HTTPS Authentication

Similar Messages

• Basic http authentication not working when consuming Web Service in BPEL.

  Hi,
  I am consuming an AXIS Web Service from BPEL 10.1.3. The Web Service uses basic http
  authentication so we need a way to get username and password into the http
  header. In the Oracle BPEL Process Manager Administrator's Guide 10g
  (10.1.3.1.0) section 1.3.4.1 HTTP Basic Authentication (10.1.2.0.2) is stated
  that this can be done using the properties httpUsername and httpPassword. I
  have set the 2 for the partner link in bpel.xml but username and password does
  not get in to the http header. Has anybody got an idea?
  Regards Pete

  I'm having the same sorts of problems with 10.1.3.1.0. I've got a deployed BPEL suitcase that's trying to hit a BASIC AUTH-secured web service running on a WebLogic 8.1 server. I've set up my partner link according to the documentation, and the BPEL console Descriptor tab even shows the parameters correctly:
  partnerLinkBindings      
  client      
       wsdlLocation      awardService.wsdl
  spsAwardSubmitPartnerLink      
       basicHeaders      credentials
       basicUsername      ko1
       basicPassword      xxxxx
       wsdlLocation      IAwardDraftServiceRef1.wsdl
  However, when I funnel the resultant call to the endpoint specified in IAwardDraftServiceRef1.wsdl, none of the fields I would expect show up in the HTTP header:
  POST /pd2WebServices/service/IAwardDraftService HTTP/1.1
  Host: vm-orcl-app-srv:4444
  Connection: Keep-Alive, TE
  TE: trailers, deflate, gzip, compress
  User-Agent: Oracle HTTPClient Version 10h
  SOAPAction: ""
  Accept-Encoding: gzip, x-gzip, compress, x-compress
  Content-type: text/xml; charset=UTF-8
  Content-length: 3800
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Body><IAwardDraftSubmitNew xmlns="http://www.caci.com/pd2/pub">
  <IAwardDraft>
  <accessController/>
  <agreementEndDate/>
  Is there some other configuration piece I'm missing?? I've tried the other variation using httpBasicHeaders, with the same results. I even noted that the "Oracle® BPEL Process Manager Administrator's Guide" says that "Starting with Oracle BPEL Process Manager release 10.1.3, all partner link properties are automatically propagated into the HTTP header." I've tried putting "extra" parms in the partner link bindings, but they don't show up either.
  What am I missing??
  Thanks,
  Mike

• Issue with HTTP Authentication

  I am trying to implement an authentication/timeout
            system whereby the initial login is done by a standard
            HTML form (posted). When the session times out and the
            user requests a service, the session is "revived" by
            custom HTTP Authentication. In this way, a complex set
            of frames and multiple windows is not disrupted by a
            new window.
            The problem is that one a user HTTP Authenticates, the
            AUTHORIZATION header value stays until the browser is
            closed. Consequently, the user never has to
            authenticate again, even when the session times out,
            because when the servlet requests authorization, it is
            right there in the servlet request.
            So my question is, how do I clear or remove the
            AUTHORIZATION header item from the client ?
            Thanks.
            //Nicholas
            

  Hi,
  Opened a TAC and he confirmed that 8.2.1 supports the SDI for http/asdm authentication.
  http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html#wp340497
  Regards
  Amar

• How do we determine the HTTP authentication header for our hosted solution?

