Internationalizing Basic HTTP authentication browser dialog for UserID
Is it possible to have multibyte user ID for Basic HTTP authentication? Based on RFC2617 user ID has to be *Text, which basically is ASCII. But I thought maybe someone has a workaround for this limitation. Our entire web app is internationalized, we use UTF-8 as encoding for JPS pages and request processing, and that all works fine, but there is one area where we use Basic HTTP authentication, and so far I was not able to find a way to internatianalize that. Once the resource is reqested, we process request in the servlet and if the user is not authenticated we send authentication challenge response to the browser. Response encoding is set to UTF-8. After user enters the credentials, I process those in the same servlet , again using UTF-8. Of course when I tried to input the japanese ( multibyte)userID, the authentication is failing. I think the browser is corrupting DBCS data once it Base64 encodes it... Does anyone have ideas whether it is possible to internationalize this at all?
You'll probably need your own ServletFilter to process the authentication header, since servers will mostly decode headers in the locale encoding, regardless of any charset in the Content-type header of the request. Getting browsers to use UTF-8 encoding before base64 might be a bit tricky though.
It is probably better to use form based login. The procedure for getting UTF-8 encoded form parameters is a well understood FAQ for this forum.
Similar Messages
-
JAAS NTLoginModule for basic http authentication
Hi all,
Can someone point me to the right direction on this subject? I'd like to use JAAS' NTLoginModule to get a user's credentials, then use those credentials to authenticate the user into something that requires a basic http authentication... specifically, a domino web service. (I don't want the user to have to type in his/her password).
First, is this even doable? and Second, what would I need to do to get this working?
Thanks in advance.I am using IIS 6 with Windows Integrated Authentication which passes all HTTP requests to Tomcat 5.5 for processing via the ISAPI plug-in jk1.2 It does nothing else. Don't ask the obvious, I can't tell you. It just is.
I have a new requirement for a new web application on our intranet. I would like to be able to identify my users without them typing anything in. How can I capture any part of the Window's user credential's from within my Java web application on Tomcat?
I'm looking at HttpServletRequest.getRemoteUser() and HttpServletRequest.getUserPrincipals() and I'm thinking I can (minus establishing my own Tomcat realms, etc...).
Any thoughts? Even if you don't know how, just tell me if you know this can be/is being done somewhere. -
Basic http authentication not working when consuming Web Service in BPEL.
Hi,
I am consuming an AXIS Web Service from BPEL 10.1.3. The Web Service uses basic http
authentication so we need a way to get username and password into the http
header. In the Oracle BPEL Process Manager Administrator's Guide 10g
(10.1.3.1.0) section 1.3.4.1 HTTP Basic Authentication (10.1.2.0.2) is stated
that this can be done using the properties httpUsername and httpPassword. I
have set the 2 for the partner link in bpel.xml but username and password does
not get in to the http header. Has anybody got an idea?
Regards PeteI'm having the same sorts of problems with 10.1.3.1.0. I've got a deployed BPEL suitcase that's trying to hit a BASIC AUTH-secured web service running on a WebLogic 8.1 server. I've set up my partner link according to the documentation, and the BPEL console Descriptor tab even shows the parameters correctly:
partnerLinkBindings
client
wsdlLocation awardService.wsdl
spsAwardSubmitPartnerLink
basicHeaders credentials
basicUsername ko1
basicPassword xxxxx
wsdlLocation IAwardDraftServiceRef1.wsdl
However, when I funnel the resultant call to the endpoint specified in IAwardDraftServiceRef1.wsdl, none of the fields I would expect show up in the HTTP header:
POST /pd2WebServices/service/IAwardDraftService HTTP/1.1
Host: vm-orcl-app-srv:4444
Connection: Keep-Alive, TE
TE: trailers, deflate, gzip, compress
User-Agent: Oracle HTTPClient Version 10h
SOAPAction: ""
Accept-Encoding: gzip, x-gzip, compress, x-compress
Content-type: text/xml; charset=UTF-8
Content-length: 3800
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Body><IAwardDraftSubmitNew xmlns="http://www.caci.com/pd2/pub">
<IAwardDraft>
<accessController/>
<agreementEndDate/>
Is there some other configuration piece I'm missing?? I've tried the other variation using httpBasicHeaders, with the same results. I even noted that the "Oracle® BPEL Process Manager Administrator's Guide" says that "Starting with Oracle BPEL Process Manager release 10.1.3, all partner link properties are automatically propagated into the HTTP header." I've tried putting "extra" parms in the partner link bindings, but they don't show up either.
