Using ADFS authentication to perform SSO via HTTP GET request
Hi,
Can i authenticate users (those users are clients, at home) to a web application using ADFS without SAML tokens?
The situation is that i want the clients to perform SSO to the website via a link they receive in their mailboxes.
I thought about a solution that combines JWT in a URL link that each user will get to his private mail. this link will contain the users' claim (such as ID Num, given from AD DS Server dedicated especially for them).
Thus, the user will receive an email with a link that already contains a short period of time JWT to perform SSO to the webapp.
Is it possible ? anybody heard about a similar solution ?
Sandra
Thanks for your message
Here is the my requirment
The basic flow of a Where 2 Get It REST API call is:
1) create the required XML structure,
2) URI encode it,
3) make a HTTP GET request,
4) then parse the return XML document.
Currently i have some data in ABAP structure with 5 fields, i need to create XML from the those 5 fields,and needs to be URI
encode it, and then needs to make a HTTP get request to connect Where to Get It REST API, finally it will return XML document via HTTP Get request , and then needs to convert the return XML to ABAP structure for further processing .the above 4 points will be implemented in my report.
Any body could help on this
Similar Messages
-
hi forum,
i have been trying to send a HTTP GET request to XI using SOAP and HTTP adpaters (by designing objects in IR and ID), but failed to do so,
the requirement is specifically sending HTTP GET, (no content in the body)
Is there any way of achieving this using existing adapters,
My observations:
when i make a HTTP GET request to XI using sender HTTP adapter, it gives a response "Body is empty" with HTTP code 204-No content,
when i use SOAP adapter, and make a HTTP GET request to intergration engine, using sender SOAP adapter, it gives a response
<html>
<head>MessageServlet</head>
<body>
Message Servlet is in Status OK
Status information:
Servlet com.sap.aii.af.mp.soap.web.MessageServlet (Version $Id: //tc/xi/NW04_23_REL/src/_adapters/_soap/java/com/sap/aii/af/mp/soap/web/MessageServlet.java#2 $) bound to /MessageServlet
<br/>Classname ModuleProcessor: null
<br/>Lookupname for localModuleProcessorLookupName: localejbs/ModuleProcessorBean
<br/>Lookupname for remoteModuleProcessorLookupName: null
<br/>ModuleProcessorClass not instantiated
<br/>ModuleProcessorLocal is Instance of com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0_0
<br/>ModuleProcessorRemote not instantiated
</body></html>,
and http response code 200 OK, but i cant find anything in the integration engine (from SXMB_MONI),
pls helphi prateek..... lot of thanks,
developing/deploying a proxy ejb for this purpose seems good,
but, deploying a custom servlet (for calling that ejb) seems "not-so-standard" way,
since i m very new to custom j2ee development in XI, i have certain queries:
1. Is there any guidelines for developing and deploying custom j2ee components,
2. Will SAP provide support in case of these components not working "as expected" or hampering other applications,
thanks for help -
Can you make a HTTP GET request with JSC form element?
It seems the form element in JSC make a HTTP POST request by default, but is it possible to make a HTTP GET request by the form element in JSC?
(It is worth to mention here that HTTP GET request has its distinctive advantages like you can embed the parameters in a URL and bookmark it)
Thank you very much.Jim,
I am doing the sameway as you suggested to MISS_DUKE
But have you face any problems in doing so? In otherwords its the page rendering correctly?
On requesting the same page multiple times, Every time I get the page that was rendered for the first time.
To see the correct results, I need to close the browser and check it .
see my previous queries here
http://swforum.sun.com/jive/thread.jspa?threadID=54379&messageID=208223#208223
http://swforum.sun.com/jive/thread.jspa?threadID=56440&messageID=214302#214302
http://swforum.sun.com/jive/thread.jspa?threadID=56676&messageID=214987#214987
http://swforum.sun.com/jive/thread.jspa?threadID=56390&messageID=214139#214139
And I am still expecting the answer from experts. But nobody turn arround
Thanks,
Sudhakar -
Explicitly setting the query string in http get request
Hi All,
We are trying to use the query string parameter to send a GET request to a vendor. The parameter value is a string concatenated with xml ie. String=<xml></xml> It seems the vendor is reading this value as string and Looking for "<XML>" to strip out the values. The problem in OSB is when I concatenate the fn:concat("String=",<XML/>) the acutal value is translated to "String=<XML/>. Is there a way to explicitly set the value so the < doesn't get encoded to < ? the odd thing is that only the left less than bracket get encoded. Any help would be most appreciated...
