Web Services - Username / password

Similar Messages

• BPM Process As a Web-Service Username and Password

  Hi all,
  We have exposed a Process as a Web-Service WSDL to another system . We use Username Token Profile to enter the username and password to connect to the Web-Service..
  Now what we do is we have a role in our project and we create a dummy Web-Service user and add the role to that user and then use its password and username to call the Web-Service.
  Can we change this?
  Can we have a dummy username and password not associated with any role in BPM used in our Web-Service?

  Did you use PAPI code inside your web service or did u just use PAPI Web Services ( like did u just pressed the button Launch PAPI Web Services ) and it created the WSDL for you and u used it to create the client?
  I am using the latest version of OBPM..
  Oracle 10.3.10
  Can you let me know what do u mean by PAPI interface.. Is it the PAPI code of is the PAPI Web Service which is built by BPM automatically and could be used?
  Edited by: user8707382 on Sep 10, 2009 9:00 AM

• Validate web service username and password against Oracle EBS

  Hi,
  We have a requirement to pass username/password to a SOA webservice that needs to be validated against Oracle E-Business Suite (EBS) login credentials. The EBS users are not integrated with SOA Weblogic server. In EBS, the standard PL/SQL procedure FND_WEB_SEC.VALIDATE_LOGIN(user_name, password) can be used for validation. Appreciate if someone can provide input on validating the username and password as part of web service security header using any OWSM policy.
  Thanks!

  I'm guessing that you are trying to call an EBS API and are using FND_WEB_SEC to test that the user account is valid in FND_USER first before executing the API call. In that instance, you'll likely need to use the Oracle Applications Adapter for EBS if you want to authenticate the user through FND_USER.
  If you've not purchased that adapter, you could use a simple BPEL process, with a regular database adapter to firstly call the FND_WEB_SEC package to authenticate. Pass the response from eBS into a bpel variable, add a bpel switch based on the outcome of that variable either execute the API call or  throw an authentication error if the call failed.
  You can wrap all this up into one web service that then calls this bpel process, taking the username and password as as input parameters.
  Phil

• Web service username and password problems

  Hi,
  I am trying to create a client to consume webservices exposed on a secure .net platform that is SSL protected (https).
  I am using netbeans 6 with WSIT support. When I create the web service and add the WSDL file - it comes up with the certificate that I then approve, but then just displays a IO Exception. When I access the WSDL through a browser, it requests a username and password (which I supply) and it works fine.
  I've tried on Netbeans 5.5 but with no luck - it asks for a username and password (at least) but doesn't accept them.
  How can I connect to an https web service that requires a LDAP username and password?
  Thanks,
  Brendan

  I'm guessing that you are trying to call an EBS API and are using FND_WEB_SEC to test that the user account is valid in FND_USER first before executing the API call. In that instance, you'll likely need to use the Oracle Applications Adapter for EBS if you want to authenticate the user through FND_USER.
  If you've not purchased that adapter, you could use a simple BPEL process, with a regular database adapter to firstly call the FND_WEB_SEC package to authenticate. Pass the response from eBS into a bpel variable, add a bpel switch based on the outcome of that variable either execute the API call or  throw an authentication error if the call failed.
  You can wrap all this up into one web service that then calls this bpel process, taking the username and password as as input parameters.
  Phil

• Web Services Usernames and Passwords in Axis

  Hi everyone,
  I have created a Web Service in Axis with SOAP and it is working fine. I have a remote client that connects to the WS and retrieves the Array of Complex types very seamlessly. The only problem that I have been battling with is that the authentication is being done very rudimentary in my test environment, which is to send a username and pw along as parameters, which in turn is verified against a protected, local properties file.
  I noticed that certain examples use a client and the call.setUsername() and call.setPassword with the org Apache Call class. My problem is to know how the authentication check is being done and whether it si somehow included in the service-config.wsdd. If not, where is the username and pw stored and compared to the values coming in?
  Thanks
  SBO