What am I missing??
Thanks,
Mike -
Embedding basic http authentication credentials in JNLP file
I want to embed basic http authentication credentials in the JNLP file.
Basically, I want the jars to be behind basic http authentication in order to distribute the application only to authorized users (I understand this is not strong security, but it's fine for my purposes) who are all on Windows, and once the java app is initially installed, I never want to have to enter the http login credentials again.
So I set up the http authentication and in the jnlp file I have:
<jnlp
spec="1.5*"
codebase="http://username:[email protected]"
href="program.jnlp">
This doesn't seem to phase the JWS authenticator. So on the first launch from the desktop shortcut I put the credentials in manually and select "save this password in my password list". It seems like I'm in the clear as the next time I launch the application from a desktop shortcut I am not asked for any credentials, but every time the Windows machine is restarted, I get the JWS authenticator again...the password is no longer saved.
Is there a way to embed the username/password in the JNLP file to get past the JWS authenticator without having to retype the username and password every time the machine is restarted? Or to permanently save the password in the JWS authenticator password list? Or any other way to set it up where once the application is initially installed, the http authentication credentials never have to be manually entered again?
Thanks!Hi everybody,
I manage to do almost all (I suppose), but I need last help.
Through SM59 I created the HTTP Destination needed; then, I implemented the code given by SAP here:
http://help.sap.com/saphelp_47x200/helpdata/en/2d/64d053e74911d6b2e400508b6b8a93/content.htm
I ran the program, and it gives me the error: "Binder not found for soapAction = null.
I suppose that I should give the link to the soapAction, but I don't know where in the code.
Have you any idea?
Thanks and Regards,
Francesco -
Hi everyone,
I'm trying to make a portal/gateway environment where a user can be automatically logged in other applications using Basic HTTP Authentication.
To do this I have enabled the Basic HTTP Authentication in the psconsole (under Secure Remote Access > default > Core).
I have also added a couple of LDAP attributes in the Portal LDAP: sunPortalGatewayWWWAuthorization.
Are these the only two steps needed? Or am I forgetting something?
Could someone tell me how the values in the sunPortalGatewayWWWAuthorization can be formed? I am currently using someone else's code, which used to work on a Portal Server 6 environment. I'm not sure if I understand well how those Basic Authentication values are formed.
Thanks a lot!
StenThank you Yvan, for your reply.
I have looked at the Access Manager in the old environment, and did not see any SSO functionality being enabled.
The old environment does not have a psconsole, so I was not able to check the settings over there.
What bothers me, is that I do not know what kind of values should be stored in the sunPortalGatewayWWWAuthorization attribute. A basic http authentication string would look like this: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
(This would be a Base64 encoding of Aladdin:open sesame).
But in the Portal LDAP it seems that everything is encoded in Base64. As far as I understand the code is doing the following:
- Make-up string: "+hostname+|Authorization: Basic +username+:+password+"
- additionally, it looks like the whole string is being encrypted too, using a PBEWithMD5andDES algorithm
Is this a requirement for the Gateway? Or is this for some kind of security reason? And is this correct?
Thanks,
Sten -
Performing Basic HTTP Authentication on the iPhone
Hi,
I need to perform a HTTP Request with Basic Authentication on the iPhone. To perform the request I use the NSURLConnection and NSMutableURLRequest. The request basically works but I can't get the authentication working. Is there a "convenient" way to do HTTP authentication or do I have to do it by hand?
Best regards,
MichaelOk thanks - that explains it:
From the Apple article: "
Note: Touch ID cannot be used for purchases if Require Password in Settings > General > Restrictions is set to Immediately."
Not sure why - but clearly intentional. -
Removing Basic HTTP Authentication required by Adapter Engine
Hi guys,
can you please help me with this issue? I'm sending a SOAP requests to PI but I need to remove required authentication by WAS as the sending system is not able to provide username and password.
Thank you,
PeterPeter,
AFAIK if you remove authentication, it will remove it for all the SOAP scenarios and cannot be achieved for a single scenario.
