Performing Basic HTTP Authentication on the iPhone

Similar Messages

• Basic HTTP Authentication

  Hi everyone,
  I'm trying to make a portal/gateway environment where a user can be automatically logged in other applications using Basic HTTP Authentication.
  To do this I have enabled the Basic HTTP Authentication in the psconsole (under Secure Remote Access > default > Core).
  I have also added a couple of LDAP attributes in the Portal LDAP: sunPortalGatewayWWWAuthorization.
  Are these the only two steps needed? Or am I forgetting something?
  Could someone tell me how the values in the sunPortalGatewayWWWAuthorization can be formed? I am currently using someone else's code, which used to work on a Portal Server 6 environment. I'm not sure if I understand well how those Basic Authentication values are formed.
  Thanks a lot!
  Sten

  Thank you Yvan, for your reply.
  I have looked at the Access Manager in the old environment, and did not see any SSO functionality being enabled.
  The old environment does not have a psconsole, so I was not able to check the settings over there.
  What bothers me, is that I do not know what kind of values should be stored in the sunPortalGatewayWWWAuthorization attribute. A basic http authentication string would look like this: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
  (This would be a Base64 encoding of Aladdin:open sesame).
  But in the Portal LDAP it seems that everything is encoded in Base64. As far as I understand the code is doing the following:
  - Make-up string: "+hostname+|Authorization: Basic +username+:+password+"
  - additionally, it looks like the whole string is being encrypted too, using a PBEWithMD5andDES algorithm
  Is this a requirement for the Gateway? Or is this for some kind of security reason? And is this correct?
  Thanks,
  Sten

• Basic http authentication not working when consuming Web Service in BPEL.

  Hi,
  I am consuming an AXIS Web Service from BPEL 10.1.3. The Web Service uses basic http
  authentication so we need a way to get username and password into the http
  header. In the Oracle BPEL Process Manager Administrator's Guide 10g
  (10.1.3.1.0) section 1.3.4.1 HTTP Basic Authentication (10.1.2.0.2) is stated
  that this can be done using the properties httpUsername and httpPassword. I
  have set the 2 for the partner link in bpel.xml but username and password does
  not get in to the http header. Has anybody got an idea?
  Regards Pete

  I'm having the same sorts of problems with 10.1.3.1.0. I've got a deployed BPEL suitcase that's trying to hit a BASIC AUTH-secured web service running on a WebLogic 8.1 server. I've set up my partner link according to the documentation, and the BPEL console Descriptor tab even shows the parameters correctly:
  partnerLinkBindings      
  client      
       wsdlLocation      awardService.wsdl
  spsAwardSubmitPartnerLink      
       basicHeaders      credentials
       basicUsername      ko1
       basicPassword      xxxxx
       wsdlLocation      IAwardDraftServiceRef1.wsdl
  However, when I funnel the resultant call to the endpoint specified in IAwardDraftServiceRef1.wsdl, none of the fields I would expect show up in the HTTP header:
  POST /pd2WebServices/service/IAwardDraftService HTTP/1.1
  Host: vm-orcl-app-srv:4444
  Connection: Keep-Alive, TE
  TE: trailers, deflate, gzip, compress
  User-Agent: Oracle HTTPClient Version 10h
  SOAPAction: ""
  Accept-Encoding: gzip, x-gzip, compress, x-compress
  Content-type: text/xml; charset=UTF-8
  Content-length: 3800
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Body><IAwardDraftSubmitNew xmlns="http://www.caci.com/pd2/pub">
  <IAwardDraft>
  <accessController/>
  <agreementEndDate/>
  Is there some other configuration piece I'm missing?? I've tried the other variation using httpBasicHeaders, with the same results. I even noted that the "Oracle® BPEL Process Manager Administrator's Guide" says that "Starting with Oracle BPEL Process Manager release 10.1.3, all partner link properties are automatically propagated into the HTTP header." I've tried putting "extra" parms in the partner link bindings, but they don't show up either.
  What am I missing??
  Thanks,
  Mike

