Removing Basic HTTP Authentication required by Adapter Engine

Similar Messages

• Basic HTTP Authentication

  Hi everyone,
  I'm trying to make a portal/gateway environment where a user can be automatically logged in other applications using Basic HTTP Authentication.
  To do this I have enabled the Basic HTTP Authentication in the psconsole (under Secure Remote Access > default > Core).
  I have also added a couple of LDAP attributes in the Portal LDAP: sunPortalGatewayWWWAuthorization.
  Are these the only two steps needed? Or am I forgetting something?
  Could someone tell me how the values in the sunPortalGatewayWWWAuthorization can be formed? I am currently using someone else's code, which used to work on a Portal Server 6 environment. I'm not sure if I understand well how those Basic Authentication values are formed.
  Thanks a lot!
  Sten

  Thank you Yvan, for your reply.
  I have looked at the Access Manager in the old environment, and did not see any SSO functionality being enabled.
  The old environment does not have a psconsole, so I was not able to check the settings over there.
  What bothers me, is that I do not know what kind of values should be stored in the sunPortalGatewayWWWAuthorization attribute. A basic http authentication string would look like this: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
  (This would be a Base64 encoding of Aladdin:open sesame).
  But in the Portal LDAP it seems that everything is encoded in Base64. As far as I understand the code is doing the following:
  - Make-up string: "+hostname+|Authorization: Basic +username+:+password+"
  - additionally, it looks like the whole string is being encrypted too, using a PBEWithMD5andDES algorithm
  Is this a requirement for the Gateway? Or is this for some kind of security reason? And is this correct?
  Thanks,
  Sten

• JAAS NTLoginModule for basic http authentication

  Hi all,
  Can someone point me to the right direction on this subject? I'd like to use JAAS' NTLoginModule to get a user's credentials, then use those credentials to authenticate the user into something that requires a basic http authentication... specifically, a domino web service. (I don't want the user to have to type in his/her password).
  First, is this even doable? and Second, what would I need to do to get this working?
  Thanks in advance.

  I am using IIS 6 with Windows Integrated Authentication which passes all HTTP requests to Tomcat 5.5 for processing via the ISAPI plug-in jk1.2 It does nothing else. Don't ask the obvious, I can't tell you. It just is.
  I have a new requirement for a new web application on our intranet. I would like to be able to identify my users without them typing anything in. How can I capture any part of the Window's user credential's from within my Java web application on Tomcat?
  I'm looking at HttpServletRequest.getRemoteUser() and HttpServletRequest.getUserPrincipals() and I'm thinking I can (minus establishing my own Tomcat realms, etc...).
  Any thoughts? Even if you don't know how, just tell me if you know this can be/is being done somewhere.

• Basic http authentication not working when consuming Web Service in BPEL.

  Hi,
  I am consuming an AXIS Web Service from BPEL 10.1.3. The Web Service uses basic http
  authentication so we need a way to get username and password into the http
  header. In the Oracle BPEL Process Manager Administrator's Guide 10g
  (10.1.3.1.0) section 1.3.4.1 HTTP Basic Authentication (10.1.2.0.2) is stated
  that this can be done using the properties httpUsername and httpPassword. I
  have set the 2 for the partner link in bpel.xml but username and password does
  not get in to the http header. Has anybody got an idea?
  Regards Pete

  I'm having the same sorts of problems with 10.1.3.1.0. I've got a deployed BPEL suitcase that's trying to hit a BASIC AUTH-secured web service running on a WebLogic 8.1 server. I've set up my partner link according to the documentation, and the BPEL console Descriptor tab even shows the parameters correctly:
  partnerLinkBindings      
  client      
       wsdlLocation      awardService.wsdl
  spsAwardSubmitPartnerLink      
       basicHeaders      credentials
       basicUsername      ko1
       basicPassword      xxxxx
       wsdlLocation      IAwardDraftServiceRef1.wsdl
  However, when I funnel the resultant call to the endpoint specified in IAwardDraftServiceRef1.wsdl, none of the fields I would expect show up in the HTTP header:
  POST /pd2WebServices/service/IAwardDraftService HTTP/1.1
  Host: vm-orcl-app-srv:4444
  Connection: Keep-Alive, TE
  TE: trailers, deflate, gzip, compress
  User-Agent: Oracle HTTPClient Version 10h
  SOAPAction: ""
  Accept-Encoding: gzip, x-gzip, compress, x-compress
  Content-type: text/xml; charset=UTF-8
  Content-length: 3800
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Body><IAwardDraftSubmitNew xmlns="http://www.caci.com/pd2/pub">
  <IAwardDraft>
  <accessController/>
  <agreementEndDate/>
  Is there some other configuration piece I'm missing?? I've tried the other variation using httpBasicHeaders, with the same results. I even noted that the "Oracle® BPEL Process Manager Administrator's Guide" says that "Starting with Oracle BPEL Process Manager release 10.1.3, all partner link properties are automatically propagated into the HTTP header." I've tried putting "extra" parms in the partner link bindings, but they don't show up either.
  What am I missing??
  Thanks,
  Mike

