SAP Fiori Basic Authentication Popup

Similar Messages

• Fiori Launchpad - Basic authentication popup

  Hi,
  I have used the std. class /UI2/CL_SRA_LOGIN for Fiori launchpad log in screen. When there is no user action for long time and the session cookie gets expired; any operation performed(like selecting an app) in this case is bringing a browser basic authentication popup.
  How to avoid this by either taking the user to initial login screen instead of the authentication popup ?
  Tags edited by: Michael Appleby

  Hi Aakash,
  Please upload the screenshot. Is it critical issue or just a nice to have?
  From end user point of view, I prefer popup because I can continue the work from the last point. The best is IT sets up SSO.
  Regards, Masa
  SAP Customer Experience Group - CEG

• Login via Basic Auth popup

  Hi, i have sap fiori running and i need GBAPP_PRAPPROVAL service to display basic authentication prompt.
  Currently i have configured global settings to use the class CL_SRA_LOGIN.
  I modified the system logon on the Error Page tab and i am able to display the login page that says "via popup" in the textboxes and then click to show the popup but i don't want the page to appear at all, i want only the http basic auth popup directly when you access the url of the service. How can i achieve this?
  Thanks!
  Andres

  Could you please paste a screenshot about what would you like to achieve?

• IIS Reverse Proxy and Basic Authentication

  Hi,
  we've currently put a WebAS 6.40 serving a BSP Application in our Appl-DMZ. For the access via Web the IIS Reverse Proxy is used, which works fine as long as you use a service for which a user is provided (in SICF). But if you don't provide a user in the service (in order to debug the BSP Application) you have to authenticate yourself using Basic Authentication (Browser Popup) which does not work (the popup returns and returns ...)
  I' ve browsed the forums and it seems that the IIS Reverse Proxy does not support (the forwarding) of Basic Authentication "requests".
  So my question, does someone exactly know if the IIS Reverse proxy supports Basic Authentication or not ?
  Thanks,
  Markus

  Hello Markus,
  1. have you checked out Alon Weinstein's Weblog <a href="/people/sap.user72/blog/2005/02/23/the-reverse-proxy-series--part-2-iis-as-a-reverse-proxy">The Reverse Proxy Series -- Part 2: IIS as a reverse-proxy</a>?
  2. Is the IIS a must? Can you give Apache or SAP Web Dispatcher a try. Prakash Singh wrote a Weblog <a href="/people/prakash.singh4/blog/2005/08/16/how-to-setup-webdispatcher-to-load-balance-portal-in-a-clustered-environment">How to setup webdispatcher to load balance portal in a clustered environment</a>.
  Regards
  Gregor

• How do I protect my JNLP, my JARs etc. (with Basic Authentication)???