  Has this started happening without you having made any changes to the site? If so then it's a server side issue and you won't be able to do much from your end. Be sure to report it to Apple via the following link: http://www.apple.com/feedback/iweb.html. You might also report it to http://www.apple.com/feedback/mobileme.html.
  OT

• How to consume Web Service with Password digest from PLSQL

  We have Oracle 10g (10.2.0.3.0) 64 bit. We have a situation where we need to consume web service whose security header looks like as follow,
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-50">
  <wsse:Username>weblogic</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">d2enK45chjBPVvvukbYU6OX56kI=</wsse:Password>
  <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">YAhEtLJfp4lzycLd3hZYjQ==</wsse:Nonce>
  <wsu:Created>2013-01-22T06:28:38.897Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  Here we need passowrd digest, Nonce and Timestamp.
  How to create password digest from PLSQL? or if any other alternatives available please response soon.

  I do not see why it will not be possible to do digest authentication with a web server using PL/SQL.
  As for the digest password - the web server supplies a token (a nonce) which you need to use for creating the hashed authentication token (the digest password). The URL I posted explains this authentication process.
  As for the technical how-to in PL/SQL - as I mentioned, never had to do this (only dealt with Basic and NTLM authentication thus far). But as other auth methods (such as Microsoft's NTLM) can be implemented, I do not see why digest authentication could not.
  Suggest you spend some time googling for technical articles/sample code on the subject - and try to find specific PL/SQL related sample code too.

• OnDemand Web Services, SSO, SSO Token

  Hello,
  We are working on a project that requires integration between an external application and Oracle CRM OnDemand. We are using the OnDemand web services for this and have got the integration going.
  However we are currently using a fixed username/password for instantiating the web services sessions and would like to change that using SSO such that we pass the SSO Token and obtain a session id and then use that for the same integration.
  Not sure how to get SSO going though. I've read the posts on this forum and have now gotten SSO enabled for our company and user. We also know that we need to pass on the URL a SSO Token instead of Username/Password.
  However dont know where/how to get the SSO Token?
  Any pointers will be appreciatd. If someone has the pseudo code of the 3-4 steps to getting the SSO token going would be appreciated.
  Thanks

  Ok got it. So I guess the SSO Token does not meet our use case then.
  Here's our use case.
  We have an custom web application that users log into. These users are also OnDemand users with a OD Username/Password but the values are not the same as the custom web app username/password.
  What we need is, when these users log into the custom web app and perform certain tasks the web app behind the scenes creates a web service session with OD and inserts some data. We were currently using a common username/password to do inserts, but now we want to do it based on each users login, but do not want to locally store in the custom app the OD Uid/Pwd's. So we thought SSOToken would allow us to do this where since the users are logged into the custom web app that app would then use the SSO Token to create a session with OD and insert data.
  Any ideas would be appreciated.

• Username and password validation on SOAP Web Service

  Hi,
  I'm pretty new to web services and c# .net framework.  
  I'm developing an app that uses a third party's API/ Web services. My first task is getting this log in(authentication) to working.
  Right now its nothing more than a simple Login form:
  The code behind the "Log In" button is so far:
  Here I've instantiated the SOAP web service that I'm using. And when I got to test/debug my form and type in my username and password and click the "Log In" button nothing happens..."of course" 
  So my question is, how could I validate whether the username and password were sent to the web service and whether the authentication is true or false?

  I'm trying to figure that part out...of how I can get it to return the bool. How can I check to see if it returns a bool?(because i'm not really sure if it does or doesn't just yet)
  I'm not expecting it to say "Hey you're logged in" because the actual application doesnt work that way. The actual desktop client will log you in with a (Domain Name\ Username) and windows authenticate
  that you're who you say you are, check the SQL Server and Database and Logs you in. 
  So im trying to figure out how I can manually set it up to where it let the user know that they have Logged in successfully.
  And you're saying that the code i have right now SHOULD log the users in correctly?  