• Embedding basic http authentication credentials in JNLP file

  I want to embed basic http authentication credentials in the JNLP file.
  Basically, I want the jars to be behind basic http authentication in order to distribute the application only to authorized users (I understand this is not strong security, but it's fine for my purposes) who are all on Windows, and once the java app is initially installed, I never want to have to enter the http login credentials again.
  So I set up the http authentication and in the jnlp file I have:
  <jnlp
       spec="1.5*"
  codebase="http://username:[email protected]"
       href="program.jnlp">
  This doesn't seem to phase the JWS authenticator. So on the first launch from the desktop shortcut I put the credentials in manually and select "save this password in my password list". It seems like I'm in the clear as the next time I launch the application from a desktop shortcut I am not asked for any credentials, but every time the Windows machine is restarted, I get the JWS authenticator again...the password is no longer saved.
  Is there a way to embed the username/password in the JNLP file to get past the JWS authenticator without having to retype the username and password every time the machine is restarted? Or to permanently save the password in the JWS authenticator password list? Or any other way to set it up where once the application is initially installed, the http authentication credentials never have to be manually entered again?
  Thanks!

  Hi everybody,
  I manage to do almost all (I suppose), but I need last help.
  Through SM59 I created the HTTP Destination needed; then, I implemented the code given by SAP here:
  http://help.sap.com/saphelp_47x200/helpdata/en/2d/64d053e74911d6b2e400508b6b8a93/content.htm
  I ran the program, and it gives me the error: "Binder not found for soapAction = null.
  I suppose that I should give the link to the soapAction, but I don't know where in the code.
  Have you any idea?
  Thanks and Regards,
  Francesco

• Internationalizing Basic HTTP authentication browser dialog for UserID

  Is it possible to have multibyte user ID for Basic HTTP authentication? Based on RFC2617 user ID has to be *Text, which basically is ASCII. But I thought maybe someone has a workaround for this limitation. Our entire web app is internationalized, we use UTF-8 as encoding for JPS pages and request processing, and that all works fine, but there is one area where we use Basic HTTP authentication, and so far I was not able to find a way to internatianalize that. Once the resource is reqested, we process request in the servlet and if the user is not authenticated we send authentication challenge response to the browser. Response encoding is set to UTF-8. After user enters the credentials, I process those in the same servlet , again using UTF-8. Of course when I tried to input the japanese ( multibyte)userID, the authentication is failing. I think the browser is corrupting DBCS data once it Base64 encodes it... Does anyone have ideas whether it is possible to internationalize this at all?

  You'll probably need your own ServletFilter to process the authentication header, since servers will mostly decode headers in the locale encoding, regardless of any charset in the Content-type header of the request. Getting browsers to use UTF-8 encoding before base64 might be a bit tricky though.
  It is probably better to use form based login. The procedure for getting UTF-8 encoded form parameters is a well understood FAQ for this forum.

• Issue when receiving SOAP message with HTTPS on non-central adapter engine

  Hi,
  we have a central XI system (PI 7.1 EHP1 SP03) and a non-central adapter engine (XI 3.0) in the DMZ, both systems on HP-UX.
  In the affected configuration scenario, a business partner is sending us IDocs (INVOIC.INVOIC01) over HTTPS with Certificate Authentication and without SOAP Envelope.
  The configuration and security settings seem to be correct, because we've already received several messages successfully over this connection. Now, since several weeks no message arrives anymore in our system, while the business partner always gets a HTTP_OK_200 response. So the messages seem to be accepted by our system, but nothing is shown, neither in the MessageMonitoring or CommunicationChannelMonitoring of the Runtime Workbench, nor in the in the traces/logs of the NetweaverAdministrator (trace level = DEBUG for "com.sap.aii.adapter.soap").
  I also removed the assigned user in the sender agreement which should cause a HTTP_500_error on sender side, but our business partner still got a "OK_200" notification and we didn't find any information in the trace of our system.
  When using TCPGateway to trace the communication, I can see an arriving message and the response, but it's encrypted because of HTTPS.
  1) Did anyone have similiar issues yet?
  2) Are there any further possibilities to check if an incoming message at the SOAP adapter fails?
  3) Which further trace settings can be done, to get most detailed informations about the soap traffic?
  4) Is there a way to decrypt the message of the TCPGateway (e.g. with private key of server)?
  I'm looking forward for any helpful hints or information!
  Regards,
  Juergen