  hi all,
  i know that there is a FAQ ( [see here|http://lopica.sourceforge.net/faq.html#obfuscate] ) answering a related question with "You can use an obfuscator...". ok, but is there really no other solution?
  this is the simplified folder structure of my application on the server:
  [application]
    [etc]
      xyz.xml
    [jars]
      myapp.jar
    launch.jnlp
  website.jsp
  initial start and basic authentication:*
  my first idea was to secure everything underneath "application" with basic authentication via my web.xml (yes, i'm aware of the security concerns). this means everybody can access my website (here: website.jsp) which contains a start button that links to "launch.jnlp". as soon as the user clicks on it, the browser opens its standard authentication dialog since launch.jsp is in a protected area. after entering the correct credentials the jnlp-file is downloaded and java web start takes over control. first of all it seems as it tries to access the same jnlp-file again (??? --> probably in order to check for changes in the jnlp file --> this is certainly not the case for the initial startup) and then wants to download the relevant jar (myapp.jar). because both resources are protected jws opens its own basic authentication dialog where i have to enter the same credentials the second time. as far as i know, there is no solution to pass the credentials between the browser and the jvm.
  second start and basic authentication:*
  if the user starts my application for the 2nd, 3rd, ... time via desktop-link (set in jnlp-file) there is no need for accessing my website with a browser. therefore only the authentication dialog of jws gets displayed. so far, so good!
  and now the actual problem:*
  during runtime my application (signed with verisign certificate and having all permissions) uses commons-vfs and commons-httpclient to access resources on the same server (e.g. etc/xyz.xml). since they're underneath the protected "application" directory as well, my application needs the same credentials the user already entered in the authentication dialog of jws. now i could retrieve these credentials by calling Authenticator.requestPasswordAuthentication() within my application and passing them to vfs and httpclient. however, doing so opens up jws' authentication dialog again. grrr!!! is there a way to prevent this?
  related thougts:*
  i know i could disable jws' default Authenticatior and set my own Authenticator which might be able to return already entered credentials without opening the dialog a second time. however, it seems that even with <property name="javaws.cfg.jauthenticator" value="none" /> jws still opens its own dialog when acessing the JNLP file and the relevant JARs during the startup/download phase. of course, who else if not jws could handle that phase? my application might not even be downloaded at this point. so i guess setting my own Authenticator would not be a solution either (at least not if i want to secure my jnlp and my jars, too). quite the contrary, it would have to open another dialog... :-(
  my current solution:*
  for the moment i use jws' default Authenticatior which allows me to easily protect all my stuff on the server side (jnlp, jar, etc). i can live with the two login dialogs at the initial startup. and instead of querying the credentials from jws' default Authenticatior at runtime, i set two system properties for username and password in the (protected) jnlp-file, query them at runtime and hand it to vfs and httpclient. this prevents the 2nd (or 3rd) dialog but is definitely not a great solution. most of all i'm not happy with the fact that this somehow "destroys" the container-based security advantage of easily configuring authorized users via a separate mechanism e.g. tomcat-users.xml. now there has to be one master-password that has to be set in the jnlp-file! grrr!
  a possible alternative:*
  i'm not sure but would it be better to secure everything with form-based authentication on the website, and dynamically generate username and password into the jnlp-file? but what happens when the admin changes the password on the server and the user starts its application via desktop-link??? in case of basic authentication i think jws would popup the login dialog again. however, if i use the old username and password generated into the jnlp it won't work. i think the user then has to access the website again. this is not good at all! :-(
  the only real solution:*
  should i write a small application which can be downloaded by everybody and on startup queries the user's credentials, validates them with the help of our server, and uses the javax.jnlp-api to download the secured JARs of my real application? this seems so much overkill! does anybody have experiences with this approach? how difficult is it to implement the whole download/update stuff with javax.jnlp?
  WHAT HAVE I MISSED???
  AM I COMPLETELY WRONG???
  WHAT IS THE EASIEST WAY???
  AND WHAT IS THE BEST WAY???
  thank you so much,
  stephan

  Not sure, whether I understood correctly, what you wanna do - but up to now I can't see any problem.
  if you have a structure like this:
  /ctxroot/
         launch.jnlp
         /app/
             *.jar
             *.whateveryou may use in your web.xml:
       <servlet>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <servlet-class>jnlp.sample.servlet.JnlpDownloadServlet</servlet-class>
       </servlet>
       <servlet-mapping>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <url-pattern>*.jnlp</url-pattern>
            <url-pattern>/app/*</url-pattern>
       </servlet-mapping>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Application</web-resource-name>
                 <url-pattern>/app/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <role-name>bla</role-name>
                 <role-name>fahsel</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Subscription</web-resource-name>
                 <url-pattern>*.jnlp</url-pattern>
            </web-resource-collection>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>whatever-realm</realm-name>
       </login-config>
       <security-role><role-name>bla</role-name></security-role>
       <security-role><role-name>fahsel</role-name></security-role>
  ...Than you may use the Service stuff like:
       BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
       URL codeBase = bs.getCodeBase();
       URL pu = new URL(codeBase.toString() + "whatever.bla");
       HttpURLConnection res = (HttpURLConnection) pu.openConnection();
       res.setInstanceFollowRedirects(true);
       res.setRequestMethod("GET");
       res.setConnectTimeout(10 * 60 * 1000);
       res.connect();
       String enc = res.getContentType();
  ...Where is the problem? If you wanna intercept certain "calls" to an app resource, just use a filter, which decides, whether to answer the request directly by itself or to pass it to the JnlpDownloadServlet ...

