SOAP Basic Authentication - How to create a limited user access
Hello
I have a lots of scenarios that use XI´s WebService for integration. For the 3rd party systems be able to use the WebServices, they need an authentication in Web Application Server.
The question is: How can I create a user with LIMITED access to ONLY ONE Webservice in XI ?
For example, I want a user called webservice1 that can access only http://myserver:50100/XISOAPAdapter/MessageServlet?channel=:SERVICE:SOAP_Sender_CC.
I don´t wanna use HTTPS because the 3rd party systems are very limited and they don´t have HTTPS support.
Thanks
Yes, I have up the user in the Send Agreement. My SOAP Adapter Communication Chanel is configured there.
I´m using the correct user in webservice authentication. Its the same I created in SU01.
Without those authentication configurations (when All users can use the webservice), I can log in with this user. But when I restrict by doing the configurations, it doesn´t work.
I just made a test by restricting the service for another user and the error message is different.
When I log with a different user than the configured one, the error is:
java.security.AccessControlException: USER has no permission for accessing party service :SYSTEM_TEST...
When I log with the configured user authentication, the error is:
com.sap.aii.af.ra.ms.api.DeliveryException: XIServer:NO_EXEC_PERMISSION:....
Seems there´s still some missing configuration.
Thanks
Similar Messages
-
How to create a new user over HTTPS
Hi. I have set up conf.xml and web.xml so that when the user accesses a page in the secure area of the website, then they are taken to a login page where they enter their username and password and the form calls j_security_check on the server. All this happens over SSL as the transport garauntee is CONFIDENTIAL. But how to create a new user over HTTPS? If I have a create new account pages in the secure area of the website, then the only way the user can access these pages is by logging in, but they don't have a login as yet.
An update. It looks that if the auth-constraint section (which lists the roles that can access this area) is missing, then everyone can access the region and it is over HTTPS. So far, the following seems to be working
<security-constraint>
<display-name>View My Account</display-name>
<web-resource-collection>
<web-resource-name>My Account Area</web-resource-name>
<url-pattern>/myaccount/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/newaccount/login.html</form-login-page>
<form-error-page>/newaccount/loginerr.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>myrole</role-name>
</security-role>
<security-constraint>
<display-name>Create New Account</display-name>
<web-resource-collection>
<web-resource-name>New Account Area</web-resource-name>
<url-pattern>/newaccount/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint> -
How to create a new user account?
Hi,
Could you point me to the document/maunal on
how to create a new user account for OS X 10.4?
I somehow couldn't find that from Apple web site.
And I found one here:
http://www.mcelhearn.com/article.php?story=2004110211244242
and followed the instruction:
# echo 'henry::512:512::0:0:Henry James:/Users/henry:/bin/bash' | sudo niload -v passwd /
but nothing happened. Either this doesn't work with
V10.4 (which I use), or I missed something.
Any pointer would be much apprecaited.
Thanks.
Macbook Pro Mac OS X (10.4)Hi Allan and Simon,
Thanks for your responses.
Sorry I didn't make my question clear. I meant:
"How to create a new user account with command line"?
The GUI (System Preference) would work. But I'd like
to how to do it from command line (just like on Unix).
Any inputs would be appreciated.
Thank you.
Macbook Pro Mac OS X (10.4)
Macbook Pro Mac OS X (10.4) -
How to create a new User / Contact using APIs
I am not able to figure out how to create a new User / Contact in WLPS using APIs
. Is there a factory class ?
Thanks,
AJHi Bala,
Try using these function modules
SUSR_BAPI_USER_CREATE
BAPI_USER_CREATE
BAPI_USER_CREATE1
BAPI_USER_INTERNET_CREATE ( This internally calls BAPI_USER_CREATE1)
Please read the FM documentation for more information. -
How to create a new user id in OID for Oracle Collab suite File System
Dear Friends,
I want to know how to create a new user id in the oracle internet directory where i can use that user for the new subscription of the oracle collabration suite file system..
Please do the needfull and thanks in advance...
With warm regards
R.PrasadHi!
The way you suggest should not be used.
A CS user will be created as a normal OID user and will receive the CS attributes in a different subtree later during the provisioning.
For creating CS users use oesuser and uniuser. Files provisioning will work in a different manner anyway.
cu
Andreas -
How to create/Map a User as Adminstrator in BPM Worklist to view all tasks
Hi all,
How to create/Map a User as Adminstrator in BPM Worklist to view all the tasks.
Version :Jdev 11.1.1.1.0
Regards
C.Karukkuvelgo to EM , right click on soa-infra -> security -> Applicaiton roles, then click on BPMWorkflowAdmin role. Add your user to this role.
This user will be able to view all tasks in Worklist. you have to click on "Administration Tasks" tab.
Thanks
--Sreeny
Edited by: sreeny on Sep 22, 2010 12:54 PM -
How to create/Map a User as Adminstrator in BPM Worklist to view all the ta
Hi all,
How to create/Map a User as Adminstrator in BPM Worklist to view all the tasks.