  Issue solved by SAP note 1115650 "J2EE Engine kernel.sda SP20 cumulative patch"

• Performing Basic HTTP Authentication on the iPhone

  Hi,
  I need to perform a HTTP Request with Basic Authentication on the iPhone. To perform the request I use the NSURLConnection and NSMutableURLRequest. The request basically works but I can't get the authentication working. Is there a "convenient" way to do HTTP authentication or do I have to do it by hand?
  Best regards,
  Michael

  Ok thanks - that explains it:
  From the Apple article: "
  Note: Touch ID cannot be used for purchases if Require Password in Settings > General > Restrictions is set to Immediately."
  Not sure why - but clearly intentional.

• How to remove large message stuck in the adapter engine?

  Hi experts,
  We have a large message abt 100 MB stuck in the adapter engine which is causing the J2EE server to restart continuously.
  I have tried increasing the heap sizes and the number of threads in config tool, but no luck. My question here is how to remove that message? Also I checked smq1 and smq2 both are empty.
  Regards.

  Hi Nagasatya,
  This issue is realted to Large amount of data.You have to write condition in the query.I have face same issue,but resolved it.Please do the following steps.
  Go to Configtool and selct the com.sap.aii.adapter.jdbc.svc and set this jdbc service to start manually instead of auto.
  Then restart server0, this time it should be started successfully. Then go to rwb and try to
  find if any jdbc hanging/failed messages are there, if so, cancel them;also deactivate the problematic jdbc communication channel, otherwise itwill poll the data again. After all above, you can manually try to start this jdbc.svc particually.
  Thanks
  Ravi

• Anyone know how to remove a pesky "Authentication Required" box?

  I visited (shame on me!!) a tasteful but adult-oriented art photo site and by mistake clicked on a content link which required a "member subscription" to view. My system attempted to use iTunes to open the file, and it threw an "Authentication Required" nag box on the screen. The box continues, "To access this site, you need to log in to area 'Members_Only' on _____________.com. Your password will be sent in the clear.", followed by fill-in boxes for the Name and Password.
  Now, I have never gone back to that site, yet almost each time I launch iTunes, I get this box, and I actually have to cancel out of it about 15 times in rapid succession before it will disappear from the screen and let the iTunes application display my music browser. Is there a preference cache file that I can trash to get rid of this, without losing any other valuable settings, like my iTunes online store registration info?

  It sounds like iTunes is still trying to access or download something form that site. Let iTunes finish opening. click cancel on the dialog and check the iTunes library, podcasts and other folders.playlists for the unwanted content. Delete it when you find it.
  Tracy

• In RWB----component monitoring --adapter engine-- status

  Hi ,
  In the Runtime work bench component monitoring  if we click on adapter engine we get two tabls
  CCMS Status: Last Retry Jan 26, 2011 1:55:15 PM CET Ping and Self-Test Help
  Ping Status: HTTP request failed. Error code: "404". Error message: "Not Found [http://lYYYY:ZZZZ/AdapterFramework/rtc]" Last Retry Jan 26, 2011 2:03:05 PM CET ... Details
  Self-Test Status: HTTP request failed. Error code: "404". Error message: "Not Found [http://lYYYY:ZZZZ/AdapterFramework/rtc]" Last Retry Jan 26, 2011 2:03:05 PM CET ... Details

  Hi Sandeep,
  Besides updating the patch level to the latest and ensure the SP are in the same level, the notes I would recommend would be:
  #1285224 - Http 404 error in details display for Adapter Engine
  #804124 - HTTP communication with XI Adapter Engine fails (this one you have already mentioned)
  Hope it helps too
  Regards,
  Caio

• RWB - Cache Connectivity Test - Adapter Engine shows error

  Hello Friends,
  In our one production system (PI 7.1), while do 'Cache Connectivity Test' from RWB -> Component Monitoring, it shows the following error for Adapter Engine under Integration Directory.
  Error:
  Cache notification from Integration Directory failed Error when accessing the System Landscape Directory.
  No SLD elements of type SAP_XIAdapterFramework found
  But, Integration Server - ABAP, Integration Server - JAVA shows green color. The messages are flowing through the Adapter Engine fine. i.e I am seeing 2 Adapter Engines under Integration Server in Component Monitoring. One Adapter Engine is in grey and another Adapter Engine shows green color.
  When I click the grey color adapter engine, it immediately turns to red color and some different host name url is displayed (http://<wronghost>:53000/AdapterFramework/rtc).
  So, what could be the problem ?
  Kindly clarify, friends.
  Thanking you.
  Kind regards,
  Jegathees P.

