Proxy with NOT-Basic Authentication

Every thread dealing with URL connection thru Proxy explains how to connect with "Basic" authetication.
My problem : Basic authentication is not acceptable because login/password are sent uncrypted. And more, in my case the rpoxy will ask for my windows 200 login/password. So I really need to do specific authentication.
I observed tha my navigator is doing NTLM authentication : the authentication String (before Base64 encoding) looks like "NTLMSSP<encrypted login andpassword and other unknown binary data><network station name><network group name>". ex : "NTLMSSP ♀☻ ☻ 4 ♀ ( ♣� ☼☺ MYCOMPUTERWORKGROUP"
Wich password encoding is used in NTLM proxy authentication ?
Do you know some other proxy authentication that do not send clearly login&password ?

Transport level authentication is done at transport layer even before the actual proxy service gets initiated. So you wont be able to catch authentication errors in the proxy service (and do alerting/logging/reporting etc). You can probably try enabling debug logging for HTTP protocol and see if you can capture these errors in the Access.log of the servers.

Similar Messages

Calling Web Service with Http Basic authentication in SOA 11g

I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
Am i missing some steps?
Please let me know.
Note - I am working on SOA 11.1.1.4.
Regards
Ayush

Hi Ayush,
Please refer -
http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
Regards,
Anuj

BPEL to invoke Webservice secured with HTTP Basic authentication

Hi All,
Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
1) Created Target Synchronous process ex : B
2) Created Source Syncronous Process ex : A
Iam trying to call B(Target) from A(source).
3) Open Composite.xml of A(Source)
4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
5) Under Security tab attach oracle/wss_username_token_client_policy
6) Login to em/console
7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
8) Enter username and password under HTTP Basic Authentication.
9)Test from em.console(when we are testing under security tab I have checked None radio button)
So this is the Error message which is throwing.
==================================
The selected operation process could not be invoked.
An exception occured while invoking the webservice operation. Please see logs for more details.
oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
=======================================
Please let me know if Iam missing any steps.
Thanks
SSV

Followed this post.......
This is avery good question
in 11g i have taken out the steps from my document which i created for one our customer
go to composite
Right click on the external reference service and select “Configure WS policies” :done
Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
7. Include the “oracle.webservices.auth.username--> :done
value-->password :done
8. Include the “oracle.webservices.auth.password”-->name :done
value-->password :done
Thanks
SSV

While creating web service proxy for a basic authentication WSDL getting WsCompile.AbortException

Hi,
I am usingJdeveloper 11.1.2.4
I have to use a basic authetication WSDL in my appllication to call a web service, when I create a webservice cleint and proxy and follwed the wizard after clking finish it throws following error.
The WSDL is created by an exteanl SAP application
com.sun.tools.ws.wscompile.AbortException
at com.sun.tools.ws.wscompile.WsimportTool.generateCode(WsimportTool.java:280)
at oracle.jdevimpl.webservices.tools.weblogic.JDevWsimportTool.generateCode(JDevWsimportTool.java:602)
at oracle.jdevimpl.webservices.tools.weblogic.JDevWsimportTool.generateCode(JDevWsimportTool.java:443)
at oracle.jdevimpl.webservices.tools.weblogic.WebLogicAdaptor.wsimportGenerateCode(WebLogicAdaptor.java:1020)
at oracle.jdevimpl.webservices.tools.weblogic.WebLogicAdaptor.createProxy(WebLogicAdaptor.java:284)
at oracle.jdeveloper.webservices.tools.WebServiceTools.createProxy(WebServiceTools.java:271)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.jdeveloper.webservices.tools.WebServiceTools$1.invoke(WebServiceTools.java:132)
at $Proxy38.createProxy(Unknown Source)
at oracle.jdeveloper.webservices.model.proxy.generator.CreateProxy.createJaxWsProxy(CreateProxy.java:1194)
at oracle.jdeveloper.webservices.model.proxy.generator.CreateProxy.doGeneration(CreateProxy.java:382)
at oracle.jdeveloper.webservices.model.proxy.generator.CreateProxy.action(CreateProxy.java:174)
at oracle.jdeveloper.webservices.model.generator.GeneratorAction.run(GeneratorAction.java:142)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Any thing I missed?
Thanks
R. Ramesh

