OSB 11g - Authentication - Username and password in SOAP body

Similar Messages

• Avoid using Username and password in SOAP Envelope

  Hi Team
  I am working on calling the sercured web-service from PLSQL and able to call it successfully and get the response.
  In the SOAP envelope, I have header and body.
  Header contains the WS Security which includes username and password to authenticate the web-service and body contains the actual input pay load for service.
  Currently, header has username and password as 'hard-coded', is there a way to avoid the usage of username and password.
  We already tried to SIF for EBS methodology where in following steps are done:
  1) Create and event in EBS.
  2) Pass the event along with payload to SOA.
  3) SOA receives the event and triggers web-service and gets the response.
  4) Pass the response to EBS.
  This technique does avoid usage of username and password but takes 20 seconds to do the job. However, the appraoch above takes hardly 1 second.
  Please let me know in case any one has any idea on how to avoid credentials usage in SOAP envelope.
  Thanks
  Mirza Tanzeel

  How about doing away with that approach entirely?
  Password authentication requires one to keep a secret, secret. And that is the primary problem as how does one safely guard the secret, and manage the secret (by regularly changing)?
  Relying on secrets is a problem. I have never been a fan of password based security.
  Instead:
  a) use HTTPS to secure communication between sender and receiver
  b) use robust firewall rules to ensure that only sender is allowed to communicate with receiver
  c) implement sound network management and exception reporting (to detect and prevent violations on network infrastructure level)
  If you lack in the network infrastructure and administration areas, then:
  a) make the web service endpoint on server on localhost only (do not expose it to the outside world)
  b) establish a trusted ssh connection between sender and receiver using strongly encrypted RSA/DSA keys
  c) configure sender with a service that opens a reverse tunnel to target, exposing the web service as a local port on its localhost

• Username and password for SOAP sender call

  Hello,
  does anyone know how to provide the username and password to a SOAP sender call, e.g. XI receives the ws via soap and needs to know which userid and password to check. When you use a SOAP client they use basic authentication which sends the request first to XI and XI send a request back for password. This would work for an online app but not for ws from machine to machine. I read some docu about query strings but no where it has an example what to put either on the request URL, the adapter or the SOAP envelope. SOAP 1.1 seems to have left that open and IBM has an example using SOAP Header which did not work with XI.
  Thanks
  Stefan

  Hi,
  do you use the javax.xml.rpc.Call class? Because then
  you can supply username and password to the call via
  the addParameter method. I think I did that with XI 3.0
  and it worked. If you need more information please consult
  the javax.xml.rpc.Call javadoc.
  Best regards,
  Hermann

• Username and password through SOAP header

  Hi Gurus
  I am developing web service model in webdynpro by consuming third-party WSDL. This third party web service expecting me to send the user name &password through SOAP header.
  Can any body tell me how to pass the username password through SOAP header using webdynpro model?

  Hi,
     In WD there's no direct way to access the SOAP message header. If the web service defines implicit headers in JAX-RPC then you have to use the setProperty methods of the javax.xml.rpc.Stub interface so that the JAX-RPC handler can retrieve these via the getProperty methods.
  Regards,
  Satyajit.

• Dynamic Username and password in SOAP reciever

  Hi,
  We have a requirement where we have to post the data to a webservice using SOAP reciever. However, the challenge is that we have multiple username/PWD and based on a field in source message, decide at the runtime, which Username/PWD to choose.
  Please suggest how can we proceed.

  Authentication Keys
  If authentication is required for the receiver system, you can enter a password and a confirmation for each key value. This means that you do not need to write passwords in the enhanced message header.
  If you want to specify or display authentication keys, select View Authorization Keys.
  You can enter and confirm passwords for each authentication key value (TAuthKey or TproyxAuthKey).
  http://help.sap.com/saphelp_nw04/helpdata/en/29/5bd93f130f9215e10000000a155106/content.htm
  Add field inside SOAP header PI 7.1

• Username and password token retrieval from SOAP web services

  We are implementing one JAX-WS Web services which requires to retrieve the username and password in SOAP header elements and use those for further use/processing.
  When we are retrieving username/password it’s coming as null. Please help ...
  if (Boolean.FALSE.equals(context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY))) {     
  try {
  SOAPMessage sm = context.getMessage();
  //SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
  SOAPEnvelope envelope = sm.getSOAPPart().getEnvelope();
  SOAPHeader sh = envelope.getHeader();
  System.out.println("Message: "+envelope);
  System.out.println("Envelope: "+envelope);
  System.out.println("Header: "+sh.toString());
  Iterator it = sh.examineAllHeaderElements();
  while(it.hasNext()){
  System.out.println(it.next());
  String username;
  username = sh.getAttribute("Username");
  // username = sh.getAttributeValue("Username");
  //String password = sh.getAttribute("Password");
  System.out.println("uid:"+username);
  //System.out.println("pass: "+password);
  context.put("Username", username);
  //context.put("Passsword", password);
  // default scope is HANDLER (i.e., not readable by SEI
  // implementation)
  context.setScope("Username", MessageContext.Scope.APPLICATION);

  <S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
  <S12:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>TestUser</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TestPassword</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </S12:Header>
  </S12:Envelope>

• Username and password For Base station Disk

  I have a AEBS and i have a Lacie 500Gb Disk, i am trying to use the Backup feature on Windows Ultimate and it asks for a Username and password. dose any body have any ideas.
  I have tryed it using the Accounts and it doesn't work i want to use the disk with the base station password.