• Username and password token retrieval from SOAP web services

  We are implementing one JAX-WS Web services which requires to retrieve the username and password in SOAP header elements and use those for further use/processing.
  When we are retrieving username/password it’s coming as null. Please help ...
  if (Boolean.FALSE.equals(context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY))) {     
  try {
  SOAPMessage sm = context.getMessage();
  //SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
  SOAPEnvelope envelope = sm.getSOAPPart().getEnvelope();
  SOAPHeader sh = envelope.getHeader();
  System.out.println("Message: "+envelope);
  System.out.println("Envelope: "+envelope);
  System.out.println("Header: "+sh.toString());
  Iterator it = sh.examineAllHeaderElements();
  while(it.hasNext()){
  System.out.println(it.next());
  String username;
  username = sh.getAttribute("Username");
  // username = sh.getAttributeValue("Username");
  //String password = sh.getAttribute("Password");
  System.out.println("uid:"+username);
  //System.out.println("pass: "+password);
  context.put("Username", username);
  //context.put("Passsword", password);
  // default scope is HANDLER (i.e., not readable by SEI
  // implementation)
  context.setScope("Username", MessageContext.Scope.APPLICATION);

  <S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
  <S12:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>TestUser</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TestPassword</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </S12:Header>
  </S12:Envelope>

• How-to access username and password protected Java EE Web services from ADF

  The title of this post is exactly the same as this article by Frank Nimphius:
  http://www.oracle.com/technology/products/jdev/howtos/1013/protectedws/access_protected_web_services_from_adf.htm
  The article addresses the problem of securing web services using usernames and passwords, when those web services are accessed through a proxy or a data control. In the examples, the user names and passwords are specified, whether in the code or the definition of data controls. (SKING/SKING).
  In a very common scenario, users login to reach a page, for example, A.jspx, which contains a button that calls a web service, for example displayDate. Suppose that user has logged in by username/pass of (AHUNOLD/AHUNOLD) and AHUNOLD has access to the service and the page. Is there any way to pass the logged in user name and password to the webservice ? Of course we can hard-code the username in the data control definition or proxy code, but this is just one of the thousands of users who have access to the service and the authentication is not dynamic this way.
  Hope my question is clear. Wishing you all a great Christmas.
  Farbod

  Hi Frank, and happy new year.
  Are you implying that it couldn't be done declaratively? What is your suggestion for this problem? You know the problem... As I described:
  - I need to secure my web services, so when exposed, no one from inside network or the internet, can access the web service without proper permission
  - The web services are shown as web controls on jspx pages. The user has logged in before reaching the page. It is irrelevant to ask him to enter user name and password again.
  - I have user names, passwords and roles in Oracle Internet Directory (Identity Management). It provides some APIs and I can retrieve the usernames and attempt logging in programmically. But how can I get username and password from the session in ADF application?
  I guess using SAML or certificate could be the solution, but I have a problem with SAML, described here:
  Re: Webservices Security, SAML, and Identity Management (OID)
  Best Regards,
  Farbod

• The server at Mac OS X Server Web Services requires a username and password

  I am running SL Server 10.6.2, wiki works but when a person clicks an attached file in a wiki and then selects "open" they get a login popup with the notification The server at Mac OS X Server Web Services requires a username and password. It doesn't matter what they put into the login/pass it comes back. If they hit cancel then the document opens. If they click save then it saves with no issue. I can type in the admin login/pass of the server and it works. Does this mean the security settings to the location of the files is wrong? Any help is greatly appreciated!

  By the way they are using Internet Explorer 7 when opening these documents.