Check the reply from Bhavesh in this thread:
Re: SOAP User ID/Password - Authoraization
If you want to refer more similar threads check this:
https://forums.sdn.sap.com/search.jspa?threadID=&q=%22remove+authentication%22&objID=f44&dateRange=all&numResults=15&rankBy=10001
Regards,
Neetesh -
how to generate basic http authentication code of type digest(auth_type="digest") using jdeveloper,
When the following code is used to authenticate the HTTP send request using "digest" authentication type. It gives the error below.
// authentication code
Properties props = new Properties();
props.put(OracleSOAPHTTPConnection.AUTH_TYPE, "digest");
props.put(OracleSOAPHTTPConnection.USERNAME, "userid");
props.put(OracleSOAPHTTPConnection.PASSWORD, "password");
m_httpConnection.setProperties(props);
//Error
[SOAPException: faultCode=SOAP-ENV:IOException; msg="WWW-Authenticate" header is incorrect; targetException=java.io.IOException: "WWW-Authenticate" header is incorrect]
at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
at oracle.soap.transport.http.OracleSOAPHTTPConnection.send(OracleSOAPHTTPConnection.java:765)
at org.apache.soap.messaging.Message.send(Message.java:125)
at mypackage1.SampleStub.Sample(SampleStub.java:184)
at mypackage1.SampleStub.main(SampleStub.java:57) -
Http authentication failing on all sites, does not even prompt me for user/pass
Hi,
After an apt-get update, sites that use HTTP authentication do not prompt for credentials and go straight to HTTP:401. It is only affecting this browser, others have no issues. I also updated a FF in Windows, no issues there after the update.Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
*Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
*Do NOT click the Reset button on the Safe Mode start window
*https://support.mozilla.org/kb/Safe+Mode
*https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes -
Default location for file browse dialog
OK, I know this is not solely an APEX issue, but is there a way that one can specify a starting location when invoking the file browse dialog?
I don't think there is a possibility to modify the file browse item. It is a security issue.
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.opal-consulting.de/training
http://apex.oracle.com/pls/otn/f?p=31517:1
http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
------------------------------------------------------------------- -
How do we determine the HTTP authentication header for our hosted solution?
How do we determine the HTTP authentication header (adobeconnect_admin_httpauth) from our hosted solution? The documentation says to find it in a custom.ini file but I have no clue how to access that.
I need to supply that to the adobeconnect plugin used with a Moodle instance, screnshot below.
If it helps, when I click "Test Connection", I see the following output.
A series of tests have been run in order to determine whether the Adobe Connect Pro server has been properly setup for this integration to work and to also determine whether the user credentials provided in the activity global settings has the correct permissions to perform the neccessary tasks required by the activity module. If any of the tests below have failed, this activity module will not function properly.
For further assistance and documentation in how to set up your Adobe Connect Pro server please consult the MoodleDocs help page for this activity module Help page
Sending common-info call:
successfully obtained the session key: na11breezrirhb4f4ryf5shqy
successfully logged in as admin user
Testing retrevial of shared content, recording and meeting folders:
error obtaining shared content folder
XML request:
<?xml version="1.0" encoding="UTF-8"?> <params><param name="action">sco-shortcuts</param></params>
XML response:
<?xml version="1.0" encoding="utf-8"?> <results><status code="no-access" subcode="no-login"/></results>
error obtaining forced-archives (meeting recordings) folder
XML request:
<?xml version="1.0" encoding="UTF-8"?> <params><param name="action">sco-shortcuts</param></params>
XML response:
<?xml version="1.0" encoding="utf-8"?> <results><status code="no-access" subcode="no-login"/></results>
error obtaining meetings folder
XML request:
<?xml version="1.0" encoding="UTF-8"?> <params><param name="action">sco-shortcuts</param></params>
XML response:
<?xml version="1.0" encoding="utf-8"?> <results><status code="no-access" subcode="no-login"/></results>
error creating meeting testmeetingtest folder
XML request:
<?xml version="1.0" encoding="UTF-8"?> <params><param name="action">sco-update</param><param name="type">meeting</param><param name="name">testmeetingtest</param><param name="folder-id"/><param name="date-begin">2015-03-14T06:53:39.000+00:00</param><param name="date-end">2015-03-14T07:53:39.000+00:00</param></params>
XML response:
<?xml version="1.0" encoding="utf-8"?> <results><status code="invalid"><invalid field="folder-id" type="id" subcode="format"/></status></results>
error creating user testusertest
XML request:
<?xml version="1.0" encoding="UTF-8"?> <params><param name="action">principal-update</param><param name="first-name">testusertest</param><param name="last-name">testusertest</param><param name="login">[email protected]</param><param name="password">9B396EA828A00203FB3E8E69010FE537</param><param name="extlogin">[email protected]</param><param name="type">user</param><param name="send-email">false</param><param name="has-children">0</param><param name="email">[email protected]</param></params>
XML response:
<?xml version="1.0" encoding="utf-8"?> <results><status code="no-access" subcode="no-login"/></results>
What are we missing?