  Connecting to an Airport disk configured with a password (as opposed to account) manually in the Finder, you need to specify a username and password, even though the base station is only configured with a password.
  However, it simply doesn't care about the username, you can put anything as long as the password is the right one. Try to do the same in your situation, a random username with the password configured for the Airport Disk. That might work!

• Username and password validation on SOAP Web Service

  Hi,
  I'm pretty new to web services and c# .net framework.  
  I'm developing an app that uses a third party's API/ Web services. My first task is getting this log in(authentication) to working.
  Right now its nothing more than a simple Login form:
  The code behind the "Log In" button is so far:
  Here I've instantiated the SOAP web service that I'm using. And when I got to test/debug my form and type in my username and password and click the "Log In" button nothing happens..."of course" 
  So my question is, how could I validate whether the username and password were sent to the web service and whether the authentication is true or false?

  I'm trying to figure that part out...of how I can get it to return the bool. How can I check to see if it returns a bool?(because i'm not really sure if it does or doesn't just yet)
  I'm not expecting it to say "Hey you're logged in" because the actual application doesnt work that way. The actual desktop client will log you in with a (Domain Name\ Username) and windows authenticate
  that you're who you say you are, check the SQL Server and Database and Logs you in. 
  So im trying to figure out how I can manually set it up to where it let the user know that they have Logged in successfully.
  And you're saying that the code i have right now SHOULD log the users in correctly?  

• Dynamic username and password for UsernameToken in Receiver Soap Adapter.

  Hi All,
  I am using AXIS Frame work for WS Security Authentication in Receiver SOAP channel. I deployed AXIS and used WSDoAllSender handler. I want to set the username and password parameters in the module dynamically. These have to be extracted from the payload. 
  kindly give me pointers to dynamically assign Username and Password.
  Regards,
  Saipriya.

  continued from the previous entry
  1.  configure the following four handlers in the request chain
  Handler dc
  Handler xireq
  Handler wssec
  Handler trp
  For the xireq and trp handler, you can use the default setting.
  For the dc and wssec handlers, you use the following setting:
  dc: handler.type =  java:com.sap.aii.axis.xi.XI30DynamicConfigurationHandler
  dc: key.1 = write http://sap.com/xi/axis username
  dc: value.1 = user
  wssec: handler.type = java:org.apache.ws.axis.security.WSDoAllSender
  wssec: action = UsernameToken
  wssec: passwordType = PasswordText
  wssec: passwordCallbackClass = com.sap.aii.axis.security.DefaultPasswordCallbackHandler
  2. Create an external password file with user password pairs. For example, if you have three users: orange, banana, and apple, with their passwords: orange, yellow, red,  you create a file with content:
  orange:orange
  banana:yellow
  apple:red
  You name this file to ".password" and place it at the engine's classloader directory (e.g.,
  /usr/sap/E07/JC90/j2ee/cluster/server0)
  3. Prepare the input message containing the user name in the dynamic configuration header that looks like:
  <ns3:DynamicConfiguration xmlns:ns3="http://sap.com/xi/XI/Message/30">
    <ns3:Record name="username" namespace="http://sap.com/xi/axis">orange</ns3:Record>
  </ns3:DynamicConfiguration>
  The namespace and name must match the value used in the key.1 property of the dc handler. As long as they match, you can use any names.
  In this example, the user name value "orange" will be extracted by the dc handler and inserted into the message context.
  4. Send a test message.
  Best regards, Yza

• SOAP URL without username and password

  Hello Everyone,
  its a synchronous SOAP - PI -ECC scenario .
  I have created HTTP URL through sender agreement in integration for testing.
  However, customer now wants HTTPS URL without Username and password in  production URL. How do i create this .
  Regards,
  Ravi

  Hello,
  However, customer now wants HTTPS URL without Username and password in production URL. How do i create this .
  You can disable basic authentication for the sender SOAP Adapter by following William's reply in this thread
  http://forums.sdn.sap.com/thread.jspa?threadID=236507
  However, the authentication will be disabled for all SOAP Sender, so you should weigh-in the impacts of granting that request.
  Hope this helps,
  Mark
  Edited by: Mark Dihiansan on Feb 13, 2012 3:51 AM

• Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

  Please excuse the lousy table...Its late :-)
  I have a multi-server SP2010 farm.  Patched up to
  Configuration database version: 14.0.6106.5002
  My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
  letter (
  http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
  IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
  Claims Auth log entries:
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  f2ut
  Verbose
  Authenticated with login provider. Validating request security token.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Using membership provider 'ADAMProvider'.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Doing password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Failed password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)               
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Unexpected
  Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
  token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  fo1t
  Monitorable
  SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
  could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  fsq7
  High   
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  8306
  Critical
  An exception occurred when trying to issue security token: The security token username and password could not be validated..
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  f2un
  Verbose
  Form authentication failed.
  I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
   I found plenty out there and nothing directly correlates with this issue. 
  I searched on all parts of the errors I got.
  This contains an interesting blurb about setting up access for the apppool id correctly. 
  That’s not the case for me.  It works in dev and the same id are used there. 
  http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
  This was good but it doesn’t give specs on what the environment looks like:
  http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
  The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
  http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
  Any and all help would be greatly appreciated!

  Hi.
  You say its a multiserver farm, do you have more than one web server then?
  If thats the case, have you tried accessing the site on each server directly?
  Found this for you, maybe that can help?
  Troubleshooting Exceptions: System.ServiceModel.FaultException`1
  http://msdn.microsoft.com/en-us/library/bb907220.aspx
  and this:
  SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
  http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
  and
  This seems to be a good guide:
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  Good luck
  Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com

• Calling A Secured webservice using Username and password in the Soap header

  I want to call a secured webservice.
  The Username and password should be sent with the payload in the SOAP Header
  as
  <wsse:Security S:mustunderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="SecurityToken-XXXXXXXXXXXXXXXXXXXXXXXXX" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>uname</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  Can you please send me the steps?
  I tried with giving the username and password under Service Account.
  I tried to create a wspolicy under business service. But nothing works...
  Please help me at the earliest.
  Also please give me steps in sequence.

  Now i made sure that the endpoint is available!
  Now am getting this error:
  <soapenv:Fault>
  <faultcode>soapenv:Server</faultcode>
  <faultstring>BEA-380002: localhost1</faultstring>
  <detail>
  <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
  <con:errorCode>BEA-380002</con:errorCode>
  <con:reason>localhost1</con:reason>
  <con:location>
  <con:node>RouteNode1</con:node>
  <con:path>request-pipeline</con:path>
  </con:location>
  </con:fault>
  </detail>
  </soapenv:Fault>
  Also in the invocation trace i can observe the following things:
  Under Invocation Trace:-
  ========================
       Receiving request =====> Initial Message context
       ===============================================
       under added header:-
       ==================
       <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
       </soap:Header>
       under RouteNode1
  ================
       Route to "TargetMyService_BS"
  $header (request):-
  <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  </soap:Header>
  Under Message Context changes:-
  *===============================*
  I can find this element also:-
  con:security>
  *<con:doOutboundWss>false</con:doOutboundWss>*
  *</con:security>*
  eventhough we enabled ws security, how the above tag can be false?
  I think its getting failed to populate the header with the required login credentials.
  The other doubt i have is:-
  =================
  I have chosen the service account type is static...is this right?

• SOAP Lookup with username and password

  I am doing a lookup using a Java UDF from PI message mapping using a SOAP receiver channel by passing a username and password to get a value from a webservice. This is passed to a field in the target side. Everything works fine.
  But I want to avoid hardcoding the username and password sent in the XML for the lookup in the UDF. Anyone has any suggestions?
  Thank you.

  Hi Param,
  Are you passing the userid and password in url of SOAP Lookup?  You can try using value mapping to get the password for a given username..
  Else maintain it in SOAP channels and for each user id try selecting a different SOAP channel..  HEre also you can use value mapping for userid = soapchannel relationship.
  Regards
  Suraj

• Username and Password authentication

  Hi,
  I am new to both JDBC and MSSQL. I've been connecting to msSQL server without providing username and password (DriverManager.getConnection(String url)). I am wondering how to enforce the username and password authentication so that username and password have to be verified before a connection is made. Thanks in advance.

  but where can I get the username & password? I can get
  the connection even with any username & password, why?Hi WeiHang,
  This is regarding the options you have set in the SQL Server. You have to choose from Windows NT authentication and SQL Server Authentication. If you give SQL Server authentication you have mentioned the username and password and you can connect to database simple using DSN(if you are using JDBC-ODBC). However if you choose WindowsNT authentication you donot specify the user name and password there and you have to enter the same at runtime.
  Hope this can help you

• Cannot Remove Username and Password from Mail settings in WebLogic for 11g

  I have changed my mail server settings in EM->BI->Coreapplication->deployments->mail from an SMTP server using authentication to one without. However, when I try to remove the username and password, then hit apply and activate changes, the UN and PW re-appear. Is there another place where I can force these items to be blank?
  Thanks!

  I found the mbean "BIDomain.BIInstance.EmailConfiguration" that contains an operation to change the credentials. I'm guessing this is what the EM setting is using. Unfortunately, the change credentials operation doesn't allow blanks for UN and PW. This is probably why the EM can't reset it. Does anyone know how I can reset the MBean?