• Error - SAP Fiori (CRM standard application)

  Hi Experts,
  We are implementing standard CRM Fiori application – My Opportunities. No customization has been done to this app.
  Error is appearing while trying to open “Account” popup window. Error message is as below.
  {"error":{"code":"005056A509B11ED1B9BF9F46AA8E82ED","message":{"lang":"en","value":"In the context of Data Services an unknown internal server error occured"},"innererror":{"transactionid":"56E6CDE42550F16B8C7790B11C17C9CA","timestamp":"20150319031631.3160000","Error_Resolution":{"SAP_Transaction":"Run transaction /IWFND/ERROR_LOG on SAP NW Gateway hub system and search for entries with the timestamp above for more details","SAP_Note":"See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)"}}}}
  Log file description in Tcode : /IWFND/ERROR_LOG - Dereferencing the NULL reference.
  System details:
  SAP Netweaver 7.4 SP 06.
  SAP CRM 7.0 EHP 3
  SAPUI5 library - 1.26.8
  UIX02CRM 100 – SP03
  Please suggest how to resolve this error. We have implemented below SAP notes.
  1979694
  Fiori App: Enhance Log Display of Changes in My Opportunitie
  1996733
  Multiple transaction types in My Notes App - DDIC Object
  1996734
  Multiple Transactions in My Notes App - SNOTE changes
  1997578
  Employee Responsible Blanking out - LEAD
  1997580
  Employee Responsible Blanking out - Opportunity
  1998138
  Accept/Reject Lead- Employee Responsible check
  1999951
  Accept/Reject Lead- Employee Responsible check- DDIC
  2014206
  Change pointers for marketing attributes in CRM
  2015743
  CRM Fiori: My Opportunites / My Leads - Set the maximum hit
  2048330
  Fiori Opportunity Search: Filtering by Opportunity ID issue
  2103131
  SAPUI5 Fixes for update via SMP
  2107709
  Corrections for Fiori App: My Opportunities
  2108617
  Hotfix 1.26.3 for UI AddOn SP11 SC:UI2_SRVC
  2111116
  Enable own support-message-system for Fiori Embedded Support
  2111618
  Sorting order of role menu entries for folders /reference us
  2115450
  Fix: Remove AUTH_DEFAULT in SAP Fiori content checker
  2119477
  UI theme designer for ABAP: Version 1.8.1
  2119807
  Fiori: Filter with Date attribute is not working as expected
  2119878
  Creation of server relative URL for non-Fiori business apps
  2123909
  Fiori Launchpad Designer - SP11 functional corrections
  2126801
  SAPUI5 Repository Load / Http: .Ui5RepositoryIgnore and othe
  2128620
  Image upload corrections in Suite Page Builder Application
  2128676
  SAPUI5 upgrade to version 1.26.8
  2135804
  SAPUI5 patch via SMP - better error handling
  2137006
  Suite Page Builder - Corrections for the disable personalization.
    Thanks & Regards,
  Jyoti Prakash Das

  Hi Masa,
  The CRM version in our landscape is : CRM 7.0 EHP3
  But we have installed below versions in Fiori.
  UIX02CRM (release 100) SP3.
  GBX02CRM SP3
  Please suggest whether we need to uninstall them and install new versions(CRM001-CRM 7.0 EhP3 SPS07).
  Also system does not allow to uninstall existing components. Please advice on this.
  Thanks,
  Jyoti Prakash Das

• How to get Approver text in SAP Fiori

  Hi All, We have implemented SAP Fiori for Purchase Requisition approval. Every thing is working fine. When I click on approve or Reject  button to take action, I am getting a popup to add approver's note. Its option only. Even if I enter, it's not getting stored in Purchase Requisition. Could some one help me in getting the approval note back. How and where should I go and check to get the approver note. Regards, Sasi
  Tags edited by: Michael Appleby