• Embedding basic http authentication credentials in JNLP file

  I want to embed basic http authentication credentials in the JNLP file.
  Basically, I want the jars to be behind basic http authentication in order to distribute the application only to authorized users (I understand this is not strong security, but it's fine for my purposes) who are all on Windows, and once the java app is initially installed, I never want to have to enter the http login credentials again.
  So I set up the http authentication and in the jnlp file I have:
  <jnlp
       spec="1.5*"
  codebase="http://username:[email protected]"
       href="program.jnlp">
  This doesn't seem to phase the JWS authenticator. So on the first launch from the desktop shortcut I put the credentials in manually and select "save this password in my password list". It seems like I'm in the clear as the next time I launch the application from a desktop shortcut I am not asked for any credentials, but every time the Windows machine is restarted, I get the JWS authenticator again...the password is no longer saved.
  Is there a way to embed the username/password in the JNLP file to get past the JWS authenticator without having to retype the username and password every time the machine is restarted? Or to permanently save the password in the JWS authenticator password list? Or any other way to set it up where once the application is initially installed, the http authentication credentials never have to be manually entered again?
  Thanks!

  Hi everybody,
  I manage to do almost all (I suppose), but I need last help.
  Through SM59 I created the HTTP Destination needed; then, I implemented the code given by SAP here:
  http://help.sap.com/saphelp_47x200/helpdata/en/2d/64d053e74911d6b2e400508b6b8a93/content.htm
  I ran the program, and it gives me the error: "Binder not found for soapAction = null.
  I suppose that I should give the link to the soapAction, but I don't know where in the code.
  Have you any idea?
  Thanks and Regards,
  Francesco

• Internationalizing Basic HTTP authentication browser dialog for UserID

  Is it possible to have multibyte user ID for Basic HTTP authentication? Based on RFC2617 user ID has to be *Text, which basically is ASCII. But I thought maybe someone has a workaround for this limitation. Our entire web app is internationalized, we use UTF-8 as encoding for JPS pages and request processing, and that all works fine, but there is one area where we use Basic HTTP authentication, and so far I was not able to find a way to internatianalize that. Once the resource is reqested, we process request in the servlet and if the user is not authenticated we send authentication challenge response to the browser. Response encoding is set to UTF-8. After user enters the credentials, I process those in the same servlet , again using UTF-8. Of course when I tried to input the japanese ( multibyte)userID, the authentication is failing. I think the browser is corrupting DBCS data once it Base64 encodes it... Does anyone have ideas whether it is possible to internationalize this at all?

  You'll probably need your own ServletFilter to process the authentication header, since servers will mostly decode headers in the locale encoding, regardless of any charset in the Content-type header of the request. Getting browsers to use UTF-8 encoding before base64 might be a bit tricky though.
  It is probably better to use form based login. The procedure for getting UTF-8 encoded form parameters is a well understood FAQ for this forum.

• JAAS NTLoginModule for basic http authentication

  Hi all,
  Can someone point me to the right direction on this subject? I'd like to use JAAS' NTLoginModule to get a user's credentials, then use those credentials to authenticate the user into something that requires a basic http authentication... specifically, a domino web service. (I don't want the user to have to type in his/her password).
  First, is this even doable? and Second, what would I need to do to get this working?
  Thanks in advance.

  I am using IIS 6 with Windows Integrated Authentication which passes all HTTP requests to Tomcat 5.5 for processing via the ISAPI plug-in jk1.2 It does nothing else. Don't ask the obvious, I can't tell you. It just is.
  I have a new requirement for a new web application on our intranet. I would like to be able to identify my users without them typing anything in. How can I capture any part of the Window's user credential's from within my Java web application on Tomcat?
  I'm looking at HttpServletRequest.getRemoteUser() and HttpServletRequest.getUserPrincipals() and I'm thinking I can (minus establishing my own Tomcat realms, etc...).
  Any thoughts? Even if you don't know how, just tell me if you know this can be/is being done somewhere.