  How do we determine the HTTP authentication header (adobeconnect_admin_httpauth) from our hosted solution? The documentation says to find it in a custom.ini file but I have no clue how to access that.
  I need to supply that to the adobeconnect plugin used with a Moodle instance, screnshot below.
  If it helps, when I click "Test Connection", I see the following output.
  A series of tests have been run in order to determine whether the Adobe Connect Pro server has been properly setup for this integration to work and to also determine whether the user credentials provided in the activity global settings has the correct permissions to perform the neccessary tasks required by the activity module. If any of the tests below have failed, this activity module will not function properly.
  For further assistance and documentation in how to set up your Adobe Connect Pro server please consult the MoodleDocs help page for this activity module Help page
  Sending common-info call:
  successfully obtained the session key: na11breezrirhb4f4ryf5shqy
  successfully logged in as admin user
  Testing retrevial of shared content, recording and meeting folders:
  error obtaining shared content folder
  XML request:
  <?xml version="1.0" encoding="UTF-8"?> <params><param name="action">sco-shortcuts</param></params>
  XML response:
  <?xml version="1.0" encoding="utf-8"?> <results><status code="no-access" subcode="no-login"/></results>
  error obtaining forced-archives (meeting recordings) folder
  XML request:
  <?xml version="1.0" encoding="UTF-8"?> <params><param name="action">sco-shortcuts</param></params>
  XML response:
  <?xml version="1.0" encoding="utf-8"?> <results><status code="no-access" subcode="no-login"/></results>
  error obtaining meetings folder
  XML request:
  <?xml version="1.0" encoding="UTF-8"?> <params><param name="action">sco-shortcuts</param></params>
  XML response:
  <?xml version="1.0" encoding="utf-8"?> <results><status code="no-access" subcode="no-login"/></results>
  error creating meeting testmeetingtest folder
  XML request:
  <?xml version="1.0" encoding="UTF-8"?> <params><param name="action">sco-update</param><param name="type">meeting</param><param name="name">testmeetingtest</param><param name="folder-id"/><param name="date-begin">2015-03-14T06:53:39.000+00:00</param><param name="date-end">2015-03-14T07:53:39.000+00:00</param></params>
  XML response:
  <?xml version="1.0" encoding="utf-8"?> <results><status code="invalid"><invalid field="folder-id" type="id" subcode="format"/></status></results>
  error creating user testusertest
  XML request:
  <?xml version="1.0" encoding="UTF-8"?> <params><param name="action">principal-update</param><param name="first-name">testusertest</param><param name="last-name">testusertest</param><param name="login">[email protected]</param><param name="password">9B396EA828A00203FB3E8E69010FE537</param><param name="extlogin">[email protected]</param><param name="type">user</param><param name="send-email">false</param><param name="has-children">0</param><param name="email">[email protected]</param></params>
  XML response:
  <?xml version="1.0" encoding="utf-8"?> <results><status code="no-access" subcode="no-login"/></results>
  What are we missing?
  Thanks!

  Here is the docuementation for loging in with an HTTP Headder Adobe Connect 9 * Log in from an application
  Seeing as there may be some modification to files on the server, you may need to work with Adobe Support to see if they can be modified in the Hosted environment.Adobe Connect Help | Adobe Connect Support

• Adobe PDF Viewer X in Safari 5 not displaying documents protected by HTTP Authentication

  I have the latest Adobe Reader X release (10.0.0) for Mac OS X 10.6 in Safari 5.0.3. The PDF Viewer is unable to display files hosted on directories protected by HTTP Authentication. The progress bar keeps spinning forever.
  I've tried it on several Macs and various Apache web servers, with both Basic and Digest Authentification.
  Adobe PDF Viewer running on Mac OS X 10.5 doesn't have this problem. Adobe PDF Viewer X running on Windows XP with Safari 5 doesn't either. So it is specific to the latest release for Mac OS X 10.6.
  Any idea for a fix? I can't revert to a previous version of Reader since the older plug-in doesn't run in 64-bit Safari (the default on Snow Leopard) - please don't tell me to force Safari to run in 32-bit mode.
  Is it at least a known bug that will be fixed soon?

  You mean disabling HTTP Authentication? Yes, of course. And it works without it. That's how I know that the cause of the problem is HTTP Authentication.

• Video behind http authentication does not play in Safari on iOS8.

  Videos (quicktime and probably others) that are sitting behind http authenticated sites do not play properly in IOS8. This is true even with the new 8.0.2. When clicking on the mov file, Safari starts the integrated player (the player with the play button), but nothing plays and you can't press the play button.
  Since I have access to the Apache web server that serves up the video, I can see what's happening on the backend. I see that Safari or the iOS video player Safari starts up fails to pass the authentication credentials to the server. I see a bunch of http 401 error messages (failed authentication) in the logs. When moving the same video to a not authenticated site, iOS8 does the right thing.
  iOS7 (and before) and Safari on OSX does the right thing on authenticated sites. It authenticates properly with the server and plays the video.
  Chrome on iOS8 also doesn't work either. Safari and Chrome use different versions of webkit, so I'm assuming its the video player that the browsers call on that's not passing the authentication off to the web server when making the http request.
  Anyone else run into this problem or have a workaround? I reported this as a bug, but Apple hasn't acknowledged it yet.

