Username and password through SOAP header

Hi Gurus
I am developing web service model in webdynpro by consuming third-party WSDL. This third party web service expecting me to send the user name &password through SOAP header.
Can any body tell me how to pass the username password through SOAP header using webdynpro model?

Hi,
   In WD there's no direct way to access the SOAP message header. If the web service defines implicit headers in JAX-RPC then you have to use the setProperty methods of the javax.xml.rpc.Stub interface so that the JAX-RPC handler can retrieve these via the getProperty methods.
Regards,
Satyajit.

Similar Messages

  • OSB 11g - Authentication - Username and password in SOAP body

    Hi,
    I have a PS based on the WSDL provided by the client. According to the WSDL the client will send the username and password (to be used for authentication) in SOAP Body. I have extract the username and password from the body and authenticate it and then only process the data.
    The approach I am thinking of is to create two PS. The first PS will be called by client to send the data. There will be no authentication required for this PS. Once this PS (PS-1) receives the message it will extract the username, password and data from the SOAP body. It will then set the username and password in the HTTP header of the second PS (PS-2) and the data in the SOAP body of PS-2.
    PS-2 will be under basic authentication. PS-2 will accept the data as the only payload. Upon receiving the data it will do the normal processing.
    But I do not see any way to set the HTTP header (Authorization) for the second PS. Is my approach correct? Is there another/better approach?
    I went through this link [http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/model.html] and found that we may have to configure another Authentication provider. How to do that?
    Thanks,
    Sanjay

    Hi Sanjay,
    Your approach seems correct to me (using two proxies) but instead of setting the username and password in HTTP header, you may set it as SOAP header and use Custom Authentication method in OSB. To know more about it, please refer -
    http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15866/message_level_cust_auth.htm#i1069719
    Regards,
    Anuj

  • Avoid using Username and password in SOAP Envelope

    Hi Team
    I am working on calling the sercured web-service from PLSQL and able to call it successfully and get the response.
    In the SOAP envelope, I have header and body.
    Header contains the WS Security which includes username and password to authenticate the web-service and body contains the actual input pay load for service.
    Currently, header has username and password as 'hard-coded', is there a way to avoid the usage of username and password.
    We already tried to SIF for EBS methodology where in following steps are done:
    1) Create and event in EBS.
    2) Pass the event along with payload to SOA.
    3) SOA receives the event and triggers web-service and gets the response.
    4) Pass the response to EBS.
    This technique does avoid usage of username and password but takes 20 seconds to do the job. However, the appraoch above takes hardly 1 second.
    Please let me know in case any one has any idea on how to avoid credentials usage in SOAP envelope.
    Thanks
    Mirza Tanzeel

    How about doing away with that approach entirely?
    Password authentication requires one to keep a secret, secret. And that is the primary problem as how does one safely guard the secret, and manage the secret (by regularly changing)?
    Relying on secrets is a problem. I have never been a fan of password based security.
    Instead:
    a) use HTTPS to secure communication between sender and receiver
    b) use robust firewall rules to ensure that only sender is allowed to communicate with receiver
    c) implement sound network management and exception reporting (to detect and prevent violations on network infrastructure level)
    If you lack in the network infrastructure and administration areas, then:
    a) make the web service endpoint on server on localhost only (do not expose it to the outside world)
    b) establish a trusted ssh connection between sender and receiver using strongly encrypted RSA/DSA keys
    c) configure sender with a service that opens a reverse tunnel to target, exposing the web service as a local port on its localhost

  • Username and password for SOAP sender call

    Hello,
    does anyone know how to provide the username and password to a SOAP sender call, e.g. XI receives the ws via soap and needs to know which userid and password to check. When you use a SOAP client they use basic authentication which sends the request first to XI and XI send a request back for password. This would work for an online app but not for ws from machine to machine. I read some docu about query strings but no where it has an example what to put either on the request URL, the adapter or the SOAP envelope. SOAP 1.1 seems to have left that open and IBM has an example using SOAP Header which did not work with XI.
    Thanks
    Stefan

    Hi,
    do you use the javax.xml.rpc.Call class? Because then
    you can supply username and password to the call via
    the addParameter method. I think I did that with XI 3.0
    and it worked. If you need more information please consult
    the javax.xml.rpc.Call javadoc.
    Best regards,
    Hermann

