Web service Logon ticket
Hi,
Is there a way to generate a logon ticket in an EJB?
I face the following problem: on server A(SAP ABAP) there is a web service, which I consume on server B(SAP Java AS) and create a REST, which is called from an UI5 application on server C(SAP Gateway).
When I call the consumed service from server B via WSNavigator or EJB explorer its working. BUT when the service is called by the REST its throwing the following exception:
Error while creating assertion ticket on demand. No logged in user found.
Assertion ticket could not be retrieved. Error was No logged in user found.. [EXCEPTION] java.lang.IllegalStateException: No logged in user found. at com.sap.security.core.server.jaas.SAPLogonTicketHelper.createAssertionTicket(SAPLogonTicketHelper.java:496) at com.sap.security.core.server.jaas.AssertionTicketFactoryImpl.createAssertionTicket(AssertionTicketFactoryImpl.java:67) at com.sap.engine.services.wssec.srt.protocols.GetAssertionTicketPrivAction.run(GetAssertionTicketPrivAction.java:36) at com.sap.engine.services.wssec.srt.protocols.GetAssertionTicketPrivAction.run(GetAssertionTicketPrivAction.java:20) at java.security.AccessController.doPrivileged(Native Method)...
I think it is working from WSNavigator/EJBExplorer because there I'm logged in and Logon Ticket is generated and sent to server A, but because server C communicate with server B via REST(jsonp ajax call), there is no generated Logon Ticket on server B.
Is there a way to generate a Logon ticket or set credentials to the web service. I tried the following but its not working:
ZCUUTLI0016BPMTYPEDOWNL test = downloadService.getZCUUTLI0016_BPM_TYPE_DOWNL();
Mapreq_ctx = ((BindingProvider)test).getRequestContext();
Map> headers = new HashMap>();
headers.put("Username", Collections.singletonList("user"));
headers.put("Password", Collections.singletonList("password"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, headers);
Note: Other possible solutions are also welcome.
Thanks,
Ivan
hi ivan,
for your scenario - does the abap backend call require a real user or is a technical user sufficient? if only a technical user is required you can define one in the single service administration/ application communication configuration of your portal System.
in order to use the logon ticket of your ajax call i think you need to configure/setup the correct sso - environment. checkout this link
http://help.sap.com/saphelp_nw74/helpdata/en/7a/9ad1882c244de0a3a99c1e46095ab3/content.htm?frameset=/en/c4/81215150e92414e10000000a44176d/frameset.htm¤t_toc=/en/ad/612bb3102e4f54a3019697fef65e5e/plain.htm&node_id=87
regards,
christian
Similar Messages
-
Web Service Logon Error Message
Hi Experts,
I have created a web service and trying to consume it in SOAPUI but i am getting error saying that Logon Error Message . when i see the Tcode SOAMANAGER (Provider Security tab) i have this position i am not sure which one i need to choose .
1.SSL over HHTP(Transport Channel Security) .
2.Asymmetric Message Signature/Encyption.
3.symmetric Message Signature/Encyption.
and check box for secure Conversion.
Your valuable answer will be helpfull
Thanks,
DevdHi Murali,
I guess SOAP UI does not support Symmetric Message Signature/Encryption or Secure Conversation easily. Both are rather complex message security mechanisms. They are seen as alternative to SSL when messages should travel along different SOAP intermediaries to have end 2 end encryption.
You use case sounds that you just want to test security with SOAP UI. Assuming that SOAP UI supports SSL please choose SSL over HHTP(Transport Channel Security)
in conjunction with the user id/password in message authencation.
Then in SOAP UI try to find something like a username token. This is some part of XML SOAP UI adds to the SOAP message to send the username and the passwort.
Regards,
Mathias -
Implementing authentication for web services
Hi all,
I'm struggling trying to guess how to implement basic HTTP authentication as well as using certificates in order to apply HTTPS, for some web services we've created, running on the Oracle Application Server 10.1.12. The web services were implemented using JDeveloper 9.0.4. Any help would be very appreciated.
Thanks in advanced and regards,
LuisHi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks. -
User Authentication for Web Services
Hi,
I am developing a web services that resides in Intranet. Thus, would like to implement application layer of user authetication, i.e. to match the input user name and password against Database record through a web service logon() method. If authentication is passed, the client program is allowed to call subsequence web service methods, else exception needs to be thrown when calling subsequence methods.