Two comments:
1) The generated proxy looks correct. If you explore the generated code for the InputParams object and the Rowset object, they should represent the incoming and outgoing data structures for your transaction. If not, and if you are returning an XML property type from the transaction, be sure that you have used the "Assign Reference Document" technique to tell MII what the structure of your outgoing document is (there are a few other discussion threads on that topic).
2) Personally, I find it much easier to consume MII services from .NET code using a URL-based technique instead of a SOAP based technique. Invoke the "Runner" servlet (see the documentation) and you'll get an XML document back, that will always be in the MII Rowsets/Rowset/Row format. Also, it is "self describing" because it includes Column metadata information. It is very trivial to load this into a .NET XmlDocument object and parse/process it. In fact, doing a similar approach, I've been able to make MII services appear as ADO.NET tables/stored procedures to .NET code.
Rick

Web Services with HTTP Basic Auth

Hi,
I am having a problem connecting to web services which
require HTTP Basic Authentication from a Flex application. I have
useProxy set to true and call setRemoteCredentials prior to
attempting the call, but the credentials do not appear to be set on
the request (the request fails with fault.faultString = "HTTP
request error", faultCode = "Server.Error.Request". The messages on
the server indicate that the user name and password were not
specified.
I do have the proxy-config.xml file set up properly (I think
-- I followed the example in the mx.rpc.soap.mxml.WebService class
description, at least).
I can verify that the WSDL (which doesn't require BASIC auth
to access) is being loaded properly, but when I make the request,
it fails. Is this a known problem?
I am using Flex Builder 2.0.1 to build my SWF files.
Thanks,
Brendan

Thanks for the pointer, I did try it, but it didn't help.
As I said in the original post, the problem is with HTTP
Basic Authentication, so adding a header for WSSE to the service
request didn't help. It needs to be an HTTP Authorization header,
not a SOAP Security header.
Brnedan

UDDI inquiry service HTTP-Basic authentication in BPEL (10.1.3.1)

Hi Gurus,
I'd like to know how we can setup BPEL server for Oracle Service Registry UDDI with HTTP-BASIC authentication for inquiry service (apart of OWSM solution)?
Imagine that in Service Registry I have defined HTTP-BASIC authentication (REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml) for inquiry service used in BPEL domain (uddiLocation key in BPEL domain configuration). And now I'd like to provide credentials. In package.xml I have this
<service-endpoint path="/inquiry" version="3.0" name="UDDIInquiryV3Endpoint"
service-instance="tns:UDDIInquiryV3" processing="tns:UDDIv1v2v3InquiryProcessing"
accepting-security-providers="HttpBasic">
<wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Inquiry_SoapService"/>
<envelopePrefix xmlns="arbitraryNamespace" value=""/>
<namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
</service-endpoint>
I don't see any field with username or password. Is it automaticaly taken from security provider configured for Service Registry (for example LDAP)? If yes then it is clear.
But what about BPEL engine, where can I provide those credentials? Is it some secret configuration file? Or only supported way is to configure it through OWSM component in order to enrich request by credentials (what about license, when customer doesn't want to use OWSM)?
Do I miss something in this concept?
Thanks
Peter

as said internally - file an ER for it pls - and I will take care of it, depending on the demand - either for 10.1.3.1 GA or 10.1.3.1 patchset ..
we will support only HTTP Basic Auth - rest will follow per customer demand ..
/clemens

Web Service Call with Basic Authentication does not work

If I try to use Basic Authentication in my Web Service Client with the automatically created methods
setUsername(inUserName)
setPassword(inPassword)
setAddress(inAddress)
the application does not make a call. Did I forget something?
Is it possible to use "Test Method" with Basic Authentication?
Thank you.