  • Extracting username and password from security header

    Hey all,
    I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
    1) I secured my BPEL process
    2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
    3) I added the security variable to the Header Variables for the BPEL process input
    4) I added the security variable to the Input Header Variables for the web service's invoke operation
    This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
    Environment:
    JDeveloper 11.1.1.6.0
    Thanks,
    Bill

    Hi Sri,
    If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
    Thanks,
    Bill

  • Passing username and password through the URL (SharePoint integration)

    Dear friends
    I have a requirement to integrate MS SharePoint with Jsp application site. user has to login to the Sharepoint first then from link (URL) i want to pass the username and password from
    that link to login into the jsp site without showing the login page !!

    SharePoint with Jsp application site. user has to login to the Sharepoint first then from link (URL) i want to pass the username
    and password from that link to login into the jsp site without showing the login page

  • Dynamic Username and password in SOAP reciever

    Hi,
    We have a requirement where we have to post the data to a webservice using SOAP reciever. However, the challenge is that we have multiple username/PWD and based on a field in source message, decide at the runtime, which Username/PWD to choose.
    Please suggest how can we proceed.

    Authentication Keys
    If authentication is required for the receiver system, you can enter a password and a confirmation for each key value. This means that you do not need to write passwords in the enhanced message header.
    If you want to specify or display authentication keys, select View Authorization Keys.
    You can enter and confirm passwords for each authentication key value (TAuthKey or TproyxAuthKey).
    http://help.sap.com/saphelp_nw04/helpdata/en/29/5bd93f130f9215e10000000a155106/content.htm
    Add field inside SOAP header PI 7.1

  • Username and password token retrieval from SOAP web services

    We are implementing one JAX-WS Web services which requires to retrieve the username and password in SOAP header elements and use those for further use/processing.
    When we are retrieving username/password it’s coming as null. Please help ...
    if (Boolean.FALSE.equals(context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY))) {     
    try {
    SOAPMessage sm = context.getMessage();
    //SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
    SOAPEnvelope envelope = sm.getSOAPPart().getEnvelope();
    SOAPHeader sh = envelope.getHeader();
    System.out.println("Message: "+envelope);
    System.out.println("Envelope: "+envelope);
    System.out.println("Header: "+sh.toString());
    Iterator it = sh.examineAllHeaderElements();
    while(it.hasNext()){
    System.out.println(it.next());
    String username;
    username = sh.getAttribute("Username");
    // username = sh.getAttributeValue("Username");
    //String password = sh.getAttribute("Password");
    System.out.println("uid:"+username);
    //System.out.println("pass: "+password);
    context.put("Username", username);
    //context.put("Passsword", password);
    // default scope is HANDLER (i.e., not readable by SEI
    // implementation)
    context.setScope("Username", MessageContext.Scope.APPLICATION);

    <S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
    <S12:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>TestUser</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TestPassword</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </S12:Header>
    </S12:Envelope>

  • Passing Parameter through SOAP Header in ODIInvokeWebService

    How to pass parameters in SOAP Header in ODIInvokeWebService and not just in SOAP Body?
    Background:
    One of our web service provider expects certain parameters set in SOAP Header. Currently, ODIInvokeWebService allows to set parameters through SOAP (Request) Body and not through SOAP Header.
    How can we set and send parameters in SOAP Header when using ODIInvokeWebService. Can we set this in a request file. Any workaround?
    BTW is this a limitation in the tool. If yes, I am looking for a work around. I can setup a proxy service/servlet and re-route the request to the provider but I would like to know if there is a work that can be done easily through ODIInvokeWebService before I look for other options.
    Appreciate your help.
    Thank you.
    -Muthu

    Hi Muthu ,
    This is not supported by the ODIInvokeWS Tool.
    There are some ER logged against this and may be it will get implemented in ODI 11g
    Sutirtha

  • Using a guest wi-fi network with changing username and password

    I am trying to access a "guest user" wi-fi network at my office. For security purposes, the guest network username and password are changed periodically. The connection worked fine until the username and password changed. Is there any way to access the setup of a specific wi-fi network on the iPhone and update the user name and password? I would like to be able to do it without resetting ALL the networks used?
    I tried to use "Forget Network" and then restored the connection, but it appears the iPhone retains the old username and password in memory.
    Thanks!
    liv3itup

    Well, I tried to duplicate what you talked about. I have my wireless here at home, and I chose, "Forget this network" and when I went to rejoin, it asked for a password. Many public networks take their username and password through the browser. Have you tried to open Safari to see if it will default to the username/password screen? I've used mine at hotels that change their access every 24 hours and if I try to log back on after the time, it defaults back to the login screen. That is the only solution that I can think of. And yes, if you go to settings and reset network settings, it will clear all of them.