• I have enabled iTunes and App Store fingerprint authentication on the iPhone 5s.  However I still receive a prompt for my Apple ID password vs my Fingerprint.  Any way to resolve this?

  I have enabled iTunes and App Store fingerprint authentication on the iPhone 5s.  However I still receive a prompt for my Apple ID password vs my Fingerprint.  Any way to resolve this?

  Ok thanks - that explains it:
  From the Apple article: "
  Note: Touch ID cannot be used for purchases if Require Password in Settings > General > Restrictions is set to Immediately."
  Not sure why - but clearly intentional.

• HTTPS authentication in an iPhone app

  Hi,
  I am new to iPhone app development. I am trying to log a user in to a website which performs HTTPs authentication.
  I need to then use the cookie generated by this process in all future requests to the website.
  Can anyone point me to sample code / methods which are used for this.
  Really appreciate any help.
  Thanks,
  RT

  This a forum for users, try here: http://developer.apple.com/iPhone/program/

• Removing Basic HTTP Authentication required by Adapter Engine

  Hi guys,
  can you please help me with this issue? I'm sending a SOAP requests to PI but I need to remove required authentication by WAS as the sending system is not able to provide username and password.
  Thank you,
  Peter

  Peter,
  AFAIK if you remove authentication, it will remove it for all the SOAP scenarios and cannot be achieved for a single scenario.
  Check the reply from Bhavesh in this thread:
  Re: SOAP User ID/Password  - Authoraization
  If you want to refer more similar threads check this:
  https://forums.sdn.sap.com/search.jspa?threadID=&q=%22remove+authentication%22&objID=f44&dateRange=all&numResults=15&rankBy=10001
  Regards,
  Neetesh

• Adobe PDF Viewer X in Safari 5 not displaying documents protected by HTTP Authentication

  I have the latest Adobe Reader X release (10.0.0) for Mac OS X 10.6 in Safari 5.0.3. The PDF Viewer is unable to display files hosted on directories protected by HTTP Authentication. The progress bar keeps spinning forever.
  I've tried it on several Macs and various Apache web servers, with both Basic and Digest Authentification.
  Adobe PDF Viewer running on Mac OS X 10.5 doesn't have this problem. Adobe PDF Viewer X running on Windows XP with Safari 5 doesn't either. So it is specific to the latest release for Mac OS X 10.6.
  Any idea for a fix? I can't revert to a previous version of Reader since the older plug-in doesn't run in 64-bit Safari (the default on Snow Leopard) - please don't tell me to force Safari to run in 32-bit mode.
  Is it at least a known bug that will be fixed soon?

  You mean disabling HTTP Authentication? Yes, of course. And it works without it. That's how I know that the cause of the problem is HTTP Authentication.

• Webservice with HTTP authentication

  Hi,
  how do i supply the userid an password for a http authenticated webservice.  I already choose the option for http authentication on the security tab on the logical port.
  Alos tried to find it in the Visual Admin to the server but i am stuck.
  Greetings Danny.