Thank you for your answer.
But: I already read this article. And it doesn't help me.
I use the following code:
            getMyServiceClient1().setUsername(inUserName);
            getMyServiceClient1().setPassword(inPassword);With this code I always get a java.lang.NullPointerException.
The methods setUsername and setPassword are definded as follows:
public void setUsername(String inUserName) {
        myStub._setProperty(Stub.USERNAME_PROPERTY, inUserName);
public void setPassword(String inPassword) {
        myStub._setProperty(Stub.PASSWORD_PROPERTY, inPassword);
}But if I look at the methods which are generated automatically by Sun Java Studio Creator I cannot find _setProperty.
I also found this thread in your forum:
http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=54773

OSB : Restful proxy service with basic authentication

Hi,
We want to expose a restful webservice from OSB with Basic authentication (username and password). Let us know what is the procedure for the same.
THanks,

Hi Vinoth,
The users/groups are picked up from the LDAP configured in Security Realms->myRealm->Providers
You basically have 2 options:
- You can configure your LDAP in Providers
- Use the DefaultAuthenticator that weblogic provides you by default.
If you do not want to configure an LDAP, and want to use weblogic's default, then all you have to do is add users and groups in Security Realms->myRealm->Users and Groups
Do mark this as useful or answered, if this has helped.

Help not working behind proxy with authentication

Hello,
Clicking Help within a CS5 app brings up the error:
Our school is behind a proxy with authentication.
What I'd like to do is download the help files and put it on a local server.
Then I'd like to edit the main help config (where is this?) to point there.
I've seen posts where it talks about %appdata%\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\ but we have hundreds of users and editing anything in this path is not feasible.
Please could you help in showing me where the original files are that make up the appdata chc folder so that I can edit this config at SOURCE and that any user that logs on will have a correct CHC folder made up pointing to the correct location.
I appreciate anyone's help.
Thanks for your time,
Jonathan

Hi Jonathan: there is a list of HTML and PDF files for download here: http://blogs.adobe.com/premiereprotraining/2010/08/help-documents-for-creative-suite-5-pdf -and-html.html
The help config files are located in the directories indicated below -- however, you did mention that editing those files is not feasible. So, I'm not sure if this the right solution for you ... We are resolving this in the next CS release, however, I understand that this is not much of a consolation/solution for you right now.
Windows: %appdata%/chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Tip: To find this directory in Windows, copy the preceding phrase into the Windows Explorer file manager.
Mac OS: /[username]/Library/Preferences/chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Calling web service with basic authentication from EP "unauthorized"

Hello,
I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
Problem in server response: [Unauthorized].
I'm using the following code for calling the .NET web service:
...Licence_GetList lParameter = new Licence_GetList();
lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);...
I've also configured a http system in the portal system landscape using the following parameters:
Authentication Method : Basic Authentication
Authentication Type : Server
User Mapping Type : admin,user
The user mapping is also personalized for this system!
What's wrong? Please help! This is really urgent!
Kind Regards
Joerg Loechner

Hello Renjith,
here is a small cutout of my "portapp.xml";
<services>
<service alias="LicenceManager" name="LicenceManager">
 <service-config>
 <property name="className" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager"/>
 <property name="startup" value="false"/>
 <property name="WebEnable" value="false"/>
 <property name="WebProxy" value="true"/>
 <property name="SecurityZone" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager/
 DefaultSecurity"/>
 </service-config>
 <service-profile>
 <property name="SystemAlias" value="LicMan_NET"/
 </service-profile>
</service>
</services>
I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
Regards
Joerg Loechner

Proxy for Basic Authentication

Hi,
Can someone point out if I am on the right track about this ?
I have an application which uses Basic Authentication as its authentication mechanism.I have defined the Application for single sign-on using the External Applications option in the Portal Builder.
I have read further down in the documentation (Configuring and Administering External Applications) http://download.oracle.com/docs/cd/B10464_01/manage.904/b10851/ext_apps.htm#1009009
that there is something called Proxy Authentication for Basic Authentication Applications.
Can someone explain this to me as I am unsure as to whether I need to set this proxy up as well ? The diagram in the documentation appears to be what I am trying to do.
As I mentioned in a previous post Basic Authentication doesn't appear to be working for me. The very first time I authenticate I get straight into the application but any attempts after that results in the Basic Authentication dialog box appearing even though I have checked the "Remember my login information" tick box.
Any ideas ?
Thanks,