  I also have the same Exact Problem, only your explanition appears more technical and understandable. This problem appears more severe on YouTube.com videos and alike, however it is also severly choppy and problematic on other sites. Surprisingly Live Broadcast videos work better than not Live videos, however this is not something I'd like when my data isn't throttled yet. I crosstested it to see if there is any issues on my iPhone 4S (iOS 6, last version) and Galaxy S4 (Android Kit Kat, last version on S4) and there is no issues on those devices so it is an iOS 8(+0.1/0.2) and iOS 8.1 problem and I am 100% confident about it. 
  I do think it is the video player's problem with Websites and Webstreaming. There is no problems playing music videos on my device's storage. I didn't get that many error messages but it just doesn't play properly on Safari and Chrome, like what you are experiencing too. I may go ahead and report it too because it is gotten to a point where it is annoying to watch videos. It is not just an over 4G (+ or - LTE) only issue, it is also via Wifi even so it is a tad better. I can't tolerate playing a video 15 seconds in, have to wait 15 more seconds for it to play, it plays to 0:35 then I have to wait 15 more seconds. Even a 240p video, it does it so, it is clearly not a tolerable bug. I don't have a work around so far (tried everything from reset to wipe the phone and reinstall all the apps). 
  My Device is an iPhone 6+ with iOS 8.1 (yes, it is not just exclusive to the iPhone 5S. I assume it also effects the iPhone 6 based on technical specifications).

• Webservice with HTTP authentication

  Hi,
  how do i supply the userid an password for a http authenticated webservice.  I already choose the option for http authentication on the security tab on the logical port.
  Alos tried to find it in the Visual Admin to the server but i am stuck.
  Greetings Danny.

  There are two ways to do this
  <b>Option 1: Hard code the Username/Password</b>
  For this, use the method _setUser and _setPassword.
  These are methods for your model class Request_<WebService>_PortType.... (the model class for the webservice). I invoked these methods in the wdDoInit method of the component controller class.
  For example, i imported the WSDL for the RFC SXMB_GET_MESSAGE_LIST and used it like this:
  Request_SXMB_GET_MESSAGE_LISTPortType_SXMB_GET_MESSAGE_LIST oRequest =
  new Request_SXMB_GET_MESSAGE_LISTPortType_SXMB_GET_MESSAGE_LIST();
  oRequest._setUser("bcuser");
  oRequest._setPassword("password");
  <b>Option 2: Use HTTP Destinations</b>
  Open Visual Administrator and goto node Services, Destination Service. Create a HTTP destination with the URL of the webservice, maybe choose basic authentication and give the username / password. Now, you could use this HTTP destination in the component controller class. Even though there is a method _setHTTPDestinationName, this did not work for me. I had to write the following code to retrieve the URL, username, password from the HTTP destination
  import javax.naming.Context;
  import javax.naming.InitialContext;
  import javax.naming.NamingException;
  import java.net.HttpURLConnection;
       InitialContext ctx ;
       Object obj;
       DestinationService dstService;
       Destination destination;
       HTTPDestination httpDestination ;
       HttpURLConnection httpurlconnection = null;
       Properties destprop = null;
       String url = "";
       String username = "";
       String password = "";
            ctx = new InitialContext();
            obj = ctx.lookup(DestinationService.JNDI_KEY);
            dstService = (DestinationService) obj;          
            destination = dstService.getDestination("HTTP","NC_IS");
            destprop = destination.getDestinationProperties();
            httpDestination = (HTTPDestination) destination;
            url = httpDestination.getUrl();
            username = destprop.getProperty("USERNAME");
            password = destprop.getProperty("PASSWORD");  
  (I know the java code sucks and the purists will hang me; nevertheless it works)
  Besides the code, you need to do the following as well:
  (1) In the Package explorer, select your project, right click, cick on "Set Additional Libraries.."
  (2) Select security.class and tc/sec/destinations/interface
  (3) Click on menu Project > Properties, goto Webdynpro refereces node in the tree and add the following
      (a) Interface References: tcsecdestinations~interface
      (b) Service References: tcsecdestinations~service
  All the best, try option 1 first before you embark on the second one.
  Regards, Parag.