  • How to send username and password

    Hello Friends,
    When a BSP application is tested or executed,
    it opens a explorer window and asks for the server username and password.
    Is there a way where I can pass the username and password through the url so that the user nedd not know the username and password but directly can open the browser and use the application.
    Regards,
    Raju...

    Hi,
    A golden rule is never to state a userid passwd in an URL.
    What you need to is to set a default user in the BSP app.
    Check http://help.sap.com/saphelp_nw2004s/helpdata/en/02/4b52922a8d11d5991f00508b6b8b11/frameset.htm
    for this.
    Some background info:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/02/4b52922a8d11d5991f00508b6b8b11/frameset.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/e5/171ad0398711d5992200508b6b8b11/frameset.htm
    Eddy

  • How do I pass username and password to the Citrix client via netlet

    I have managed to call a Citrix managed application from the portal via netlet (via InitialProgram within citrix_start.html) - thankyou William Geurts.
    How do I use the Portal's single sign-on functionality to pass the username and password through to Citrix via netlet?

    Hi,
    This can be done by writing a small application that will pull session/user info from Portal and then pass it on to another app as needed.
    Thanks,
    Raj_indts
    Developer Technical Support
    Sun Microsystems
    http://www.sun.com/developers/support

  • Calling A Secured webservice using Username and password in the Soap header

    I want to call a secured webservice.
    The Username and password should be sent with the payload in the SOAP Header
    as
    <wsse:Security S:mustunderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="SecurityToken-XXXXXXXXXXXXXXXXXXXXXXXXX" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>uname</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    Can you please send me the steps?
    I tried with giving the username and password under Service Account.
    I tried to create a wspolicy under business service. But nothing works...
    Please help me at the earliest.
    Also please give me steps in sequence.

    Now i made sure that the endpoint is available!
    Now am getting this error:
    <soapenv:Fault>
    <faultcode>soapenv:Server</faultcode>
    <faultstring>BEA-380002: localhost1</faultstring>
    <detail>
    <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
    <con:errorCode>BEA-380002</con:errorCode>
    <con:reason>localhost1</con:reason>
    <con:location>
    <con:node>RouteNode1</con:node>
    <con:path>request-pipeline</con:path>
    </con:location>
    </con:fault>
    </detail>
    </soapenv:Fault>
    Also in the invocation trace i can observe the following things:
    Under Invocation Trace:-
    ========================
         Receiving request =====> Initial Message context
         ===============================================
         under added header:-
         ==================
         <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
         </soap:Header>
         under RouteNode1
    ================
         Route to "TargetMyService_BS"
    $header (request):-
    <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    </soap:Header>
    Under Message Context changes:-
    *===============================*
    I can find this element also:-
    con:security>
    *<con:doOutboundWss>false</con:doOutboundWss>*
    *</con:security>*
    eventhough we enabled ws security, how the above tag can be false?
    I think its getting failed to populate the header with the required login credentials.
    The other doubt i have is:-
    =================
    I have chosen the service account type is static...is this right?

  • WS-security Need to Get Username and Password and time Stamp in SOAP Header

    HI ALL,
    i need to get USERNAME and PWD in my Soap header for consuming Webservice using SAP PI ,
    and my SOAP Header should look like this
    <soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1"
    xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurityutility-
    1.0.xsd"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-
    secext-1.0.xsd">
    <wsu:Timestamp wsu:Id="Timestamp-296915943">
    <wsu:Created>2008-06-05T18:30:59.904Z</wsu:Created>
    <wsu:Expires>2009-06-05T18:35:59.904Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:UsernameToken wsu:Id="UsernameToken-192809888">
    <wsse:Username>midtier-service</wsse:Username>
    xxxxxxxx: Confidential Green 10
    <wsse:Password Type="http://docs.oasisopen.
    org/wss/2004/01/oasis-200401-wss-username-token-profile-
    1.0#PasswordText">password</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header>
    should i need to get some certificates from client and deploy it or should we do anything in SAP PI and send to soap header or can hard code it and send to webservice, please help me in this t
    hanking you
    Sridhar