Thank you for the response. I tried with a pass-through service account but could not get it working.
This is what I did:
1. I have a SOAP business service with WS-Policy with username security assertion.
2. I created a SOAP business service with the wsdl. OSB EPE editor said OSB does not support WSSE 1.2 policies. I extended my OSB domain to include OWSM and in the business service policy tab, selected OWSM policy option and added "oracle/wss_username_token_client_policy". (Now I am not sure how the user credentials in HTTP BASIC (headers) will be propagated to WS-Security headers)
3. I created a pass through service account and added this service account in the SOAP business service. I am able to configure service account only when I choose HTTP BASIC authentication in the business service. This did not propagate the username from HTTP to WS-Security. I see errors in the log like "WSM-00015 : The user name is missing.". Looks like wss_username_token_client_policy is looking for username in csf-key map. I do not know this map gets populated internally. If I have to do it programmatically I saw there is java code to set BindingProvider.USER_NAME in the request context. How do I do this from OSB designer ?
4. I tried creating a wrapper proxy around the secure SOAP business service and include the wrapper proxy in my main proxy but could not get it working. I get lof of NullPointers.
I am missing something. Can you please help ?

PROXY BASIC AUTHENTICATION

Hello.
I'm facing problem during client connection throungth proxy.
The error messagge is:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 302 Moved Temporarily"
 at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:923)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6275)
 at updateAuto.getInputStream(updateAuto.java:494)
 at updateAuto.downloadFile(updateAuto.java:422)
 at updateAuto.start(updateAuto.java:263)
 at Avvio.main(Avvio.java:8)
The question is: how i set the basic authentication? I found two example:
URL url= new URL(fileName);
URLConnection connection= url.openConnection();
connection.setRequestProperty("Proxy-Authorization","Basic " + new sun.misc.BASE64Encoder().encode(proxyUser + ":" + proxyPassword).getBytes()));
URL url= new URL(fileName);
URLConnection connection= url.openConnection();
connection.setRequestProperty("Proxy-Authorization", new sun.misc.BASE64Encoder().encode(proxyUser + ":" + proxyPassword).getBytes()));
So, i MUST specify the Basic before the user-password or not?
I'm in the rigth direction or i miss something?
Best regards
Gianluca Chiodaroli