thanks,
Matt
version of OSB:
Service Bus 10gR3
Oracle Service Bus Version: [WebLogic Oracle Service Bus 10.3 Sat May 30 06:12:38 EDT 2009 1223943 ]
Oracle Weblogic Server Version: [WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 ]The left side bracket is actually getting encode as amplt; (this forum encoded it :))
-
File Upload Performance using IE from Windows to Unix via HTTPS
Hi,
Is there any performance issue uploading a file
using IE from Windows client to UNIX server via HTTPS?
Before that, we were using HTTP protocol and everything run smooth
Once we change to HTTPS, we might hit the "HTTP 500 Internal server error"
Even though this does not happen all the time but still, it affect the overall performance of our system
We'd tested other browsers such as Netscape, Firefox, Opera and we don't hit any problem with them
Is there any way to improve the performance?
Is there any site i can refer to? cause i need some explaination on how this could be happen
ThanksIs there any performance issue uploading a file
using IE from Windows client to UNIX server via
HTTPS?With HTTPS, the contents of the files are encrypted while uploading. This might hit the performance in some cases. -
Authenticating a crawler thru a http password request prompt
I have a crawler that I want to authenticate thru a http password request. To explain the situation a little more, I have several links to various reports on a server that requires me to authenticate thru a http password request. (When I click the links directly a prompt appears asking me for creditials. Not a web form!). Previously, I set up crawlers to go thru web form authentication with success. Is it possible to pass my creditial from a web crawler to the http password prompt? If more clarification is needed, just let me know. Thanks in advance.
Terrelwhat he is trying to say is that if you want help with your project, change it. You will not get any help here to write code that can be used to do things like spam, be used as a bot, phishing or any other illegal/invasive activity.
Any 'normal' project should have no business logging into a website programmatically; the login prompt is there for a reason, to provide security. What you are trying to do is break through it. Can you see how this will make people frown? -
Http get requests fail after a few weeks
All,
I have a get request to a servlet that works for a few weeks, then it will suddenly stop.
I change the code once, works,then it will fail after a few weeks.
I change the code again, works, then it will fail after a few weeks.
Servlet works like: send one request, wait, then send a second.
Here are the last 2 code iterations:
try {
// Construct data
String data = URLEncoder.encode("key1", "UTF-8") + "=" + URLEncoder.encode("value1", "UTF-8");
data += "&" + URLEncoder.encode("key2", "UTF-8") + "=" + URLEncoder.encode("value2", "UTF-8");
//String data = "";
// Send data
//URL url = new URL("http://localhost:8080/stocks?action=1&date=20080310");
URL url = new URL("http://localhost:8080/stocks/monitor?action=1&date="+stringDate);
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(data);
wr.flush();
// Get the response
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
//System.out.println(rd.read());
String line;
int count =0;
while ((line = rd.readLine()) != null) {
// Process line...
System.out.println(count + line);
count++;
wr.close();
rd.close();
} catch (Exception e) {
try {
// Construct data
String data = URLEncoder.encode("key1", "UTF-8") + "=" + URLEncoder.encode("value1", "UTF-8");
data += "&" + URLEncoder.encode("key2", "UTF-8") + "=" + URLEncoder.encode("value2", "UTF-8");
//String data = "";
// Send data
URL url = new URL("http://localhost:8080/stocks/monitor?action=2");
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(data);
wr.flush();
// Get the response
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String line;
int count =0;
while ((line = rd.readLine()) != null) {
// Process line...
System.out.println(count + line);
count++;
wr.close();
rd.close();
} catch (Exception e) {
}I send this request twice with different params
public static String sendGetRequest(String endpoint, String requestParameters)
String result = null;
if (endpoint.startsWith("http://"))
// Send a GET request to the servlet
try
// Construct data
StringBuffer data = new StringBuffer();
// Send data
String urlStr = endpoint;
if (requestParameters != null && requestParameters.length () > 0)
urlStr += "?" + requestParameters;
URL url = new URL(urlStr);
URLConnection conn = url.openConnection ();
// Get the response
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
StringBuffer sb = new StringBuffer();
String line;
while ((line = rd.readLine()) != null)
sb.append(line);
rd.close();
result = sb.toString();
} catch (Exception e)
e.printStackTrace();
return result;
}Any ideas?
