HTTP/SPNEGO Authentication

Similar Messages

• Logoff not working after SPNego Authentication

  Hi Experts,
  Configured SPNego authentication sucessfully.
  But after clicking logoff button again logged in back again.
  As per some advice, done as follows
  Example: Portal SSO URL: http://portal.example.com
  Create a URL like http://nonssoportal.example.com (Create the name in the DNS and point it to the IP of your portal server)
  Changed the logoff paramter to point to the new URL. After restart once logoff clicks went to new URL but still SSO ticket authenticating.
  I need to get the login page again so that i can login with administrator or other test user IDs.
  Please post your suggestions.
  Regards,
  Raja. G

  Hi,
  Created the alias for that server and made the logoff URL as http://<alias of the server>:<port>/irj/portal.
  Now am able to achieve the login page however it is asking for the windows authentication while logging off.
  If we click cancel then we can able to achieve the login page.
  Any idea to avoid the popup for asking windows credentials?
  Regards,
  Raja. G

• SPNego authentication to Portal

  Hi
  Can anyone tell me whether SPNego authentication would work when you call the Portal via a web dispatcher? I can authenticate automatically when calling the Portal directly so I know it's configured and working when called directly.
  We have hidden our servers behind a VLAN and allow access only via the web dispatchers.
  Thanks
  Mark

  Thanks Patrick
  Have you got this scenario working yourself?
  I have the following scenario. False names to protect the innocent!!!
  Lets assume Portal server is called - pserver1.sap.somedomain.com
  N.B. Sits in subdomain sap of domain somedomain.com
  It is fronted by two load balanced web dispatchers in the parent domain somedomain.com
  webdisp1.somedomain.com
  webdisp2.somedomain.com
  load balancer is referred to as webdisp.somedomain.com
  To gain access to the portal the dispatcher is running on port 8107 on both web dispatchers
  so...
  Direct access to portal is
  http://pserver1.sap.somedomain.com:50000/irj/portal
  Web dispatcher access is
  http://webdisp.somedomain.com:8107/irj/portal
  Because i'm not sure I have grasped the full implications of Kerberos realms I have set up the following on both domains. It's overkill I know but I wanted to be sure.
  service user s-sid-j2ee on DC for sap.somedomain.com
  setspn -a HTTP/webdisp.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/webdisp1.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/webdisp2.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/pserver1.sap.somedomain.com s-sid-j2ee
  service user s-sid-j2ee on DC for somedomain.com
  setspn -a HTTP/webdisp.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/webdisp1.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/webdisp2.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/pserver1.sap.somedomain.com s-sid-j2ee
  I configured the SPNEGO wizard with both realms and their respective service users.
  result
  I get logged in when accessing pserver1
  I don't when accessing via web dispatcher load balnced address or each individual web dispatcher.
  Any ideas?
  Thanks
  Mark

• Custom SPNEGO Authenticator

  I'm working on developing a custom spnego authenticator to JBoss. I saw a client example in Advanced JGSS Security Programming. But I haven't found if it's possible to develop a program that accepts a browser's token spnego in the server side. Is it possible in Java 6?
  Thanks a lot!!

  http://dev2dev.bea.com/utilitiestools/security.html

• How to access SOAP web service with authentication, HTTP basic Authentication

  Dear All
  i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
  http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
  http://forums.adobe.com/message/4262868
  private function authAndSend(service:HTTPService):void
          var encoder:Base64Encoder = new Base64Encoder();
          encoder.insertNewLines = false; // see below for why you need to do this
          encoder.encode("someusername:somepassword");
          service.headers = {Authorization:"Basic " +encoder.toString()};                                               
          service.send();
  Also i noticed in debug mode, always that WARNNING raised up
  Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml.  The 'secure' attribute is only permitted in HTTPS and socket policy files.  See http://www.adobe.com/go/strict_policy_files for details.
  any idea ?