As understand that each method call to web services is treated seperately. Thus, how can we implement the authentication so that the client program only passes in the user name and password at once through logon() method, instead of perfoming the authentication for each method?
Appreciate the advice. Thanks.Hi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks. -
Hello All
I have created a Web Service with no authentication type.
When I test the Web Service from the WS Navigator, system asks to enter the Logon again.
Why is it so ?
Is there some setting in Server that overrides my Web Service logon setting ?
Or I am creating the Web Service incorrectly ?
I have created this WS in Dev system( and collected the WDSL) and attached with the Transport Request.
When this WS gets transported to the next system, WSDL has to be regenerated ?
Please advice
Cheers
RJAny one to help
-
SSO to Web Service using SAP Logon Ticket
Hi,
I have to do SSO using SAP Logon Ticket between my portal and a Java Web Service that is accessible over internet. I do have the WSDL file of this Web Service.
I want to know:
1. What changes are required in Web Service to configure it to read and accept Logon Ticket?
2. What am I supposed to do at portal end to enable this process?
Thanks,
VivekHi Vivek & Raja,
> is it that if the WS is a third party WS and running on a Non-SAP J2EE Server,
> we can't implement SSO from Portal to it using SAP Logon Ticket?
Right, if you cannot extend it's functionality, how should it do the ticket verification...
@Raja:
> SAP Logon Ticket is for authenticating to a SAP system, since yours in a
> thirdparty ws, there is not need of SAP logonticket.
On the other hand, that's not true. It is possible as well as often done to verify the SSO ticket on some third party system. This is also supported, for Java as well as for other systems, different articles about such scenarios have been published, also here on SDN.
Hope it helps
Detlev
PS: Vivek, please consider rewarding points for helpful answers on SDN. Thanks in advance! -
SSO with SAP logon tickets to non-SAP web app
I am trying to implement SSO to an oracle portal based web application using SAP logon tickets, but can't seem to find a way for it to work. I thought maybe it would be a web server filter, but am unsure if this would work for oracle portal. Anyone tried similar?
CindyHi Cindy,
If it is EP6 SP2 probably you can checkout the following document.
http://service.sap.com/ep60
Go to Documentation Help>How-To-Guides>Current How To Guides section.
checkout the following how to guide.
Perform Cross Domain SSO with SAP Logon tickets zip file.
If you want the zip file please send an e-mail to
[email protected]
Regards
-Venkat Malempati -
Logon Error when Using soap Web Service
Hi,
I'm trying to determine why I'm getting the following error message when I submit a Web Service from our Custom Application to SAP. This error is occurring in SAP ECC 6.0 SPS16 (Quality Client) and we do not have the JAVA Stack installed. Our currently Production Installation is SAP ECC 6.0 SPS4 it works with out issues, however the Upgrade to SPS16 has produced alot of differences in web services.
Also note that this service has been tested succesfully using soapUI Version 2.51. and Version 3.5.1 without producing this error.
The user that is being utilized in all tests is an Internet User only. I would also like to know if there is away to trace Internet User authorizatiion issues.
Any help that can be provide is highly appreciated.
Error Message:
Logon failed
What has happened?
Call of URL http://bagqs1p1.rac.ray.com:1080/sap/bc/srt/rfc/sap/zwd_material_create/200/zwd_material_create/zwd_material_create
terminated due to error in logon data.
Note
Logon performed in system AGQ.
Logon performed for client 200, user , and language EN.
What can I do?
Check that you have entered the client, user, and password correctly.
If you do not yet have a user ID, contact your system administrator.
Error Code: ICF-LE-http-c:200-l:E-T:1-C:5-U:84-P:54-L:5
HTTP 401 - Unauthorized
Your SAP Internet Communication Framework Team
Sincerely,
Cris AndersonAll of the web services were created in SOAManager if that is what you mean by setting them up in SAP PI.
I'm guessing that the HTTP Code 200: OK means they are working correctly.