  Hi Masa, Thanks for your answer. I found other way While debugging in Class        CL_GBAPP_APV_PR_API Method      SET_DECISION_RELEASE I found the system was trying to check for text id as 'B08'. But as we don't have any text id created with 'B08', comment was not stored any where in SAP. Hence I have created new text id 'B08' in SE75 transaction under text object 'EBAN'. This has added the new text it to PR screen automatically and I can able to see the approval comments in PR transaction without any BADI implementation. Regards, Sasi

• SAP Fiori 1.0 in Netweaver 7.4

  Hi,
  Currently I have a server that running EHP7 for SAP ERP 6.0, would like to install SAP Fiori (25 apps only). I was trying to installing the Fiori Purchase Order 1.0, during installation it have problem when import the GBAPP001 as I think is due to the IW_BEP as earlier NW version is an add-on components but in NW 7.4 is bundled in SAP_GWFND. Therefore suspect it unable to find the correct component path to install.
  Would like to check, basically is it advisable to install SAP Fiori Purchase Order in Netweaver 7.4 or it better install the latest SAP Fiori for SAP ERP 1.0 in NW 7.4.
  Thanks.

  Hi Adrian,
  Important Note: Please use new UI with new SAP Fiori Launchpad
  New UI components have UI extension points and work with new SAP Fiori Launchpad.
  Please find correct components based on your Backend version.
  SAP Fiori - Add-on quick reference for transactional apps
  Regards, Masa
  SAP Customer Experience Group - CEG

• Basic authentication not working for portal application

  HI All,
  i have a portal application where I have a servlet. i want to use basic authentication for this servlet.
  to archive this i have followed http://docs.oracle.com/cd/E14571_01/web.1111/b31974/adding_security.htm
  and configured basic authentication, also add web-resource in web.xml for the url to access the servlet.
  my web.xml look like (copied is only security section from web.xml)
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>adfAuthentication</web-resource-name>
        <url-pattern>/adfAuthentication</url-pattern>
      </web-resource-collection>
      <web-resource-collection>
        <web-resource-name>All</web-resource-name>
        <url-pattern>/faces/Auto-connect</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>valid-users</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>BASIC</auth-method>
    </login-config>
    <security-role>
      <role-name>valid-users</role-name>
    </security-role>
  this works when in run the application in JDeveloper i.e. when i try to access http://localhost:7101/MyApp/faces/Auto-connect it ask for basic authentication (the popup) and when i access http://localhost:7101/MyApp/ it takes me to home page for login , but doesn't work when i deploy the application in weblogic 11g.(deployment done using Enterprise Manager console (EM console) (for both URL no popup).
  i tried Google around it but didn't get any solution please provide your input and guide me.
  thanks
  -somesh

  Hi,
  Before deploying, have you changed:
  Application properties -> Deployment
  Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
  Kind Regards

• Basic Authentication, how to make it work?

  Your input will be highly appreciated.
  I am trying to make http basic authentication work in BEA Weblogic, and I am using
  'examplesWebApp' as my sample program. So far, I can see the browser popup dialogbox,
  but I always got authentication failure message after I gave login and password.
  Steps which I did:
  1. Start server - Start examples server which is weblogic700/samples/server/config/examples/startExamplesServer.sh
  (I am on Sun's Solaris).
  2. Start descriptor editing window -- In Management Console, select Deployment -->
  Web Applications --> examplesWebApp, then start "Edit Web Appliation Deployment Descriptors.."
  in another browser window.
  3. Login Config - In the new window, select "Web App Descriptor", then "Configure
  a new Login Config...", then select "Basic" for Auth Method , and type in "myrealm"
  for "Realm Name".
  4. Specify constraints - Select "Security Constraints", and then "Configure a new
  Security Constraint". Use "MySecurity Constraint" as the display name, and use "MyWeb
  Resource Collection" as Resource Name. Type in /* in the "Url Patterns" field.
  5. Configure a security role - Select "Security Constraints", and then "Configure
  a new Security Role". Type in Admin for "Role Name".
  6. Configure a Auth Constraint - Select "Security Constraints" --> "MySecurity Constraint",
  then "Configure a new Auth Constraint...". Click on Create button in Configuration
  tab, then move Admin from Available to Choosen column, then click on Apply
  7. Persist these changes and then restart the server
  That's all what I did, and then I use 'weblogic/weblogic' as login/password to try
  to login to http://localhost:7001/examplesWebApp/HelloWorld2. I can see the popup
  dialogbox, but I always get a failure message. By the way, weblogic/weblogic (login/password)
  always work for Management Console window.
  The user "weblogic" is a user defined in myrealm, and it is also in Administrators
  group. The role definition of "Admin" in myrealm has "Caller is a member of group
  Administrators" as one of its conditions. So my understanding is that it should work,
  but unfortunately it doesn't. I must miss some steps or part of my understanding
  may not be right.
  Hope somebody can give me some help.
  Thanks.
  Yunpeng Zhang

