which values I need for OFFSET and LENGHT fields.
  Can you help me please?
  Thanks a lot!!

  Hi Cesar.
  Thanks a lot for your answer but I think you misunderstand the question or I'm not explaninig very well
  I don't need to insert anything.
  The serverfarm X will be accesed by a reverse proxy. This reverse proxy already inserts the X-Forearder-From header, so the request from the reverse proxy comes with this header to the serverfarm X.
  The problem is that now, the serverfarm X sticky the client based on source IP. This is a wrong behavior becasue all the request comes form the same source (Reverse proxy) and all the load forwards to the same real IP address.
  This is because I want to change the sticky from source IP to HTTP header and looks for the X-Forwarder-For filed.
  Hop it will clarify the question!

• Cisco CSS - modify http header

  hi, i need to modify http hearder with the client IP address. need to modify any of the folowing fields:
  1) FROM -> with client IP address
     CLIENT IP -> with Client IP address
  2) X-Forwarded-For -> with client IP address
  3) REMOTE_ADDR -> with client IP address
  please advise how do to modify http header with option 1 or 2 or 3.
  Thanks.

  Hi Gavin
  I think I misread your question.
  Question first.  Is your CSS configured with one arm and doing client source natting and the server needs to see the real ip address of the client? Is that the reason why you want to insert x-forward-for header with the clients real IP address?
  I did some search with CSS but  the CSS doesn't seem to support this feature.
  If you need to see the actual client ip address from the server, then you can do pbr from the router rather than client source natting.
  regards
  Andrew

• SSO to other apps via HTTP header variable

  We are on NW EP6.0 SP16. We need to add the "user id" as http header variable so that other apps which are non SAP can access our header variable and log on with that user id. Is this available by default? Or we want to achieve this how best we can achieve this.
  We can use the code to get the user id and add it to header variable. If we use this route which is the jsp page we need to add the code?
  Thanks

  Hi,
    we can you login modules provided by SAP to accomplish this.. you can use header variable authentication login module to acheive your requirement.
    please refer: http://help.sap.com/saphelp_nw04/helpdata/en/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
  Hope that helps.
  Regards,
  S.Divakar