- <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Header />
- <soap-env:Body>
- <soap-env:Fault>
<faultcode>soap-env:Server</faultcode>
<faultstring xml:lang="en">SRT: Wrong Content-Type and empty HTTP-Body received: ("HTTP Code 200 : OK")</faultstring>
- <detail>
- <ns:SystemFault xmlns:ns="http://www.sap.com/webas/710/soap/runtime/abap/fault/system/">
<Host>undefined</Host>
<Component>COREMSG</Component>
- <ChainedException>
<Exception_Name>CX_SOAP_CORE</Exception_Name>
<Exception_Text>SRT: Wrong Content-Type and empty HTTP-Body received: ("HTTP Code 200 : OK")</Exception_Text>
</ChainedException>
</ns:SystemFault>
- <ns:SystemFault xmlns:ns="http://www.sap.com/webas/711/soap/runtime/abap/fault/system/">
<Host>undefined</Host>
<Component>COREMSG</Component>
- <ChainedException asx:root="asx:abap" version="1.0" xmlns:asx="http://www.sap.com/abapxml">
- <asx:values>
<EXCEPTION href="#o176" />
</asx:values>
- <asx:heap xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:abap="http://www.sap.com/abapxml/types/built-in" xmlns:cls="http://www.sap.com/abapxml/classes/global" xmlns:dic="http://www.sap.com/abapxml/types/dictionary">
- <cls:CX_SOAP_CORE id="o176">
- <CX_ROOT>
<TEXTID>0018FE864EEE1DECA69CF9C71ACB337F</TEXTID>
<PREVIOUS />
<KERNEL_ERRID />
- <INTERNAL_SOURCE_POS>
<PROGID>98</PROGID>
<CONTID>1113</CONTID>
</INTERNAL_SOURCE_POS>
</CX_ROOT>
<CX_NO_CHECK />
- <CX_SOAP_CORE>
- <E_LOCATION>
<CLASS>CL_SOAP_HTTP_TPBND_ROOT</CLASS>
<METHOD>get_http_headers</METHOD>
<ID>3</ID>
</E_LOCATION>
<E_TEXT>SRT: Wrong Content-Type and empty HTTP-Body received: ("HTTP Code 200 : OK")</E_TEXT>
<E_ID>1032</E_ID>
<E_FAULT_LOCATION>1</E_FAULT_LOCATION>
<E_AREA>COREMSG</E_AREA>
<E_HOST>0</E_HOST>
<E_PROCESS_CONTROL />
</CX_SOAP_CORE>
</cls:CX_SOAP_CORE>
</asx:heap>
</ChainedException>
</ns:SystemFault>
</detail>
</soap-env:Fault>
</soap-env:Body>
</soap-env:Envelope> -
Web services Connection_Operations.Logon call fails on Data Services 4.0
Hello,
We recently installed Data Services 4.0. We have a custom Java app which makes use of the web services interface. We had previously used Axis to generate the java class. With DS 4, it looks like the Logon method did change as it now requires the cms system and authentication. We manually updated the java classes to includes these, which has been our general approach in the past for newer releases. However DS 4 uses Axis2 and I'm not sure that this approach would work.
My problem is that the "Logon" call fails with very little details.
In viewing both the webadmin.log and WebService.log it only reports the following:
11/02/2011 18:42:17 [ SEVERE ] Logon failed. Error: null
I understand that I can control the logging detail . The Integrator Guide for DS 4.0, has the following instruction, yet there is no log4j.properties file on my system?
"To control the level of detail in the webadmin.log file, you must edit the log4j.properties file.
The properties file is located in:
LINK_DIR\ext\webserver\webapps\acta_web_admin\WEB-INF
To obtain a debug trace of events, change the log level from the default of INFO to DEBUG. For example,
log4j.rootLogger=DEBUG, A"
Any advise would be greatly appreciated
ThanksHello,
Unfortunately, stdout.log below doesn't show anything possibly due to some mis-configuaration of log4j.properties. In my previous post I requested info on which log4j.properties should be modified as the documentation in the DS 4.0 Integrator's guide mentions a none-existent path?
log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN No appenders could be found for logger (com.sun.faces.config.ConfigureListener).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN No appenders could be found for logger (com.sun.faces.config.ConfigureListener).
log4j:WARN Please initialize the log4j system properly.
com.businessobjects.webpath.rebean3ws.Activator
log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester).
log4j:WARN Please initialize the log4j system properly.
null -
Report that uses web services as data source, prompts for database logon
I have a crystal report that uses web services as a data source. When I deploy the report to Infoview it prompts me for a database username and password. Since I am not using a database it should not prompt me for these. I tried various options in the CMC->database settings for this report but it still prompts me for the database logon info or tells me that the database logon information is incorrect.
The report work fine in the Crystal Reports Designer.
Does anyone know how I can prevent this report from prompting me for the database logon info ?
Thanks,What options have you tried in the CMC?