  Hello Abhilash,
  lets check what is the authentication selected for the Central Admin web applicaiton.
  go to CA --> Appliaction management --> manage web applicaiton --> select the central admin web app --> on the top ribbon select "Authentication Providers".
  here , verify under IIS authenticaiton settings section, which option is selected, if the basic authenticaiton check box is checked, please uncheck it and select "integrated Windows Authentication".
  if this doesnt work, 
  try unprovisioning and reprovisioning the CA usning command ..
  psconfig.exe -cmd adminvs -unprovision
  psconfig.exe -cmd adminvs -provision -port 0000 -windowsauthprovider onlyusentlm
  REF: http://technet.microsoft.com/en-in/library/cc263093(v=office.14).aspx 
  or ..
  if you have other servers in the farm, you can just start the Central Admin service on other server and stop it on the current one from "Services on server
  " option on CA.
  let me know afterwards ...
  Thanks, Noddy

• Calling web service with basic authentication from EP "unauthorized"

  Hello,
  I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
  <b>com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
  Problem in server response: [Unauthorized].</b>
  I'm using the following code for calling the .NET web service:
  <b>...</b><i>Licence_GetList lParameter = new Licence_GetList();
  lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
  ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
  ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
  Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);</i><b>...</b>
  I've also configured a http system in the portal system landscape using the following parameters:
  <i>Authentication Method : Basic Authentication
  Authentication Type : Server
  User Mapping Type : admin,user</i>
  The user mapping is also personalized for this system!
  What's wrong? Please help! This is really urgent!
  Kind Regards
  Joerg Loechner

  Hello Renjith,
  here is a small cutout of my "portapp.xml";
  <services>
    <service alias="LicenceManager" name="LicenceManager">
      <service-config>
        <property name="className" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager"/>
        <property name="startup" value="false"/>
        <property name="WebEnable" value="false"/>
        <property name="WebProxy" value="true"/>
        <property name="SecurityZone" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager/
                 DefaultSecurity"/>
      </service-config>
      <service-profile>
        <property name="SystemAlias" value="LicMan_NET"/
      </service-profile>
    </service>
  </services>
  I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
  Regards
  Joerg Loechner