Edited by: iketurna on Mar 13, 2008 7:21 AMYou appear to have empty catch blocks. Which means you don't get the error message that would tell you what is failing.
Put in code that logs the exception and the stack trace of the exception. If you can't figure out the error message, post it here.
You should be closing streams in finally statements. Otherwise they might not get closed when there is an error -> you leak descriptors -> you run out of descriptors -> every stream open will fail -> more errors -> more descriptors get leaked -> etc -> everything stops working. Always do it like this:
WhateverStream out = null;
try {
out = ...;
...use out...;
} finally {
try {
if (out != null) out.close();
} catch (IOException e) { ...log it... }
} -
Multiple HTTP GET requests for individual classes
Hello,
I have a Java plug-in deployed under tomcat 6. JRE version is 1.6.0_16. All the required jars are deployed packed (pack.gz) and the applet tag has 'java_arguments' parameter defined as:
<param name='java_arguments' value='-Xms256m -Xmx512m -Djnlp.packEnabled=true -Djnlp.versionEnabled=true' />
All the jars get loaded nicely as I see in the Tomcat access log:
127.0.0.1 - - [03/Mar/2010:17:24:04 +0000] "GET /testapplet/lib/log4j-1.2.13.jar.pack.gz?version-id=1.2.13 HTTP/1.1" 200 0
but immediately I see a bunch of GET requests for the individual classes in the same log4j jar:
127.0.0.1 - - [03/Mar/2010:17:24:06 +0000] "GET /testapplet/lib/org/apache/log4j/Logger.class HTTP/1.1" 404 0
127.0.0.1 - - [03/Mar/2010:17:24:06 +0000] "GET /testapplet/lib/org/apache/log4j/Category.class HTTP/1.1" 404 0
127.0.0.1 - - [03/Mar/2010:17:24:06 +0000] "GET /testapplet/lib/org/apache/log4j/spi/AppenderAttachable.class HTTP/1.1" 404 0
As you can see each of these GET requests are returned a Http error code 404. While testing locally, this isn't adding any delays, but over a real deployment it's bound to be slow down the applet loading while the server is responding to each of these class requests.
Subsequently, the application itself runs without any issues and these bogus class requests failures have no effect (thankfully) on the functionality.
Any one seen this behavior? Appreciate any thoughts or help.
Regards,
Paraghttp://forums.java.net/jive/thread.jspa?threadID=75990&tstart=0
-
Accessing ACS 4.2 via https getting 'website declined to show this webpage'
Hello
I have a self signed certificate on an ACS 4.2 Windows machine. I open a browser port to https://ipaddress:2002 of the acs and get the certificate error message as expected. When I proceed to the site then check the certificate via the shield on the top of the browser it shows is issued to ACSCOSC216_7. I install the certificate via the IE certificate import wizard.
I then connect to the acs via the poper fqdn at htts://ACSCOSC216_7:2002 login with my account but now get;
The website declined to show this webpage.
pls help!
tnks!Do you have the https option checked under the session policy settings under Administration Control set?
Here is a screenshot:
Let me know if this helps,
Tarik Admani -
Tomcat servlet respond with "302 Moved Temporarily" to HTTP GET requests
I started Tomcat (4.1.31) on a Unix machine (SunOS 5.8)
I tested the tomcat servlet using the following commands:
telnet 0 80
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
GET /index.html HTTP/1.0
HTTP/1.1 302 Moved Temporarily
Location: http://localhost/
Content-Length: 0
Date: Mon, 17 Oct 2005 18:09:15 GMT
Server: Apache-Coyote/1.1
Connection: close
Any other servlet that I test responses with the same result
Tomcat version 4.1.31
SDK build 1.3.1_02-b02
Solaris SunOS 5.8"302 Moved Temporarily" is a web server error (I googled it - see e.g. http://www.checkupdown.com/status/E302.html)
Two recommendations that you can try:
- do not use 'localhost' - use computer assigned name, or at worst IP address
- in my system, Server URL is set to http://ecm-base:16200/cs/idcplg (from ODC). Try to modify yours accordingly. -
How can my applet communicate with servlet via HTTPS?
hi all,
I'm using jdk1.4.2_03. Tomcat 4.1.27/29.
My applet used to communicate to serlvet/JSP via http protocol. However, I wish to apply SSL in my tomcat standalone. Is there any implication towards my existing applet to servlet codes?