Have you tried running the report in Crystal Reports installed directly on the Enterprise machine? -
BMC Remedy ticket generation and view its status in OIM using Web Service
Hi All,
I want to Integrate and on-board Remedy system (BMC) with the Oracle Identity Manager (OIM) for my client. It has a standard way for external applications to exchange Remedy ticket data with the Remedy system. Remedy system picks up information from the external interface database table for inbound Remedy tickets and direct it to the appropriate Remedy forms and workflow. (In short it raises tickets for provisioning / deprovisioning / error processing for Target System like ACF2 etc).
Use Cases:
*1.* Visibility of Ticket Status
The status of a Remedy ticket could be viewed by the user by clicking on Remedy Resource object instance found from the "My Resources" link after logging into OIM. Typically the user form should be visible.
Visibility of Ticket Status (Alternative)
The scope of customization of the "My Resources" link to add e.g. "My Tickets" which would show all the Remedy tickets that OIM has raised for the user.
*2.* Web Services
The Remedy application would notify OIM when the status of a ticket is changed within the Remedy System boundary. Ideally a web service hosted by the security team would get called by the Remedy Application and OIM would be updated by the service
This is an urgent requirement and your feedback would be very valuable and highly appreciated. I am looking forward for a solution for both the use cases but the priority is on 2nd use case i.e the web service part using SPML.
Regards,
SourishDuplicate:https://social.technet.microsoft.com/Forums/en-US/796fad9e-9f69-40f0-98aa-2816793fc38c/bmc-remedy-integration-with-scorch-and-ad?forum=sco3pip
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
ANONYMOUS LOGON Web Server to WCF Web Service(Different Server)
Hi,
I have facing login credentials lost web server to wcf web service(different server). I got correct data if i open my web site from Web Server but i got "403 forbidden" if i call from client pc or other server.
I used domain account to run the web application for my own web site. Is it something wrong on my configuration at each server. I have no idea to how to make it to correct. I don't find correct answer on Google or bing.
Here
is server information and SPN List. Please let me know if want to know more details.
1. Domain Server
2. CRM Server (Web Site is host on this server)
- Enable Kernel Mode
- Windows authentication (1st - Negotiate, 2nd - Ntlm)
- Impersonate
- Application Pool (domain\account)
3. ERP Server (WCF Web Services is host on this server - support kerberos + ntlm).
- domain\account to run services.
- constrained delegation to sql server
4. SQL Server
Here is SPN on each Server and Service Account
SQL Server SPN List
MSSQLSvc/WS08R2SP1-SQL.domain.local:1433
MSSQLSvc/WS08R2SP1-SQL.domain.local
WSMAN/WS08R2SP1-SQL
WSMAN/WS08R2SP1-SQL.domain.local
RestrictedKrbHost/WS08R2SP1-SQL
RestrictedKrbHost/WS08R2SP1-SQL.domain.local
HOST/WS08R2SP1-SQL
HOST/WS08R2SP1-SQL.domain.local
CRM Server SPN List
TERMSRV/WS08R2SP1-CRM
TERMSRV/WS08R2SP1-CRM.domain.local
WSMAN/WS08R2SP1-CRM
WSMAN/WS08R2SP1-CRM.domain.local
RestrictedKrbHost/WS08R2SP1-CRM
RestrictedKrbHost/WS08R2SP1-CRM.domain.local
HOST/WS08R2SP1-CRM
HOST/WS08R2SP1-CRM.domain.local
ERP Server SPN List
TERMSRV/WS08R2SP1-ERP
TERMSRV/WS08R2SP1-ERP.domain.local
WSMAN/WS08R2SP1-ERP
WSMAN/WS08R2SP1-ERP.domain.local
RestrictedKrbHost/WS08R2SP1-ERP
RestrictedKrbHost/WS08R2SP1-ERP.domain.local
HOST/WS08R2SP1-ERP
HOST/WS08R2SP1-ERP.domain.local
Domain\NavSvrAdmin (Running Navision Web Service Account) SPN List
HTTP/WS08R2SP1-ERP.domain.local
HTTP/WS08R2SP1-ERP
NAV61-SG_Demo/WS08R2SP1-ERP.domain.local:7046
NAV61-SG_Demo/WS08R2SP1-ERP:7046
Here is login fail list on Web Server (CRM Server) using
WinShark.
Here is LogIn information on ERP Server. I got this log if i access my web site from client pc.