  Hello Jegathees
  Apply the solution in note #804124 HTTP communication with XI Adapter Engine fails. Set the parameters:
  SLD.selfregistration.hostName     
  SLD.selfregistration.httpPort     
  SLD.selfregistration.httspPort    
  as described in the note.
  Regards
  Mark

• Http authentication code

  how to generate basic http authentication code of type digest(auth_type="digest") using jdeveloper,

  When the following code is used to authenticate the HTTP send request using "digest" authentication type. It gives the error below.
  // authentication code
  Properties props = new Properties();
  props.put(OracleSOAPHTTPConnection.AUTH_TYPE, "digest");
  props.put(OracleSOAPHTTPConnection.USERNAME, "userid");
  props.put(OracleSOAPHTTPConnection.PASSWORD, "password");
  m_httpConnection.setProperties(props);
  //Error
  [SOAPException: faultCode=SOAP-ENV:IOException; msg=&quot;WWW-Authenticate&quot; header is incorrect; targetException=java.io.IOException: "WWW-Authenticate" header is incorrect]
       at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
       at oracle.soap.transport.http.OracleSOAPHTTPConnection.send(OracleSOAPHTTPConnection.java:765)
       at org.apache.soap.messaging.Message.send(Message.java:125)
       at mypackage1.SampleStub.Sample(SampleStub.java:184)
       at mypackage1.SampleStub.main(SampleStub.java:57)

• Basic URLs of adapter engine associations properties are missing

  Dear all
  We are running on the nw 7.11 pi version.
  And we recently enabled the ssl on the system.. we have HA in place with web dispatcher.
  We updated the exchane profile parameter with all ssl n required parameters.
  CPA cache refresh is working fine.. but. While doing the Intergration server ABAP cache its failing.
  And we checked the sap note 1678104 under the XRIA assoctiation and as well as under the Basic urls of adapter engine "Secure URL"  properties are missing . Since we r not able to update this property.. the adapter engine is still ponting to http url instead https.
  Please see the screen shot.
  Regards
  Manoj K

  Hi Agasthuri,
  yes, maybe something gone wrong in the post install, I will ask the guy which did the installation of the PI. Therefore I didn't have the logon data for performing a cache refresh, but in the log entries it seems that this is working properly.
  Hi Praveen,
  in Communication Channel Monitoring (In PI this is no longer found under Adapter Monitoring), I can see that the messages are delivered, but I can't see the Audit Log entries there.
  I checked the MDT, but there are also no messages displayed.
  End-to-End-Monitoring seems to be a good solution, but it seems that it is something configured wrong in this installation I will try to get the guy which cares for Basis to look after it.
  Best regards,
  Daniel

• Adapter Engine Load balancing for Messages HTTP SOA/SOE

  Greetings all,
  We are currently implementing our SOE/SOA solution utilizing SAP services between a .Net Application.  Basically .Net -> PI -> ECC and back.
  We are load testing the system and are now experiencing the CI getting overloaded.
  We have upped the Thread Count (Thread Manager 350 and System Threads 120) and the Queue thread from 5 to 20. 
  We are using SOAP with Principal Propagation.
  There is a hardware load balancer we are using which can spread the load between multiple application servers.  We modified the SLDRegistration host and ports (http/https) in Visual Administrator (SAP XI AF CPA Cache) in the global server node.
  In SXI_CACHE Got -> Adapter Engine Cache, it displays http://<sidms>:<port>/MessagingSystem/receive/AFW/XI
  Is this where the load balancer should be placed with the port name?
  Any help would be appreciated.
  Thanks

  Hi Rocco
  For switch over environment setup look at SAP Note 774116
  Did you referred High availability guide
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/cefe0399-0701-0010-8d86-b6b31cc5a681
  Looking at your requirement. Check withe the Use cases of F5 application setup for E SOA. That can help
  Thanks
  Gaurav