Thanks!Here is the docuementation for loging in with an HTTP Headder Adobe Connect 9 * Log in from an application
Seeing as there may be some modification to files on the server, you may need to work with Adobe Support to see if they can be modified in the Hosted environment.Adobe Connect Help | Adobe Connect Support -
Hi All,
My Web application is FBA application and I am using the lists.asmx services in my custom webpart. To run this lists.asmx service in FBA enabled site we need to use Authentication.asmx service..
I referred this link:
http://social.msdn.microsoft.com/Forums/en-US/sharepointdevelopment/thread/21867e28-75d5-42c8-850b-bfb5c5894eed .
I wrote a code as mentioned in this article but now I am getting error "The request failed with HTTP status 401: Unauthorized " for Authentication.asmx service itself. Can somebody help me why it is not working even everything looks
correct?
Thank you.
Regards,
Rahul Shinde.Hi Rahul,
Give permissions to the user on the web application.
Central Admin -->Application Management --> Application Security -->Policy for web application --> Select the
web application --> Add User
For more information, refer to
http://microsoftdev.blogspot.com/2009/10/sharepoint-web-services-access-give.html
http://www.codeproject.com/Articles/24244/Access-a-Forms-Based-SharePoint-Site-s-Web-Service
Best Regards.
Kelly Chen
TechNet Community Support -
Hi team,
I have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)
I am very curious and it is important. I want to see how to achieve this with CISCO WLC !!!http://10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=www.geo.tv/
I wanted if someone connects to WLAN "MO-GUEST" automatically the user should be redirected to http://10.229.3.99/login.html and once authenticated by 10.229.3.99 , he/she should be allowed to access anything as normal. [ actually i just want automatic url redirection for the first time for the user of wlan "MO-GUEST"
waiting expert opinions. -
Safari 5.1 HTML5 HTTP basic access authentication issue video does not load
I have a .m4v video referenced in a page with the HTML5 video tag in a folder which is in a password protected folder housed on iPage.
Safari 5.0.5 plays the video fine. Safari 5.1 fails to load/play the video in the protected folder. If I move the video to a not protected folder, Safari 5.1 plays it fine.
This is on iPage. Back on MobileMe all is fine with 5.1.
I think this is a HTTP basic access authentication issue with 5.1.
Anyone have similar issue? Work around?Yes, I can also confirm this behaviour. This is in Safari 5.1.1, but I also see the exact same thing in WebKit nightlies.
-
HTTP Authentication Digest for SIP messages in a trunk SIP CUCME
Hello,
we would like to implement HTTP Authentication Digest for SIP messages in a trunk SIP between a Cisco 2851 and an Asterisk server.
We are using CUCM Express with 15.1(4)M (CME 8.6) as voice gateway to connect to PSTN.
According to Cisco documentation:
"To configure a gateway to use HTTP Authentication Digest, give the following command in each dial peer or SIP-UA configuration mode:
authentication username username password password [realm realm]."