  Hello,
  I don't know if this could help.
  Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

• How to call a web service from BPEL that requires HTTP basic authentication

  Hi All,
  I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
  I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
  I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
  I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
  Can anyone help?
  Thanks,
  Mark Nelson

  Thanks Bas,
  I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
  <property name="basicHeaders">credentials</property>
  <property name="basicUsername">WMDATA</property>
  <property name="basicPassword">WMDATA</property>
  Instead of:
  <property name="httpUsername">WMDATA</property>
  <property name="httpPassword">WMDATA</property>
  I don’t know why this is, maybe because it is an Axis Web Service.
  Sorry for wasting your time.
  Regards Pete

• Securing Web Applications by HTTP Basic Authentication

  We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General  TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
  regards,
  J.Iswaryal
  K.Brinda

  Hi J.Iswaryal,
  I guess two things based on your post.
  1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
  2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
  <b>For, point one,</b>
  After creating web service goto webservice perspective in NWDS. there, choose your web service project.
  Now, open Web service configuration file recided in your project.
  Here, go under config1-> security and double click on it.
  It will display security options for this web service.
  Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
  Now, save this, rebuild this and deploy on server.
  <b>For point 2,</b>
  Make model for your web service.
  before calling your web service, set your username and password in code as shown below.
  wdContext.current<web service model node>element().modelobject()._setusername(<username>);
  wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
  Rehards,
  Bhavik

• HTTP/SPNEGO for "SSO" on MS Windows

  HTTP/SPNEGO for "SSO" on MS Windows
  Hi all of you !
  The scene is simple : I got a software (All in plain java ) and some simple web access to this system. ( it's not a real web server wich will be in need for Apache or some big container it's just a few access to some informations of the software )
  The client company is all MS Windows, and it's used to some SSO approach,
  they got a AD server on Win2003, all laptops are under winXP Pro and got IE at least version 6
  Now The question is this ;
  I got
  -a guy (properly authentified) who is
  - using IE (properly setted)
  - on a computer (properly attached to AD)
  to access a ressource URL of my app
  It's quite simple to send him a http 401 or 407 so IE go back to the AD server and get its token
  BUT how can I manage in java to extract the account used by the client
  from the SPENEGO token ? this is all I need
  I cant find any help on this, So please if someone can help me in this...
  I'm lost ... Thanks in adavnce for a simple hint or a url linking me on the good path

  I forget :
  Ok for the configuration, thanks to some of your posts (thanks all)
  I know all the importants steps to be followed
  For exemple I quote danielshrem last post on the thread http://forum.java.sun.com/thread.jspa?forumID=545&threadID=760214
  <quote>
  Hey Seema,
  Indeed my server's principal was not the correct one, now everything is cool with rc4 encryption.
  for all u dudes out there in need of Java HTTP kerberos auth here's a few simple configuration procedures:
  1. on the Domain Controller add an HTTP SPN to the account running the web service (use setspn.exe). the SPN has to be in format HTTP/host@Realm or HTTP/host (this SPN worked for me). if u dont know exactly which SPN u need u can sniff an HTTP session on ethereal look for Kerberos AP Req-->ticket-->Server Name. from what i gather this is the principal the clients use.
  2. on the DC add a mapping to the newly created SPN (use ktpass.exe)
  3. on the host running the service create a keytab file containing the newly created HTTP principal (use java's ktab.exe)
  4. make sure the SPN is set up OK by running kinit and pass the newly created keytab file and the newly created SPN.
  once u recieve an ok result you are good to go (login and authenticate users)
  hope this helps
  Daniel.
  </quote>
  My problem (I know it must sounds stupid) : how do I extract the login account from this ?

• Enabling HTTPS level authentication in SOAP adapter (PI 7.1)

  Hi,
  I am using SOAP to SOAP scenario using HTTPS level authentication in PI 7.11
  As per the SAP Note https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=891877
  We have enabled HTTPS level authentication in sender communication channel using SOAP adapter (version 7.0).
  But We are not able to have the HTTPS level authentication option in sender communication channel using SOAP adapter (version 7.1) while selecting the adapter type.
  Please suggest on this

  Hello Gabriel,
  You are right,  that option is still available in PI 7.1
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/fc/5ad93f130f9215e10000000a155106/frameset.htm
  But disappeared in PI 7.11
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/3555240bea31c3e10000000a42189d/frameset.htm
  The closest seems to be under Security Profile S/MIME. And when you use the sender cc in sender agreement, you are given the choice for validation/decryption/decryption and validation/validation and decryption.
  Hope this helps,
  Mark

• Calling Web Service with Http Basic authentication in SOA 11g

  I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
  Am i missing some steps?
  Please let me know.
  Note - I am working on SOA 11.1.1.4.
  Regards
  Ayush

  Hi Ayush,
  Please refer -
  http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
  Regards,
  Anuj

• Problems with HTTP Client Authentication in jdev 10.1.2.17.84.