ERP Server
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: ANONYMOUS LOGON
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x45e781
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: WS08R2SP1-CRM
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
SQL Server Properties
Link 1 Link 2
ERP Server Properties
Link
CRM Server Properties
Link
Please ignore my mistake if i post wrong place.
Best Regards,
Make Simple & EasyLegacy Web services and WCF services are discussed in the Services secition in the ASP.NET forum.
http://forums.asp.net/ -
Updating Logon Data for Web Service in SICF not possible
Hello, hopefully someone can help me with my problem.
I have created a custom Web Service based on a custom Z Function Module.
This all works fine in our Development environemnt. I was able to go into SOAMANAGER and generate the end point. This created the web service in SICF. I was then able to go into SICF and change the logon data to use our service ID.
All tested and functionaing great.
We then transported everything to QAS. I again went into SOAMANAGER to generate the End Point, and this worked fine, we have the web service now visible in SICF.
The problem now occurs when I go into SICF and try go into change mode to enter the service user in the logon data tab. I get a popup message stating :
"You cannot use this transaction to change the service."
When I click on the long text explanation I get:
"Message SHTTP824
You cannot use transaction SICF to modify this service.
This means that only the application has the authorization to use the defined interface to modify this service."
Does anyone know how to get around this ? Or how to define our logon data using SOAMANAGER ?
thanks
Adrianthe right way to transport logon info along with SICF service is to create an external alias for your BSP and maintain the logon info in the external alias.
other wise you have to open the production system for changes and change it , which may not be allowed.
Regards
Raja -
Logon authentication in REST web service
Hi Experts,
I have created a web service through SICF transaction code. Its working fine when i do maintained Logon data over there.
but the problem is that client want to use this web service on his IPhone, through login credential, Means firstly the user has to login over there then he can access the web service.
Can anyone tell/suggest me how can i achieve this one. Since i have very new to web services.
Is there any standard report or some piece that can help me to achieve this.
Thanks,
MarcoHi Marco,
What happens if you just remove the logon credentials (from the Logon Data tab) that you've supplied & try calling the webservice then? It should prompt the iPhone client for a user & password before executing the service. Make sure that the 'Procedure' field (on the Logon Data tab) is set to 'Standard'.
Alternatively, if the above doesn't work:
Change the 'Procedure' on the Logon Data tab in SICF to 'Alternative Logon Procedure' & remove all other logon procedure & just leave 'Basic Authentication' in the Logon Procedure List (you might have to scroll down to see this list).
Regards, Trevor -
Unable to logon to Oracle Web services manager console
Hi guys...I am dan.....
I have oracle soa 10.1.3.1.0. I ma trying to log on to Oracle Web services manager console.
I tried all the possible usernames and passwords like
un: default
pw: welcome1
un: oc4jadmin
pw: oc4jadmin (this is the password that I gave for the administrator at the time of installation of soa suite)
un: oc4jadmin
pw: welcome1
Thanks in advance guys.....okei, the table orawsm.users is empty is after the upgrade.
need to reexecute irca.bat then
but, where is the sql script for actually populating orawsm schema?
Edited by: user11204588 on Nov 17, 2010 7:22 AM
Maybe you are looking for
-
Hello all, I ordered a CTO Mac Pro for heavy rendering and animating work, and I am planning on using bootcamp to install a windows partition (for 3DsMax). As I am now using a HP Elitebook 8770W that has several valuable files and projects on it, I h
-
I've just encountered this builtin in a program that is generated from Designer6i. I'm getting error messages. Where can I find documentation on this builtin? Can't find anything in PL/SQL docs or Forms docs. Help? Haakon null
-
Wiki Some Attachments are Broken
For sometime in the past few weeks, something has gone with our Wiki Attachments. Some links are working without issue, and some are getting a 404 error. The links with 404 are being redirected to the same URL, however there is a /sandbox/ before t
-
Can not use gb2312 charset in mysql!
I just come from Mandrake Linux. And my MYSQL database's date in Mandrake has been output to a .sql file. When in input the .sql file in to MYSQL of Arch using phpmyadmin, the GB2312 char becom ?????????? Oh..... I have set the gb2312 char in httpd.c
-
Using hyperlinks in Indesign : Problem
When I try to link to a URL, InDesign usually changes it to a URL that does not exist. For example : http://www.nytimes.com/projects/2012/snow-fall/?hp#/?part=tunnel-creek becomes http://www.nytimes.com/projects/2012/snow-fall/%3Fhp%23/%3Fpart%3Dtunn