I was also struggled to get this thing done for long time and finally mangaged to got through. Following code would demonstrate how you could connect to a https url through a proxy sever. You have to replace your proxy server, port, userid/password and your https URL in the appropriate places.
Also follow the instructions given in the java comments blocks to download the deigital certifactes of your https sites and configure them in the filestores.
I have tested this code with JDK 1.4
Good luck. Dushan Karawita
import com.sun.net.ssl.*;
import javax.commerce.util.BASE64Encoder;
import java.net.*;
import java.io.*;
import java.util.*;
* Title: HttpsPrototye
* Description: This will demonstrate how to connect to a https url through
* a proxy server. It is very difficult to find a proper documentation
* describing how to implement this feature.
* @auther : Dushan Karawita ([email protected])
public class HttpsPrototype {
 * Performs the proxy tunneling to access the https url.
 public static void testHttps() {
 HttpsURLConnection httpsCon = null;
 DataInputStream dis = null;
 InputStream is = null;
 String response = null;
 String cookieString = null;
 URL sslUrl = null;
 try {
 * Sets the https proxy server and the https proxy port.
 * @todo: Replace the <proxy.server.com> with your proxy server's
 * IP address and replace with the correct port.
 System.setProperty("https.proxyHost", "<proxy.server.com>");
 System.setProperty("https.proxyPort", "80");
 * Add the route to your cacerts filestore (or a filestore of
 * your choice) you'll find ca certs at java_home$/jre/lib/security
 * Seems that if you dont add this java will not always find the
 * certificate required for to trust the SSL connection.
 * Note if you still get a CertificateException "could not find
 * trusted certificate" then you will need to import the public
 * certificate of the website you are connecting to into the
 * keystore using,
 keytool -import -keystore cacerts -file thecert.cer -alias thecertname
 * This command will add the "thecert.cer" file to the "cacerts"
 * filestore (if not available, it will create it). Make sure you go
 * to the place where you want to place the filestore (cacerts) and
 * run the command since it will create it in the location it's been
 * run. You can use IE to download the certificate and save it in the
 * hard disk with following steps.
 * Tools -> Internet Options -> Content -> Certificates
 * -> Immediate Certification Autherities
 * and select the certificate from the list and select "Export" and
 * follow the wizard to install it into the local hard drive. If the
 * relavent certificate is not available in the list, try to import
 * the certificate by clicking on the padlock sign of the IE when
 * you go into the secure link.
 * Following is the example of how to import the certificate in your
 * filestore.
 * try the password as "changeit"
 E:\jdk1.4.1\jre\lib\security>keytool -import -keystore cacerts -file doit.cer
 * Enter keystore password: changeit
 * Owner: CN=*.doit.com, OU=Domain Control Validated, OU=See
 * www.ffffssl.com/cps (c)04, OU=https://services.my-choicepoint.net
 * /getit.jsp?126600646, O=*.doit.com, C=NL
 * Issuer: CN=ChainedSSL CA, O=FreeSSL, C=US
 * Serial number: 2899e49
 * Valid from: Thu Jan 29 15:14:20 GST 2004 until: Sat Jan 29
 * 15:14:20 GST 2005
 * Certificate fingerprints:
 * MD5: 44:C5:AC:10:4A:34:6E:19:0D:3A:8A:32:B5:4F:A3:C4
 * SHA1: DA:D8:11:74:B6:BA:EB:D9:98:F2:12:AF:E9:4C:73:0B:4B:FA:1D:CF
 * Trust this certificate? [no]: y
 * Certificate was added to keystore
 * E:\jdk1.4.1\jre\lib\security>
 * You have to set the filestore where you have imported your site's
 * certificates. Here we're setting the defualt jdk filestore since
 * we have imported the ncessary certificates into the same filestore.
 * You can give different filestore if you have created your
 * filestore in a different place.
 System.setProperty("javax.net.ssl.trustStore",
 "E:/jdk1.4.1/jre/lib/security/cacerts");
 * Before connecting with a secure URL, we must do this first :
 java.security.Security.addProvider(
 new com.sun.net.ssl.internal.ssl.Provider());
 System.setProperty("java.protocol.handler.pkgs",
 "com.sun.net.ssl.internal.www.protocol");
 * The https URL which you want to access.
 * If you are using the JDK defualt filestore, it is a good idea to
 * test with the https://www.sun.com url
 * @todo: Replace your https url.
 sslUrl = new URL("https://www.sun.com");
 * Opens the https URL connection.
 httpsCon = (HttpsURLConnection) sslUrl.openConnection();
 httpsCon.setFollowRedirects(true);
 * Set the Proxy user id and password for the basic proxy
 * authorization.
 * @todo: Replace the <user:password> with your proxy user id and
 * the password.
 httpsCon.setRequestProperty("Proxy-Authorization", "Basic "
 + new BASE64Encoder()
 .encodeBuffer("<user:password>".getBytes()));
 * Sets the normal authorization if the site itself is required to be
 * authenticated before access.
 * @todo: Replace the <user:password> with your sites user id and
 * the password.
 httpsCon.setRequestProperty("Authorization", "Basic "
 + new BASE64Encoder().encodeBuffer("<user:password>"
 .getBytes()));
 * Reads the coockie from the header field, so we can bind this
 * coockie with the next request header if we want to maintain our
 * session so we would be able to traverse through multiple pages
 * with the same session.
 cookieString = httpsCon.getHeaderField("Set-Cookie");
 cookieString = cookieString.substring(0, cookieString.indexOf(";"));
 System.out.println(cookieString);
 * get the input stream and creates a DataInputStream.
 is = httpsCon.getInputStream();
 dis = new DataInputStream(new BufferedInputStream(is));
 * Reads the input stream through the DataInputStream and print the
 * response line by line.
 while ((response = dis.readLine()) != null) {
 System.out.println(response);
 dis.close();
 is.close();
 httpsCon.disconnect();
 } catch (MalformedURLException mfue) {
 mfue.printStackTrace();
 } catch (IOException ioe) {
 ioe.printStackTrace();
 * main method to test the code.
 * @param args
 public static void main(String args[]) {
 new HttpsPrototype().testHttps();
}