• Consuming a Web Service via SSL with Basic Authentication

  Hello,
  I have a simple web service (returns a parameter value) and want to consume it. Therefore I have generated a proxy for its in Netweaver Studio SP13.
  When I set up the web service to be accessed via HTTP and Basic Authentication (Username/Password), everything is fine. When I set up the web service to communicate via HTTPS, I get the following error message in my client:
  java.rmi.RemoteException: Service call exception; nested exception is:
       java.lang.NullPointerException
       at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:87)
       at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:96)
       at priv.se.wsclient.MultiSecSSL.main(MultiSecSSL.java:38)
  Caused by: java.lang.NullPointerException
       at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.disconnect(HTTPSocket.java:625)
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.closeSession(HTTPTransport.java:396)
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1312)
       at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:80)
       ... 2 more
  Testing the web service with WebServiceNavigator and/or by using a generated WebDynpro Client results in the following error:
  000D604C66BE004E0000001300000AFC00040922E0160632 : An error occurred during processing the timestamp. The error was: com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..
  But my main focus is on the client implementation based on a proxy. Here comes the client's code:
  public class MultiSecSSL {
      public static void main(String[] args) {
          try {
              MultiSecuritySSLAuthImpl serviceInterface = new MultiSecuritySSLAuthImpl();
              SSLBindingStub service = (SSLBindingStub)serviceInterface.getLogicalPort(MultiSecuritySSLAuthViDocument.class);
              SecurityProtocol protocol = (SecurityProtocol) service._getGlobalProtocols().getProtocol("SecurityProtocol");
              AuthenticationContext auth = protocol.getAuthenticationContext();
              auth.setIgnoreSSLServerCertificate(true);
              auth.setUsername("cfpcompany");
              auth.setPassword("demo");
              String ret = service.pingText("Called service MultiSecurity via SSL");
              System.out.println(ret);
          } catch (Exception e) {
               e.printStackTrace(System.out);
  Here comes the logical port information of the generated proxy:
  <?xml version="1.0" encoding="UTF-8"?>
  <LogicalPorts Name='MultiSecuritySSLAuth' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuth'>
    <LogicalPort Name='SSLPort_Document' Endpoint='https://192.168.129.76:50001/MultiSecuritySSLAuth/SSL?style=document' BindingName='SSLBinding' BindingUri='urn:MultiSecuritySSLAuthWsd/SSL/document' BindingImplementation='SOAP 1.1 HTTP Binding with Attachments' StubName='priv.senw04.wsproxy.multisec_ssl.SSLBindingStub' Default='true' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuthViDocument' Original='true' Valid='true'>
      <globalFeatures>
        <Feature Name='http://www.sap.com/webas/630/soap/features/headers/' Provider='SoapHeadersProtocol' Original='false'>
        </Feature>
        <Feature Name='http://www.sap.com/webas/630/soap/features/session/' Provider='SessionProtocol' Original='false'>
          <Property Name='SessionMethod' Value='httpCookies'>
          </Property>
        </Feature>
        <Feature Name='http://www.sap.com/webas/630/soap/features/authentication' Provider='SecurityProtocol' Original='true'>
          <Property Name='AuthenticationLevel' Value='None'>
          </Property>
          <Property Name='AuthenticationMechanism' Value='HTTP'>
          </Property>
          <Property Name='AuthenticationMethod' Value='BasicAuth'>
          </Property>
          <Property Name='SupportsSSO2Authentication' Value='false'>
          </Property>
        </Feature>
        <Feature Name='http://www.sap.com/webas/630/soap/features/transportguarantee' Original='true'>
          <Property Name='Level' Value='No'>
          </Property>
          <Property Name='TLSType' Value='SSL'>
          </Property>
        </Feature>
      </globalFeatures>
      <localFeatures>
        <Operation Name='pingText'>
          <Feature Name='http://www.sap.com/webas/630/soap/features/wss' Original='true'>
            <Property Name='RequestPolicy' Value='Signature'>
            </Property>
            <Property Name='ResponsePolicy' Value='None'>
            </Property>
          </Feature>
          <Feature Name='http://sap.com/webservices/authorization' Original='true'>
          </Feature>
        </Operation>
      </localFeatures>
    </LogicalPort>
  </LogicalPorts>
  To me, this looks consistent. Any idea, what is misconfigured on my machine ?