  Hi,
  I've told HTTP Client Authentication doesn't work in jdev 10.1.2.17.84. I need users to be authenticated using a certificate so I'm trying several workarounds but none seems to be valid. Any help?
  Thanks.
  Luis Serrano.

  been there done that.. ive decompiled the oc4j code, debuged down to the core... its big waste of my time... :(
  my advice to you is to leave it.. if you do not plan to use oracle ldap sso or xml provider you can do nothing... your hands are tied... they hardcoded everything and if you want more than classic "username & password" custom login module you will have to change oc4j...
  there is no point to make a custom loginmodule which utilize a client certificate because oracle JAZN do not suport that type of login module!
  just implement a login filter and manage authentication and authorization yourself... just like steve muench did in his java store demo - he didnt use JAZN... :)
  anyway current approach do not allow you to leverage JAAS in ADF model layer so why bother to have that in the view/controller layer anyway...
  and if i understood correctly oracle plans big changes in this area in the next jdeveloper release, and they alredy said that custom login modules would be depreciated in the next releases...

• BPEL to invoke Webservice secured with HTTP Basic authentication

  Hi All,
  Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
  1) Created Target Synchronous process ex : B
  2) Created Source Syncronous Process ex : A
  Iam trying to call B(Target) from A(source).
  3) Open Composite.xml of A(Source)
  4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
  5) Under Security tab attach oracle/wss_username_token_client_policy
  6) Login to em/console
  7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
  8) Enter username and password under HTTP Basic Authentication.
  9)Test from em.console(when we are testing under security tab I have checked None radio button)
  So this is the Error message which is throwing.
  ==================================
  The selected operation process could not be invoked.
  An exception occured while invoking the webservice operation. Please see logs for more details.
  oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
  java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
  =======================================
  Please let me know if Iam missing any steps.
  Thanks
  SSV

  Followed this post.......
  This is avery good question
  in 11g i have taken out the steps from my document which i created for one our customer
  go to composite
  Right click on the external reference service and select “Configure WS policies” :done
  Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
  6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
  7. Include the “oracle.webservices.auth.username--> :done
  value-->password :done
  8. Include the “oracle.webservices.auth.password”-->name :done
  value-->password :done
  Thanks
  SSV

• How set  UserName and Password for HTTP Basic Authentication for a servlet

  Hi..
  How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
  Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
  But i dont know how do it in JBOSS..
  I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
  Thank u

  Hi Raj,
  You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
  Store the user information in a database table and check the username and password when the user enters it.
  You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
    CASE sy-ucomm.
      WHEN 'BACK'.
        LEAVE PROGRAM.
      WHEN <fcode for submit>.
        SELECT SINGLE uname pwd
         FROM <DB table>
         INTO (user, pass)
         WHERE username = user AND
                 password = passwd.
        IF sy-subrc = 0.
  <Go to next screen for further processing>
        ELSE.
  <Display Error message and exit>
        ENDIF.
    ENDCASE.
  Regards,
  Amit
  Message was edited by:
          Amit Kumar

• HTTP Basic authentication for proxy service and its wsdl?

  Hello:
  For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
  My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
  Is this possible to configure on OSB / WLS? How?
  Greetings!
  Edited by: user4483647 on 02-sep-2010 12:59
  Edited by: user4483647 on 02-sep-2010 13:25

  If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
  http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
  Edited by: mneelapu on Apr 2, 2009 2:09 PM

• OSB: HTTP digest authentication for WebServices

  Hi,
  How do I configure HTTP digest authentication for WebServices offered by the OSB (Proxy Services with WS as transport)?
  Best regards
  Dimo

  Did you figure out how to do it.?