The problem is that when call is from CISCO to ASTERISK, Asterisk sends a challenge to Cisco to do Authentication:
INVITE sip:[email protected]:5060 SIP/2.0
Via: SIP/2.0/UDP 10.0.70.11:5060;branch=z9hG4bK3E205D
Remote-Party-ID: "DN1001" <sip:[email protected]>;party=calling;screen=no;privacy=off
From: "DN1001" <sip:[email protected]>;tag=5317D4-2271
To: <sip:[email protected]>
Date: Thu, 20 Feb 2014 10:55:56 GMT
Call-ID: [email protected]
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 1679566433-2572423651-2156454406-1292596908
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Max-Forwards: 70
Timestamp: 1392893756
Contact: <sip:[email protected]:5060>
Expires: 180
Allow-Events: telephone-event
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 208
<--- Reliably Transmitting (no NAT) to 10.0.70.11:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.0.70.11:5060;branch=z9hG4bK3E205D;received=10.0.70.11
From: "DN1001" <sip:[email protected]>;tag=5317D4-2271
To: <sip:[email protected]>;tag=as665c9410
Call-ID: [email protected]
CSeq: 101 INVITE
Server: Asterisk PBX 11.7.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="559bd1d2"
Content-Length: 0
However, when call is for ASTERISK to Cisco, there is no challenge sent.
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 10.1.32.70:5060;branch=z9hG4bK0c57d67c
Max-Forwards: 70
From: "JOSE MANUEL" <sip:[email protected]>;tag=as2f789a9f
To: <sip:[email protected]>
Contact: <sip:[email protected]:5060>
Call-ID: [email protected]:5060
CSeq: 102 INVITE
User-Agent: Asterisk PBX 11.7.0
Date: Thu, 20 Feb 2014 09:58:27 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 282
<--- SIP read from UDP:10.0.70.11:60829 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.1.32.70:5060;branch=z9hG4bK0c57d67c
From: "JOSE MANUEL" <sip:[email protected]>;tag=as2f789a9f
To: <sip:[email protected]>
Date: Thu, 20 Feb 2014 10:58:27 GMT
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
SIP/2.0 180 Ringing
Via: SIP/2.0/UDP 10.1.32.70:5060;branch=z9hG4bK0c57d67c
From: "JOSE MANUEL" <sip:[email protected]>;tag=as2f789a9f
To: <sip:[email protected]>;tag=556830-757
Date: Thu, 20 Feb 2014 10:58:27 GMT
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
Allow-Events: telephone-event
Remote-Party-ID: "DN1001" <sip:[email protected]>;party=called;screen=no;privacy=off
Contact: <sip:[email protected]:5060>
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
My configuration in Cisco device is:
dial-peer voice 1 voip
description **Calls to ASTERISK **
destination-pattern 9T
session protocol sipv2
session target sip-server
codec g711ulaw
sip-ua
keepalive target ipv4:10.1.32.70
authentication username CCME password 7 070E234F4A realm asterisk
sip-server ipv4:10.1.32.70:5060
To avoid that the ASTERISK is blocked by Cisco TOLLFRAUD_APP I have added:
voice service voip
ip address trusted list
ipv4 10.1.32.70 255.255.255.255
allow-connections sip to sip
sip
registrar server
The issue is that I would like that Cisco also send a challenge to asterisk server to authenticate SIP messages.
Any ideas?.
Regards.Hello,
yes, but credentials command configure credentials that are used when Cisco UA must register in a server.
I do not need register Cisco into Asterisk server. What I want is that Cisco authenticate SIP messages that receive. I know
that can be enough with TOLLFRAUD_AP where remote IP is checked, but I want to do something like others routing
protocols (as OSPF, BGP) where every message must be authenticated.
Thanks.
Regards.
Maybe you are looking for
-
Three movies I bought from iTunes this morning do not show up on the 1st Gen AppleTV.
I understand some file formats are not compatible with AppleTV (1st gen) but these films were purchased directly from iTunes. One would assume they are formatted properly to work on Apple equipment, yes? Previously purchased movies show up on the A
-
My calendar is gone...HELP!!
I thought I was setting my iPad to backup to the Cloud. I must have done something wrong,since the next day I turned the iPad on and the entire calendar was blank. Before I do anything else stupid, I need to know how to recover my calendar. I rarely
-
Displaying data from a Database control
I'm retrieving data from a sybase database into a java class and then pass that through to my jsp page. This works fine, as long as the sql actually returns a value (This specific query only returns one or none records).
-
I apologize if this subject has been covered already. I am looking for help interpreting the .plist files. I am not a programmer - but trying to learn - so please be gentle with your answers:-) I know those files are written in XML language, and alth
-
BT ADSL2+ Activation Date Disappeared
On checking samknows regarding broadband in our area and noticing that BT changed the activation date for the enablement date of March 2010 after originally being marked for November 2008, the activation date has now disappeared again. Does this mean