• Http authentication failing on all sites, does not even prompt me for user/pass

  Hi,
  After an apt-get update, sites that use HTTP authentication do not prompt for credentials and go straight to HTTP:401. It is only affecting this browser, others have no issues. I also updated a FF in Windows, no issues there after the update.

  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
  *Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
  *Do NOT click the Reset button on the Safe Mode start window
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• Embedding basic http authentication credentials in JNLP file

  I want to embed basic http authentication credentials in the JNLP file.
  Basically, I want the jars to be behind basic http authentication in order to distribute the application only to authorized users (I understand this is not strong security, but it's fine for my purposes) who are all on Windows, and once the java app is initially installed, I never want to have to enter the http login credentials again.
  So I set up the http authentication and in the jnlp file I have:
  <jnlp
       spec="1.5*"
  codebase="http://username:[email protected]"
       href="program.jnlp">
  This doesn't seem to phase the JWS authenticator. So on the first launch from the desktop shortcut I put the credentials in manually and select "save this password in my password list". It seems like I'm in the clear as the next time I launch the application from a desktop shortcut I am not asked for any credentials, but every time the Windows machine is restarted, I get the JWS authenticator again...the password is no longer saved.
  Is there a way to embed the username/password in the JNLP file to get past the JWS authenticator without having to retype the username and password every time the machine is restarted? Or to permanently save the password in the JWS authenticator password list? Or any other way to set it up where once the application is initially installed, the http authentication credentials never have to be manually entered again?
  Thanks!

  Hi everybody,
  I manage to do almost all (I suppose), but I need last help.
  Through SM59 I created the HTTP Destination needed; then, I implemented the code given by SAP here:
  http://help.sap.com/saphelp_47x200/helpdata/en/2d/64d053e74911d6b2e400508b6b8a93/content.htm
  I ran the program, and it gives me the error: "Binder not found for soapAction = null.
  I suppose that I should give the link to the soapAction, but I don't know where in the code.
  Have you any idea?
  Thanks and Regards,
  Francesco

• Access denied - http authentication

  Hi all,
  I have a java web service client that needs to connect to a .net web service. When I set up the client in Netbeans 6, the wizard asks to accept the certificate - which I do.
  The .net web services provider gave me a username and password to access the web service, but when I typed it in, I got an error.
  When I run the web service client, I get:
  com.sun.xml.ws.client.ClientTransportException: request requires HTTP authentication: Access Denied
  Where can I supply the authentication details for the client to access the server?
  Thanks and regards,
  Brenda

  Can someone PLEASE tell me how to perform HTTP authentication when connecting from a java webservice client to a .Net web service?
  I have tried:
  <code>
  ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "94648137");
  ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "Retail03");
  </code>
  but have had no luck. The web service is using LDAP authentication over HTTPS.
  TIA
  Brenda

• Ip http authentication aaa login-authentication doesnt work

  I have "ip tacacs source-interface Vlan1 " in my config because without it enabled I cant ssh in with tacacs. However, with that line in the config, I cant access via https unless I have the line "ip http authentication local"

  For http access , the user should have privilege level 15. This is how you enable it on acs.
  Bring users/groups in at level 15
  1. Go to user or group setup in ACS
  2. Drop down to "TACACS+ Settings"
  3. Place a check in "Shell (Exec)"
  4. Place a check in "Privilege level" and enter "15" in the adjacent field
  Regards,
  ~JG
  Do rate helpful posts

• Performing Basic HTTP Authentication on the iPhone

  Hi,
  I need to perform a HTTP Request with Basic Authentication on the iPhone. To perform the request I use the NSURLConnection and NSMutableURLRequest. The request basically works but I can't get the authentication working. Is there a "convenient" way to do HTTP authentication or do I have to do it by hand?
  Best regards,
  Michael

  Ok thanks - that explains it:
  From the Apple article: "
  Note: Touch ID cannot be used for purchases if Require Password in Settings > General > Restrictions is set to Immediately."
  Not sure why - but clearly intentional.