Version :Jdev 11.1.1.1.0
Regards
C.KarukkuvelSounds like a great question for the [url http://forums.oracle.com/forums/forum.jspa?forumID=560]BPM Suite Forum, but then again, I see you've already posted the question there ;)
Good luck,
John -
How to create full new user with all privileges
how to create full new user with all privileges?
and how to delete existing users?
Thanks in advance..Common solution is probably to use sudo for privilege elevation, wiki should help
-
How to create a reference user for B2C application?
Hello,
Can somebody please tell me how to create a reference user for B2C application?
I am trying to create a new account on the B2C site. It is giving me a null pointer exception. I have not created a reference user for B2C application.
Is there any documentation available to explain the steps required for this?
Thanks,
HarshaHi Harsha,
Please lookup http://help.sap.com/saphelp_crm40sr1/helpdata/en/be/511378ab1311d4b32b0050da4cccf0/frameset.htm for more information.
Cheers,
Ashok. -
How to create ready only user ID in Oracle Apps(EBS) 11i
Hi,
We have a requirement of creating a ID in Oracle Apps 11i as a ready only user.
Please suggest how to create read only user in Oracle Apps 11i ?
Regards,
chandrasekar sIs this for an application user or a database user ?
See MOS Doc 1290228.1 for application user.
This topic has been discussed many times in these forums - pl use the search feature
https://forums.oracle.com/search.jspa?view=content&resultTypes=&dateRange=all&q=read+only&rankBy=relevance&contentType=a…
HTH
Srini -
How to create a new user in oracle apps using exiting user
How To Copy Oracle apps user access to a New oracle apps user With Same Privilage/responsibilities.
Hi;
You can use dbms_metadata.get_ddl
Regard
Helios -
How to display all authentication providers when creating a new user?
I have configured active Directory with weblogic 10.3.1. Users and groups display correctly under the users and groups tab. When creating a new user only the defaultauthenticator provider is displayed in the drop-down selection. How do I get my active directory authenticator to display here also for selection?
I'm confident that the Active Directory provider is read-only. You could write your own Authentication Provider for AD that supports create/update/delete functionality, but it is not included in the out of the box AD Authentication Provider to my knowledge.
I know both the Default Authenticator and the database authenticator are read/write. -
Basic Authentication, how to make it work?
Your input will be highly appreciated.
I am trying to make http basic authentication work in BEA Weblogic, and I am using
'examplesWebApp' as my sample program. So far, I can see the browser popup dialogbox,
but I always got authentication failure message after I gave login and password.
Steps which I did:
1. Start server - Start examples server which is weblogic700/samples/server/config/examples/startExamplesServer.sh
(I am on Sun's Solaris).
2. Start descriptor editing window -- In Management Console, select Deployment -->
Web Applications --> examplesWebApp, then start "Edit Web Appliation Deployment Descriptors.."
in another browser window.
3. Login Config - In the new window, select "Web App Descriptor", then "Configure
a new Login Config...", then select "Basic" for Auth Method , and type in "myrealm"
for "Realm Name".
4. Specify constraints - Select "Security Constraints", and then "Configure a new
Security Constraint". Use "MySecurity Constraint" as the display name, and use "MyWeb
Resource Collection" as Resource Name. Type in /* in the "Url Patterns" field.
5. Configure a security role - Select "Security Constraints", and then "Configure
a new Security Role". Type in Admin for "Role Name".
6. Configure a Auth Constraint - Select "Security Constraints" --> "MySecurity Constraint",
then "Configure a new Auth Constraint...". Click on Create button in Configuration
tab, then move Admin from Available to Choosen column, then click on Apply
7. Persist these changes and then restart the server
That's all what I did, and then I use 'weblogic/weblogic' as login/password to try
to login to http://localhost:7001/examplesWebApp/HelloWorld2. I can see the popup
dialogbox, but I always get a failure message. By the way, weblogic/weblogic (login/password)
always work for Management Console window.
The user "weblogic" is a user defined in myrealm, and it is also in Administrators
group. The role definition of "Admin" in myrealm has "Caller is a member of group
Administrators" as one of its conditions. So my understanding is that it should work,
but unfortunately it doesn't. I must miss some steps or part of my understanding
may not be right.
Hope somebody can give me some help.
Thanks.
Yunpeng ZhangHello Abhilash,
lets check what is the authentication selected for the Central Admin web applicaiton.
go to CA --> Appliaction management --> manage web applicaiton --> select the central admin web app --> on the top ribbon select "Authentication Providers".
here , verify under IIS authenticaiton settings section, which option is selected, if the basic authenticaiton check box is checked, please uncheck it and select "integrated Windows Authentication".
if this doesnt work,
try unprovisioning and reprovisioning the CA usning command ..
psconfig.exe -cmd adminvs -unprovision
psconfig.exe -cmd adminvs -provision -port 0000 -windowsauthprovider onlyusentlm
REF: http://technet.microsoft.com/en-in/library/cc263093(v=office.14).aspx
or ..
if you have other servers in the farm, you can just start the Central Admin service on other server and stop it on the current one from "Services on server
" option on CA.
let me know afterwards ...