Problem consuming web service with basic authentication

Hello,
I've set up a web service with basic authentication. Although I have to log in before being able to open the overview page of the web service in the Web Service Navigator, the response I get after sending a request is:
Authority check failed
I get this response in the Web Service Navigator as well as when consuming the web service via standalone proxy classes.
The following is strange, too: It is not possible to change authentication in the generated logical port. It is set to "none". I changed it via the XML file where I added the properties "AuthenticationMethod" (value "BasicAuth") and "AuthenticationMechanism" (value "HTTP"). But I got the above response anyway.
Thanks for your help!
Regards

I used basic authentication for my web service.
I was able to obtain a hardcopy of the logfiles in the meantime. The invocation of the web service is stored there with the following error messages:
SOAP Runtime: Exception message: Schwerer Prozessierungsfehler macht eine SOAP-Fault-Behandlung erforderlich
SOAP Runtime: SOAP Fault exception occurred in program CL_SOAP_RUNTIME_SERVER========CP in include CL_SOAP_RU NTIME_SERVER... [the picture is cut here]
In addition to that I found a thread in SDN that dealt with exactly the same problem:
Web Service Homepage: Authority check failed
But I have the same problem like Kimberly Carmack (the last post on the second page). We do not have that role in our system.

Basic Authentication with IISProxy?

hi,
is the IISProxy the appropriate tool for tunneling http-requests to http-servers behind a firewall (reverse proxy)?
i made it work with ep60. but accessing other http-servers with own mappings (for example /tomcat/ directs to a tomcat server) fails.
problems I'm facing:
1. basic authentication is not transmitted to the http-server (e.g. tomcat). the logon-box pops up, but the data doesn't seem to be transmitted through IIsProxy.
2. URLs created from other servers don't know that the IISProxy requires a special filter-string (again /tomcat/) when they create absolute links.
are there other / better reverse proxys (apache?) that can handle these things?
kr, achim
ps: what about the filter-element attributes authentication="normal" remote-address="skip"?
i haven't found any documentation about them, but they look like to be configured...
Message was edited by: Achim Hauck

After checking some more I was wrong (I got it confused with a Sap logon ticket plugin)
But in note 480520 it is described how to setup reverse proxy with apache. There is an attached document to the note which explains it.
Text of the note:
Symptom
How to integrate SAP J2EE Engine 6.20 with Apache Webserver
Reason and Prerequisites
SAP J2EE Engine 6.20 can be integrated with Apache Web Server,no plugin is needed. The same is valid for SAPJ2EE 610 or In-Q-My 427.
Solution
General Information on how to use the Apache Webserver in combination with the SAP J2EE Web Application Server :
1. You are permitted to use the Apache Webserver together with the SAP J2EE Web Application Server. In this way SAP guarantees continued support for the SAP Application.
2. Due to the high number of possible configurations and versions available, SAP can only provide some examples of possible configurations. These normally suffice to use the SAP Application.
3. You might need to contact consultants specialized in this area for error analysis and further configurations.
This consultation is not provided by SAP Support.SAP J2EE Engine (and its predecessor In-Q-My Application Server) can be integrated with Apache web server, no plugin is needed.
Please review the attached Configuration Guide in order to get some configuration examples using Reverse Proxy and/or URL Rewriting.
Btw, the major benefit of using IIS and IISproxy is that Integrated windows authentication is possible (SSO from OS)
Great idea to make a blog out of this.

3.1EA1: proxy client used allows only BASIC authentication

The proxy client used only use BASIC authentication. The problem the proxy we're using uses NTLM authentication, and the user/password are the domain user/password, thereby very dangerous to send using a non-secure authentication mode as BASIC (a simple base64 enconding of user and password...)
Edited by: user8381214 on Oct 21, 2011 3:52 AM

Hi user8381214 ,
Can you give me more details?
Note that there are two main types of proxy connection:
1/username1[username2]/password
and
2/username1/password with proxyClient username2/password
Which one is affected?
-Turloch
SQLDeveloper team
If you would prefer this to be off the forum my email address is:
turloch<dot>otierney<AT>oracle.com

Proxy with *NOT-Basic* Authentication

Similar Messages

Maybe you are looking for

Proxy with NOT-Basic Authentication