• Internationalizing Basic HTTP authentication browser dialog for UserID

  Is it possible to have multibyte user ID for Basic HTTP authentication? Based on RFC2617 user ID has to be *Text, which basically is ASCII. But I thought maybe someone has a workaround for this limitation. Our entire web app is internationalized, we use UTF-8 as encoding for JPS pages and request processing, and that all works fine, but there is one area where we use Basic HTTP authentication, and so far I was not able to find a way to internatianalize that. Once the resource is reqested, we process request in the servlet and if the user is not authenticated we send authentication challenge response to the browser. Response encoding is set to UTF-8. After user enters the credentials, I process those in the same servlet , again using UTF-8. Of course when I tried to input the japanese ( multibyte)userID, the authentication is failing. I think the browser is corrupting DBCS data once it Base64 encodes it... Does anyone have ideas whether it is possible to internationalize this at all?

  You'll probably need your own ServletFilter to process the authentication header, since servers will mostly decode headers in the locale encoding, regardless of any charset in the Content-type header of the request. Getting browsers to use UTF-8 encoding before base64 might be a bit tricky though.
  It is probably better to use form based login. The procedure for getting UTF-8 encoded form parameters is a well understood FAQ for this forum.

• Basic HTTP Authentication

  Hi everyone,
  I'm trying to make a portal/gateway environment where a user can be automatically logged in other applications using Basic HTTP Authentication.
  To do this I have enabled the Basic HTTP Authentication in the psconsole (under Secure Remote Access > default > Core).
  I have also added a couple of LDAP attributes in the Portal LDAP: sunPortalGatewayWWWAuthorization.
  Are these the only two steps needed? Or am I forgetting something?
  Could someone tell me how the values in the sunPortalGatewayWWWAuthorization can be formed? I am currently using someone else's code, which used to work on a Portal Server 6 environment. I'm not sure if I understand well how those Basic Authentication values are formed.
  Thanks a lot!
  Sten

  Thank you Yvan, for your reply.
  I have looked at the Access Manager in the old environment, and did not see any SSO functionality being enabled.
  The old environment does not have a psconsole, so I was not able to check the settings over there.
  What bothers me, is that I do not know what kind of values should be stored in the sunPortalGatewayWWWAuthorization attribute. A basic http authentication string would look like this: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
  (This would be a Base64 encoding of Aladdin:open sesame).
  But in the Portal LDAP it seems that everything is encoded in Base64. As far as I understand the code is doing the following:
  - Make-up string: "+hostname+|Authorization: Basic +username+:+password+"
  - additionally, it looks like the whole string is being encrypted too, using a PBEWithMD5andDES algorithm
  Is this a requirement for the Gateway? Or is this for some kind of security reason? And is this correct?
  Thanks,
  Sten

• HTTP Authentication problem

  http authentication giving some errors, portion of oracle authentication working fine. Please help me.
  Error is:
  Warning: Cannot modify header information - headers already sent by (output started at d:\inetpub\wwwroot\vars.php:5) in
  d:\inetpub\wwwroot\login.php on line 4
  Warning: Cannot modify header information - headers already sent by (output started at d:\inetpub\wwwroot\vars.php:5) in
  d:\inetpub\wwwroot\login.php on line 5
  My softwares are:
  PHP: 4.3.4
  OS: Windows 2000 Server          
  Oracle 8i client;
  Code is:
  -------------------- login.php ------------------------
  <?include"vars.php";?>
  <?php
  function authenticate() {
  header('WWW-Authenticate: Basic realm="My Realm"');
  header('HTTP/1.0 401 Unauthorized');
  exit();
  if(!isset($PHP_AUTH_USER)) {
  authenticate();
  echo "Authorization Failed.";
  exit;
  }else {
  $dbconn=ocilogon($dbUser,$dbPass,$dbName);
  $parsed=ociparse($dbconn,"select username from users where username='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'");
  ociexecute($parsed);
  $nrows = ocifetchstatement($parsed, $results);
  if ($nrows == 0) {
  authenticate();
  else {
  for ($i = 0; $i < $nrows; $i++)
  setcookie("USERID", $results["USERNAME"][$i]);
  $UserID = $results["USERNAME"][$i];
  ?>
  ------------------- vars.php ----------------------
  <?php
  $dbUser="scott";
  $dbPass="tiger";
  $dbName="db";
  ?>

  Is there any extra whitespace outside the <?php ?> tags?
  It might be treated as HTML text and cause the default
  header to be sent before authenticate() is called.
  There is something similar mentioned in this thread:
  Re: fetching blob results in "Call to a member function on a non-object "
  -- CJ