  Hi Martin,
  that is exactly, what I did.
  - Change Web Service Configuration in IDE
  - Build and Deploy the Service to my local Server
  - Check Service in Visual Administrator
  - Deleted and Regenerated the Standalone Proxy
  - Deleted and Recreated the link between CLient and Proxy Project in IDE
  - Started Client
  Here comes the section of the ws-deployment-descriptor.xml of the service. For me, it matches, what the proxy generated.
    <webservice>
      <guid>ed8363_10876a54b6d__7fe9_192_168_129_76_1135862193037</guid>
      <ejb-name-temp>MultiSecWSBean</ejb-name-temp>
      <webservice-name>
        <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
        <localName>MultiSecuritySSLAuth</localName>
      </webservice-name>
      <webservice-internal-name>MultiSecuritySSLAuth</webservice-internal-name>
      <standard-namespaceURI>urn:MultiSecuritySSLAuthWsd</standard-namespaceURI>
      <ws-configuration>
        <configuration-name>SSL</configuration-name>
        <ejb-name>MultiSecWSBean</ejb-name>
        <service-endpoint-name>
          <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
          <localName>SSLPort</localName>
        </service-endpoint-name>
        <wsdl-porttype-name>
          <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
          <localName>MultiSecuritySSLAuthVi</localName>
        </wsdl-porttype-name>
        <webservice-definition-ref>
          <package>com.technidata.cfp.i3rdparty.cfpxml</package>
          <name>MultiSecuritySSLAuthWsd.wsdef</name>
        </webservice-definition-ref>
        <service-endpoint-vi-ref>
          <package>com.technidata.cfp.i3rdparty.cfpxml</package>
          <name>MultiSecuritySSLAuthVi.videf</name>
        </service-endpoint-vi-ref>
        <transport-binding name="SOAPHTTP_TransportBinding">
          <wsdl-binding-name>
            <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
            <localName>SSLBinding</localName>
          </wsdl-binding-name>
        </transport-binding>
        <transport-address>/MultiSecuritySSLAuth/SSL</transport-address>
        <global-features>
          <feature name="http://www.sap.com/webas/630/soap/features/transportguarantee" protocol="SecurityProtocol">
            <property name="TLSType" value="SSL"/>
          </feature>
          <feature name="http://www.sap.com/webas/630/soap/features/authorization" protocol="SecurityProtocol"/>
          <feature name="http://www.sap.com/webas/630/soap/features/authentication" protocol="SecurityProtocol">
            <property name="AuthenticationMethod" value="BasicAuth"/>
            <property name="AuthenticationMechanism" value="HTTP"/>
            <property name="SupportsSSO2Authentication" value="false"/>
          </feature>
        </global-features>
        <operation-configuration uniqueViName="pingText(java.lang.String)">
          <transport-binding-configuration>
            <input>
              <property name="soapAction" value=""/>
              <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
            </input>
            <output>
              <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
            </output>
          </transport-binding-configuration>
          <feature name="http://www.sap.com/webas/630/soap/features/wss" protocol="SecurityProtocol">
            <property name="RequestPolicy" value="None"/>
            <property name="ResponsePolicy" value="None"/>
          </feature>
          <feature name="http://sap.com/webservices/authorization" protocol="SecurityProtocol">
            <property name="security-roles">
              <property name="role1" value="use_multisec_service"/>
            </property>
          </feature>
        </operation-configuration>
      </ws-configuration>
    </webservice>
  Regards,
  Stefan

• Basic authentication only works for some webservices?

  I'm trying to call the SAP BI/BO REStful webservices using basic authentication. I enabled basic authentication in the WACS and tested with this service:
  http://host:6405/infostore/16422
  This works! I can get the report metadata as either xml or json. However, whenever I try an url with "raylight" in it, I get an authentication problem:
  http://host:6405/biprws/raylight/v1/documents/16422/parameters
  error_code: "1"
  message: "No session found in HTTP header X-SAP-LogonToken"
  Why do some services work with basic authentication and others absolutely require the logontoken? I would like to avoid the logontoken if possible. I tested by logging on with the token and that does work, so it's not like my credentials are wrong.
  I also found the a problem with the raylight logontoken described here: RESTful Raylight Error Incorrect session
  Apparently, there needs to be double quotes around the logontoken for it to work. Could this "bug" be the reason why basic authentication doesn't work? I already tfried to put double quotes around and inside my base-encoded value but it still gives the same error.

  Hello,
  Raylight doesn't support basic authentication because it required a permanent session to work. Internally, we have to manage a "cache" to support subsequent REST calls and this is not possible using basic authentication.
  Regards,
  Anthony

• Basic authentication when calling a web service

  I am attempting to call a web service using ActionScript. The
  web service provider requires that I use HTTP Basic Authentication
  to communicate my SOAP requests. I cannot seem to get this done in
  ActionScript. If I instantiate a WebService object and call its
  SetCredentials method, I get an error "Authentication not supported
  on DirectHTTPChannel (no proxy)". I have the WebService object's
  useProxy property set to true. HELP!