For example,
URL servletURL = new URL("http://www.myhost.com/Shopping");
// open connection between applet and servlet
URLConnection servletConnection = servletURL.openConnection();
servletConnection.setDoOutput(true); // allow connection do output
servletConnection.setDoInput(true); // allow connection do input
servletConnection.setUseCaches(false);
servletConnection.setRequestProperty("Content-Type", "application/octet-stream");
ObjectInputStream input = new ObjectInputStream(servletConnection.getInputStream());
resultset = (Vector)input.readObject(); //get Object from Servlet
input.close();http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/HttpsURLConnection.html
I never used it though, you can check for some code here:
http://javaalmanac.com/cgi-bin/search/find.pl?words=HttpsURLConnection -
Retrieve data from a non-peoplesoft application using HTTP Get
I need to retrieve data from a non-peoplesoft application. They want us to submit a HTTP GET request to their URL with a series of parameters. I am thinking about using HTTP Targert connector to accomplish this. Does anyone have sample peoplecode?
Currently we are on 8.51.10 Tools...
If there is any better way .. please let me know ..I have used HTTP Get to get XML file from a government sanction list by hitting URL http://www.treasury.gov/ofac/downloads/sdn.xml
There is a delivered PS program that does that for vendor sanctions. I had to get the online setup correctly by creating a new custom Node with HTTP Target Connector. The program name is BSP_IMPORT. The below code is responsible for the calling the node and retrieving the data. Play around with the code below see if you can get it to meet your needs.
BSP_IMPORT_AET.BANKNODE.Value is just the custom external code that I created.
PMT_FLAT_FILE_INBOUND message is just a none rowset based message to use the web service call.
Local TR:FileUtilities:FTP &oFTPUtil = create TR:FileUtilities:FTP();
+/* HTTP */+
+/*******************************************************************************/+
Local Message &msgHTTP;
Local Message &msgResult;
+&msgHTTP = CreateMessage(Message.PMT_FLAT_FILE_INBOUND);+
+&oFTPUtil.PopulateFTPGetIBInfo(&msgHTTP, BSP_IMPORT_AET.BANKNODE.Value);+
+&msgResult = %IntBroker.ConnectorRequest(&msgHTTP);+
+/* check to see if the file is wrapped */+
+&strAllLines = &msgResult.GenXMLString();+
+&strAllLines = Substitute(&strAllLines, Char(26), " "); /* Added this line to remove invalid characters */+
+/*******************************************************************************/+
Edited by: Maher on Mar 20, 2012 3:28 PM -
HTTP GET/POST: J2EE Design Strategy w.r.t servlet implementation
I am in process of designing a J2EE application with browser interface. I have thought of having "Front Controller" Servlet for all HTTP-GET requests and "Action Controller" servlet for all HTTP-POST requests.
I have worked this distinction on the basis that GET request maps directly to page being requested and POST request corresponds to action being performed on some page. Here in fact the design is driven by appropriate selection between GET or POST. So all possible requests on the site should get properly mapped to action or page.
Decision of two servlets is merely to divide the load on single servlet. There being well defined logical (page and action) and implementation (GET/POST) boundary, the division seems workable.
Before actually finalizing this decision I need to know any inputs (pros and cons) of this approach.
Further If I start mapping to actual scenerios,
Request for home page,
Request from HREFs,
Request where new transaction is started
will always be GET Requests.
However what about request method (POST or GET) for update employee profile page when emp. id is available already available on first page ??
And further
Is this GET/POST divison always possible ??
Any constraints that any one can see in this mapping ??
Any comments on the update employee profile scenerio - GET/POST - page/action ??
PS: Pl. discard error scenerios for the moment.how would you direct the GET requests to one servlet and the POST requests to the other?
Wouldn't they need to pass thru' yet another servlet to decide which is which (GET or POST), and redirect them accordingly?
I would have both GET and POST handled by the same single-point-of-entry servlet. For example, not all data is sent to the server via a POST - you can send form data via a GET, using name/value pairs in the url. -
Block HTTP Options request in DBMS_EPG
We are having some trouble opening HTML pages from Office tools in combination with the Embedded PL/SQL Gateway on a Oracle 11g database.
When we open a public Apex page from word or Excel it will prompt for XDB username / password.