    i need to get USERNAME and PWD in my Soap header for consuming Webservice using SAP PI ,
    Can be achieved by XSL Mapping or SOAP Axis Adapter. Search on SDN for further details as this has been discussed many a times on the forum.
    should i need to get some certificates from client and deploy it or should we do anything in SAP PI and send to soap header or can hard code it and send to webservice, please help me in this t
    First you need to confirm whether certificates are required or not. Might be the web service is using user id / password security (basic authorization).
    How to use certificates in PI - Search on SAP Help, this has been explained in great details over there.

  • Dynamic username and password for UsernameToken in Receiver Soap Adapter.

    Hi All,
    I am using AXIS Frame work for WS Security Authentication in Receiver SOAP channel. I deployed AXIS and used WSDoAllSender handler. I want to set the username and password parameters in the module dynamically. These have to be extracted from the payload. 
    kindly give me pointers to dynamically assign Username and Password.
    Regards,
    Saipriya.

    continued from the previous entry
    1.  configure the following four handlers in the request chain
    Handler dc
    Handler xireq
    Handler wssec
    Handler trp
    For the xireq and trp handler, you can use the default setting.
    For the dc and wssec handlers, you use the following setting:
    dc: handler.type =  java:com.sap.aii.axis.xi.XI30DynamicConfigurationHandler
    dc: key.1 = write http://sap.com/xi/axis username
    dc: value.1 = user
    wssec: handler.type = java:org.apache.ws.axis.security.WSDoAllSender
    wssec: action = UsernameToken
    wssec: passwordType = PasswordText
    wssec: passwordCallbackClass = com.sap.aii.axis.security.DefaultPasswordCallbackHandler
    2. Create an external password file with user password pairs. For example, if you have three users: orange, banana, and apple, with their passwords: orange, yellow, red,  you create a file with content:
    orange:orange
    banana:yellow
    apple:red
    You name this file to ".password" and place it at the engine's classloader directory (e.g.,
    /usr/sap/E07/JC90/j2ee/cluster/server0)
    3. Prepare the input message containing the user name in the dynamic configuration header that looks like:
    <ns3:DynamicConfiguration xmlns:ns3="http://sap.com/xi/XI/Message/30">
      <ns3:Record name="username" namespace="http://sap.com/xi/axis">orange</ns3:Record>
    </ns3:DynamicConfiguration>
    The namespace and name must match the value used in the key.1 property of the dc handler. As long as they match, you can use any names.
    In this example, the user name value "orange" will be extracted by the dc handler and inserted into the message context.
    4. Send a test message.
    Best regards, Yza

Maybe you are looking for

  • Porting Flex 2 Application to Flash 6

    On a scale of 1 to 10 (11 being impossible), how difficult is it to port a Flex 2 application to work with Flash 6? I've been reading up and it appears the oldest version most Flex applications will work with is Flash 9 due to the inclusion of Action

  • Displaying Icons in ALV Grid

    Hi, I've already searched the forum about this topic and I didn't find any thread that helped me to display the icon.  I'll post my code below, mind you, this code is just a test code so it's kinda trashy... INCLUDE: <icon>. TYPE-POOLS: slis. TYPES:

  • Office OCT display level gives no dialogs

    I have configured OCT in Office 2010 and deploy Office 2010 standard thru Computer startup script in GPO. In the GPO at computer startup scripts a batchfile is running which starts the offscrub03.vbs and then the setup with the msp OCT file. When the

  • License Problem with Users

    Hi, Good Day! Our client avail of license for 3 for their SAP Business One 2005 A. SP 01 PL 11. accourding to them they can only use 2 license for the users.  I believed that 3x2 would be 6 licenses if Im not mistaken.  But accoirding to them its onl

  • Parallels just stopped working on OS 10.5.8

    I've been using Parallels for a while now (Build 6.0.12106) on my 27" iMac (OS 10.5.8), but following an Outlook crash 30 minutes ago, and despite two restarts, the virtual machine has refused to start. I get an error message about virtualization bei