  I know this is five years later on this forum but there's no solution here or on any other forum.  So after two day's of hammering this out I was able to produce a workable solution.  Create a new user account for testing.
  Wu_Xiao's explanation of the issue was dead on.  The WebService does a GET then a POST and for the GET we are unable to supply the Authorization in the header and this is why we get the popup. The POST has the Authorization but it already to late. 
  Take these actions
  1 Create a new user on the machine with the web services. Start with a simple name and password (text only)  I had issues with different users. Start clean and simple.
  2 Copy your web services a second usable service.  You'll see in my example below i have Ive copied  ServicesSECURE/Services1.asmx?WSDL to ServicesDEFINITION/Services1.asmx?WSDL
  3 Remove all of the code inside of your services making the new set of service like a definition service. Make sure all of the inputs and outputs are the same. ServicesDEFINITION will have no coding and empty returns.
  Example  
  [WebMethod]
          public String CountUsers(string group)
              return "";
  4 Implement the code below. Call the init() right away to instantiate the web service and wait until it loads to use any of the services.  I use a button event to test.
  private var testws:WebService = new WebService;
    private function init():void
    testws.wsdl="http://test.com/ServicesDEFINITION/Services1.asmx?WSDL";
    var encoder:Base64Encoder= new Base64Encoder();
    encoder.insertNewLines = false; // see below for why you need to do this
    encoder.encode("USERNAME:PASSWORD");
    testws.httpHeaders = {Authorization:" Basic " + encoder.toString()};
    testws.loadWSDL();
    testws.addEventListener("load", wsdlLoadHandler);
    protected function test_clickHandler(event:MouseEvent):void
    testws["CountUsers"].addEventListener(mx.rpc.events.FaultEvent.FAULT,testFaultHandler);
    testws["CountUsers"].addEventListener(mx.rpc.events.ResultEvent.RESULT,testResultHandler) ;
    testws.endpointURI="http://test.com/ServicesSECURE/Services1.asmx?WSDL";
    testws.getOperation("CountUsers").send("Test");
    protected function wsdlLoadHandler (event:LoadEvent) : void
    //the service has to load before using the getOperation function
    //you could try using mx.core.UIComponent.callLater from
    //this listener and call the gettestws.getOperation("Co....
  So you'll see that the ServicesDEFINITION (GET) is called and grabs the definition of the Service1 service but this unsecured services is useless because we've removed all of the code.  After the definition GET is called we can change the end point using endpointURI and perform the POST against our secure ServicesSECURE.

• Error in basic authentication after SPNego implementation

  Hi all!
  I have implemented integrated Windows authentication (SPNego-Kerberos) and after change login modules some external applications developed in .NET using Basic authentication couldn't logon. I know this error can be fixed modifing .NET code but in this company we don't have an knowleadge of all the applications consuming PI Web Servicies in production environment.
  Do you have an idea to solve this?
  Thanks in advance.

  Hi All,
  thanks for your help. We have rised OSS note to SAP and they have identifyed that the problem is in MDM Java API and Portal Contents. They provided fix (Patch 14) and now it is OK - see SAP note: Note 1464966 - MDM 7.1 SP04 Patch12 Release Note
  MDM Java API:
  Fixed: During the creation of the MDM session with MDM repository from MDM portal standard iViews or custom application (standalone or in portal), the following error message appears in the portal default trace: "Can not authenticate repository session# because user password is not specified" or "Can not trust user session.."  and in addition, the corresponding trace logs contains the following entry "BlobCacheImpl.retrieveSchema" (O 320008 2010 and O 327326 2010).
  MDM Portal Content (iViews):
  Fixed: During the creation of the MDM session with MDM repository from MDM portal standard iViews, the following error message appears in the portal default trace: " Can not authenticate repository session# because user password is not specified "  or "Can not trust user session.."  and in addition, the corresponding trace logs contains the following entry "BlobCacheImpl.retrieveSchema". If the corresponding MDM Java API fix has been applied, applying the MDM iViews fix is not required, since the Java API issue should be sufficient (O 320008 2010 and O 327326 2010).
  Thanks&Regards,
  ILIN