We open the page like this: http://epg-host:8080/apex/f?p=111:1
When we open the same page from the same Apex application using the Oracle HTTP Server instead of the Embedded PL/SQL Gateway, Word and Excel won't prompt for a username and password.
I used Wireshark to see the difference in HTTP traffic. Microsoft Office will do a HTTP Options request on the "directory" of the page (for the url http://epg-host:8080/apex) before opening the page. The HTTP Options request results Error 401 Unauthorized, that’s why Word/Excel ask the user to login.
With a HTTP Send Tool I have send the Options Request to the Embedded PL/SQL Gateway and to the Oracle HTTP Server, these are the different responses:
Options for http://epg-host:8080/apex/
The remote server returned an error: (401) Unauthorized.
MS-Author-Via DAV
DAV 1,2,<http://www.oracle.com/xdb/webdav/props>
Content-Length 147
Content-Type text/html; charset=UTF-8
Date Thu, 10 Nov 2011 10:05:56 GMT
Server Oracle XML DB/Oracle Database
WWW-Authenticate Basic realm="XDB"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>401 Unauthorized</TITLE>
</HEAD><BODY><H1>Unauthorized</H1>
</BODY></HTML>Options for http://apache-host:7778/apex/
The remote server returned an error: (501) Not Implemented.
Allow
Connection close
Content-Length 252
Content-Type text/html; charset=iso-8859-1
Date Thu, 10 Nov 2011 10:15:44 GMT
Server Oracle-Application-Server-11g
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>501 Method Not Implemented</title>
</head><body>
<h1>Method Not Implemented</h1>
<p>The server does not support the functionality required to fulfil the request.</p>
</body></html>I do not really understand why the Options Request results in Unauthorized. I would like to change the behavior of the Embedded PL/SQL Gateway so that it does not throw the "Unauthorized" error. Any other error would be good, but Unauthorized results in a Login prompt.
Does anyone know how to configure the Embedded PL/SQL Gateway so it will not result in the unauthorized error? It doesn’t matter if I have to block the Options requests or grant extra authorization.Thanks for your reply. When we open the page in the browser we do not get the Login-prompt, the allow-repository-anonymous-access is already set to true.
The login-prompt only occurs when we open the page from Word/Excel, that's when the HTTP-Options request is send.
Opening an Apex page in the browser only results in a HTTP-Get request, Word/Excel will send HTTP-Options followed by the HTTP-Get request. -
Hi,
I have configured HTTP channel for synchronous request response (syncresponse=true in additional headers). I have to send an outbound Invoice to TP via http, get the response back and process it as an email. I have the outbound and inbound agreements set and it works fine. The issue is that I am unable to create a correlation between the request and response (invoice request corresponds to which response). Is there any setting to achieve this?
Thanks in advance.This looks to be known issue. Similar bug was reported for
Bug 17304428 - hcfpmlr: sync 271 response does not set reference to outbound 270
There could be one possible solution of using correlation xpaths defined into the document definition, however, this being a sync transfer, it might happen that the outbound msg's xpaths are not persisted into the DB and the response msg xpath for correlation wouldn't find this.
Hence, for the correlation of sync request and response to work by default the bug should get fixed. Please indicate the same in the bug if fix is required.
Maybe you are looking for
-
Dictionary App will not scroll or display scroll bars.
This usually happens when I have Wikipedia search enabled because there is more text but not always. Scroll bars do not show. When I resize the window the scroll bars will sometimes show but I cannot scroll DOWN. Whatever type existed in the window a
-
Can't Restore Exchange 2010 Mailbox DB from HP Data Protector backup
I'm trying to implement Exchange 2010, but I won't feel comfortable moving many users to it until I've successfully restored a mail database from tape backup. So far, this hasn't worked out so well. I'm using HP Data Protector for my backup solutio
-
IPhone 4S completely dead - will not reboot with holding down sleep
We were using the phone, left it for a while, when I went to use it again it was completely dead. I then could not start it, charge it or reboot it using the sleep & home buttons.
-
Adjusting songs on Creative To
What are mine options in adjusing songs (ID3 tags) on the Creative Touch, without using the music library on mine computer (thus directly on the mp3 player)? For example, I want to change the title of a song. For now I only discovered how to delete s
-
Play albums in order within itunes
Overnight our itunes has decided to play one track from an album and then move to an artist beginning with the next letter in the alphabet instead of playing the next song on the album selected. We have not selected party shuffle or anything. Please