  There are two ways to do this
  <b>Option 1: Hard code the Username/Password</b>
  For this, use the method _setUser and _setPassword.
  These are methods for your model class Request_<WebService>_PortType.... (the model class for the webservice). I invoked these methods in the wdDoInit method of the component controller class.
  For example, i imported the WSDL for the RFC SXMB_GET_MESSAGE_LIST and used it like this:
  Request_SXMB_GET_MESSAGE_LISTPortType_SXMB_GET_MESSAGE_LIST oRequest =
  new Request_SXMB_GET_MESSAGE_LISTPortType_SXMB_GET_MESSAGE_LIST();
  oRequest._setUser("bcuser");
  oRequest._setPassword("password");
  <b>Option 2: Use HTTP Destinations</b>
  Open Visual Administrator and goto node Services, Destination Service. Create a HTTP destination with the URL of the webservice, maybe choose basic authentication and give the username / password. Now, you could use this HTTP destination in the component controller class. Even though there is a method _setHTTPDestinationName, this did not work for me. I had to write the following code to retrieve the URL, username, password from the HTTP destination
  import javax.naming.Context;
  import javax.naming.InitialContext;
  import javax.naming.NamingException;
  import java.net.HttpURLConnection;
       InitialContext ctx ;
       Object obj;
       DestinationService dstService;
       Destination destination;
       HTTPDestination httpDestination ;
       HttpURLConnection httpurlconnection = null;
       Properties destprop = null;
       String url = "";
       String username = "";
       String password = "";
            ctx = new InitialContext();
            obj = ctx.lookup(DestinationService.JNDI_KEY);
            dstService = (DestinationService) obj;          
            destination = dstService.getDestination("HTTP","NC_IS");
            destprop = destination.getDestinationProperties();
            httpDestination = (HTTPDestination) destination;
            url = httpDestination.getUrl();
            username = destprop.getProperty("USERNAME");
            password = destprop.getProperty("PASSWORD");  
  (I know the java code sucks and the purists will hang me; nevertheless it works)
  Besides the code, you need to do the following as well:
  (1) In the Package explorer, select your project, right click, cick on "Set Additional Libraries.."
  (2) Select security.class and tc/sec/destinations/interface
  (3) Click on menu Project > Properties, goto Webdynpro refereces node in the tree and add the following
      (a) Interface References: tcsecdestinations~interface
      (b) Service References: tcsecdestinations~service
  All the best, try option 1 first before you embark on the second one.
  Regards, Parag.

• Http authentication code

  how to generate basic http authentication code of type digest(auth_type="digest") using jdeveloper,

  When the following code is used to authenticate the HTTP send request using "digest" authentication type. It gives the error below.
  // authentication code
  Properties props = new Properties();
  props.put(OracleSOAPHTTPConnection.AUTH_TYPE, "digest");
  props.put(OracleSOAPHTTPConnection.USERNAME, "userid");
  props.put(OracleSOAPHTTPConnection.PASSWORD, "password");
  m_httpConnection.setProperties(props);
  //Error
  [SOAPException: faultCode=SOAP-ENV:IOException; msg=&quot;WWW-Authenticate&quot; header is incorrect; targetException=java.io.IOException: "WWW-Authenticate" header is incorrect]
       at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
       at oracle.soap.transport.http.OracleSOAPHTTPConnection.send(OracleSOAPHTTPConnection.java:765)
       at org.apache.soap.messaging.Message.send(Message.java:125)
       at mypackage1.SampleStub.Sample(SampleStub.java:184)
       at mypackage1.SampleStub.main(SampleStub.java:57)

• Is the iPhone release simple by design??

  Is iPhone Intentionally simple to start with?
  I was thinking about this a lot lately. There are so many things, simple things, obvious things, missing from iPhone on its release that I cant help thinking its more of a strategy then lack of foresight or users needs.
  Apple and AT&T both knew that this release was going to be huge, possibly adding 1/2 million new (or changing) users to AT&T's infrastructure and immediately putting a strain on its system, support technicians, help desk, etc. Apple knew it would be handling calls from confused users, those needing help, etc etc.
  So perhaps they simplified things by putting out the most basic elements possible on the iPhone. If you think about it, if they had put MMS on the iPhone, there would be a huge increase in data transmission over the Edge network of everyone sending pictures from their new iPhones. That could be a huge strain on the network. Also the more the iPhone does, the more people will be calling with questions, problems, or complaints, flooding Apple and AT&T's call centers with tons more seemingly unneessicary calls. Leaving a lot of things out on the release probably prevented tons of calls to the helpdesks so the teams can focus on the release and any problems related to it. Maybe the idea was make it simple, and then once the storm calms down, add more things out little by little until the iPhone reaches its full capabilities.
  I sincerely hope this is the case! While I love my iPhone and most likely wont return it (that thought is still on the table though) it is obviously severely lacking in many of the more basic and wanted things.
  I just hope we dont have to wait months for an update. A week into owning the iPhone and I have found that I am getting bored with it's current abilities. Definitely better then my blackberry was, but the Nokia 7125 I had for a while, while it didnt have the cool gui the iPhone does, was quite a bit more useful, not to mention fun, in terms of its abilities.