Thanks, Noddy -
Basic question, how to create rtf template with a given xml file
Hello guys
I am new to BI publisher and I am learning how to create rtf templates using given xml fiel definitions by following the bi publisher guide
The steps I am following is:
1, create template using template builders, which is downloaded into MS words.
2, In the empty template, map the xml columns with template field using BI publisher tag
3, upload the template to BI Publisher as a layout.
That's all I can understand.
My question is:
1,in which above step do I import XML file into template builder (if not bi publisher), how to do so?
2,After template is created, how to associate this template layout with existing reports in BI Publisher, or is it necessary at all?
3,In the template content in MS Word template builder, what should I enter other than BI publisher tags for mapping XML field to desired template field
Or, if my understand of this process is entirely wrong, what's the right process of creating rtf template with a given XML file definition
ThanksIf you have a BI Publisher desktop installed, have a look a the demos,.. should answer most of your basic questions.
(Windows) Start->Programs->Oracle BI Publisher Desktop->Demos
Invoice Demo - good one for those with E-Business Suite
Report Demo - Sample using BI Publisher -
How to create ICH Internet User
Hi Experts,
I would like to know, how to create the ICH Internet user in SCM 5.0 system. I would like to know the basic settings and creation steps for using the ICH.
I went to Tcode: BP and created a Organization BP1 and created User: User and added an Internet user and gave the relationship to the organization BP1, but still when I execute the ICH_ACC its asking me log into the details, but when i log into with the internet user its not working, can you guide me where m i going wrong.
I know its the basic question, so kindly help me to create one and use the same.
Thanks,
Ramya.Nikhil,
) I was able to get rid of the log on error atlast...
Now its a new problem
Error when processing your request
What has happened?
The URL http://warusscmd01:8000/sap/bc/webdynpro/scf/snc was not called due to an error.
Note
The following error text was processed in the system AS1 : Die URL enthält keine vollständige Domainangabe (warusscmd01 statt warusscmd01.).
The error occurred on the application server warusscmd01_AS1_00 and in the work process 0 .
The termination type was: RABAX_STATE
The ABAP call stack was:
Method: CHECK of program CX_FQDN=======================CP
Method: STARTUP_CHECKS of program CL_WDR_CLIENT_ABSTRACT_HTTP===CP
Method: HANDLE_REQUEST of program CL_WDR_CLIENT_ABSTRACT_HTTP===CP
Method: IF_HTTP_EXTENSION~HANDLE_REQUEST of program CL_WDR_MAIN_TASK==============CP
Method: EXECUTE_REQUEST of program CL_HTTP_SERVER================CP
Function: HTTP_DISPATCH_REQUEST of program SAPLHTTP_RUNTIME
Module: %_HTTP_START of program SAPMHTTP
What can I do?
If the termination type was RABAX_STATE, then you can find more information on the cause of the termination in the system AS1 in transaction ST22.
If the termination type was ABORT_MESSAGE_STATE, then you can find more information on the cause of the termination on the application server warusscmd01_AS1_00 in transaction SM21.
If the termination type was ERROR_MESSAGE_STATE, then you can search for more information in the trace file for the work process 0 in transaction ST11 on the application server warusscmd01_AS1_00 . In some situations, you may also need to analyze the trace files of other work processes.
If you do not yet have a user ID, contact your system administrator.
Error code: ICF-IE-http -c: 310 -u: RAMANADHAMR -l: E -s: AS1 -i: warusscmd01_AS1_00 -w: 0 -d: 20090722 -t: 133536 -v: RABAX_STATE -e: UNCAUGHT_EXCEPTION
HTTP 500 - Internal Server Error
Your SAP Internet Communication Framework Team
How to slove this problem...
Help me please..
Ramya.
Maybe you are looking for
-
evertime i open a secondary window in an application it opens on my laptop and I working on the application on my thunderbolt. what setting do i use to open the secondary window on the thunderbolt?
-
I'm building tables for an e-commerce site. Exporting them to CSV. Works great, except for one thing. Some article numbers start with a 0 and for some reason, numbers has decided to remove all starting 0. And that is driving me up a tree. I need them
-
BI SAP Query Connector Heatmap Error - Empty display in Visual composer
Hi, I am trying to create an Heatmap iview in SAP Visual Composer using BI SAP Query Connector. While using the Heatmap template, we are able to see the data but finally when we deploy and run the iview we see empty screen. Any inputs is highly appr
-
Radius Server with Active Directory
I have an XSERVE with 10.6.7. It is an OD Master that is also bound to Active Directory. I am trying to set up the RADIUS service to provide authentication to users on the wireless network. So far, I have been able to set it up to the point where the
-
Lock objects in the worksheet but have a scollable table
I don't really know how to explain this but I will try. I have 4 objects in my worksheet, a table, a text box and two graphs. There position is like <------TEXT BOX------> <-----------------------------------------TABLE-------------------------------