  If there is one thing that is very obvious here, it has to be that Steve Jobs loves to introduce new functionality on-stage. It is one of his biggest passions in life, to stand on a stage and talk about a new product or new functionality. Just watch one of the videos on this website. You will see it. Anyway, this gives him tons of future opportunity to introduce a new function to the iPhone. I think the ability to choose something from the iPhones music library as a ringtone, will be one of his biggest announcments in the future, and he will surely bask in that applause he gets from it. He loves that almost as much as he loves life itself. So don't worry, our phones are headed for better days,... after all, they have the ability to receive software updates from Apple. So you know that means added functinality. Be sure to leave feedback in the appropriate section on this website, listing all of your iPhone upgrade wishes. The more they get, the better the chance it gets updated quicker.

• Verizon wireless customer service and the iphone 6

  I just upgraded to the iphone 6. It is a nice phone. Fast, sleek, seems more durable than the reports of it bending etc.
  (Knock on wood).
    The biggest problem I have is VERIZON. Having been a customer for well over a decade, I was annoyed that I had to pay them $30 to sign a two year contract to give them money in exchange for service. Why the fee, I ask?
  "Because everyone charges a fee". Cool. There is also a cliff right over there.
    The customer service agent was polite and offered to offset this charge on my next bill, and to go ahead and pay this fee on top of the $300 for the phone. I did. And signed the next two year contract. Did he give me said credit? Nope. When I asked the next customer service agent of this, she said "we don't do that". When I asked Brandy, a supervisor, she also stated that this cannot be credited. Convenient timing as I had already signed the contract. I don't like giving money to companies that trick people out of money. I think I have out grown Verizon. Or Verizon's customer service has outgrown itself.
  Regardless, it's the principle. Getting lied to and treated like a sucker doesn't feel good. And I paid money to have it done to me.
  Thanks Verizon!

      Bluevelvet, I'm sorry you feel this way. Although it was a difficult decision to implement the upgrade fee, we did decide that doing so would allow us to continue to provide savings to our customers. While a $30.00 upgrade fee may not sound like savings, the savings comes in the form of being able to subsidize our devices with contracts. Additionally, the upgrade fee can be avoided with Edge since the device is not subsidized.
  You mentioned purchasing an iPhone 6. I'm glad to see that you are happy with the design and performance of it. Normally, the iPhone 6 16GB (I'll use this for an example) is $649.99 for full retail. With the larger memory and different model, it's even pricier. By charging a $30.00 upgrade fee, we can subsidize this cost for you in exchange for a two year contract, so intead of paying $649.99 out of pocket, you only have to pay $199.99.
  I do want to review the offer that was presented to you. I have sent you a direct message here. Please reply to the direct message.
  AndreaS_VZW
  Follow us on Twitter @VZWSupport

• How do I delete photo ALBUMS from my iPHONE 4? I sync via icloud and I can not see any folders selected in itunes. I searched the internet and basically there is no one who has the answer to how you delete the iphone photo library and misc albums

  how do I delete photo ALBUMS from my iPHONE 4?
  I sync via icloud and I can not see any folders selected in itunes.
  I searched the internet and basically there is no one who has the answer (so far)
  to how you delete the iphone photo library and misc albums
  I have also had every iphone and I am not stupid.
  charles altman

  Replying to my own post - heh. I downloaded iExplorer (http://www.macroplant.com/iexplorer/) which allowed me access to the files on the phone and there was the phantom movie in the DCIM folder. Deleted it, and all is well - although I still have 0.65gb of Other in iTunes.....