• VC Change username and password for web services

  Hi everybody
  I need to change the username and password into the portal of some web services that   have already been created portal is consuming these web services  a XI
  Thansk
  Ivan

  it is ok ....
  thank you....
  i have now this issue:
  i need to add new E1 to be in the same trunk for previous E1 which is for Abdali. new E1 will not have signal it depeneds at old one timeslot.
  i used this for new E1:
  prov-add:nailedtrnk:name="1033",srcsvc="ss7p-jtc-abdali",dstsvc="naspath1-abdali",srcspan="ffff",dstspan="0",srctimeslot="33",dsttimeslot="33",spansize=31
  for old one this:
  prov-add:nailedtrnk:name="1002",srcsvc="ss7p-jtc-abdali",dstsvc="naspath1-abdali",srcspan="ffff",dstspan="0",srctimeslot="2",dsttimeslot="2",spansize=30
  ============================
  at AS5400 i used to add new E1:
  controller E1 7/2
  framing NO-CRC4
  pri-group timeslots 1-31 nfas_d primary nfas_int 1 nfas_group 0
  Is this true or there are other commands i should use?
  OLD E1 is configured as:
  controller E1 7/0
  framing NO-CRC4
  channel-group 0 timeslots 1
  pri-group timeslots 2-31 nfas_d primary nfas_int 0 nfas_group 0
  description Connection to Abdali
  interface Serial7/0:0
  no ip address
  encapsulation ss7
  channel-id 0
  interface Serial7/0:15
  no ip address
  encapsulation hdlc
  isdn switch-type primary-ni2c
  isdn incoming-voice modem
  isdn map address . plan isdn type network
  isdn rlm-group 0
  no isdn send-status-enquiry
  isdn negotiate-bchan resend-setup
  isdn bchan-number-order ascending
  no cdp enable
  any help please for correct commands i shall use? please see attached file for details.

• Testing a secured Web Service (Basic -Username/Password)

  Hello,
     I configured security for a custom web service using [this |https://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/e08627de-9816-2a10-02b7-cbd60f7e4b2c&overridelayout=true] . I configured section
  3.2 Configuring Document Authentication
                 Basic (Username/Password)
  How should I go about testing this. I tried using Web Service Navigator, I get this error:
  00118565098B00220000011400001D8C00047182FEC71535 : Authentication using a wsse:Username token failed. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..

  Please download tutorial bundle from:
  http://java.sun.com/javaee/5/docs/tutorial/information/download.html
  some details about it:
  http://docs.sun.com/app/docs/doc/819-3669/gfiud?a=view
  You can try examples after downloading zip file :
  The zip file also contains a documentation e.g. pdf file.
  There you can find more info.
  Here is one chapter from doc.
  Example: Basic Authentication with JAX-WS
  This section discusses how to configure a JAX-WS-based web service for HTTP basic
  authentication. When a service that is constrained by HTTP basic authentication is requested,
  the server requests a user name and password from the client and verifies that the user name
  and password are valid by comparing them against a database of authorized users.
  Regards Miro

• Web service functions in SSO without username and password

  Is there a way to use the Public Report Web Service functions when configured in SSO and without passing a username and password? I was able to try out the web service and make it work. As we all know, you need to pass a username and password for each web service call unless your reports can be accessed by guests. In an SSO + LDAP server configuration, there are cases in which you are not allowed to get the password. The password can not be decrypted.
  Is there a way to still use web service? or do you need to use the url approach instead? But if you use the url approach then you may be limited to generating reports only.
  I'm thinking there should be since if you are already logged in for SSO then you should be able to generate.
  Any way to configure this?

  <i>When I access web reports from bw.</i>
  i hope you are not talking about BEX web reports , since you have mentioned ITS.
  Is it a standlone ITS or intergrated ITS?
  can you post the url pattern here.
  Regards
  Raja

• How to pass username and password from form to web service

  Hi All,
  We need to develop an offline interactive to form.
  When on desktop computer, the user has to click on button and it calls a web service (exposed via PI ) which updates the backend.
  But backend needs an authorised user for updation. We have a dummy user with authorisations.
  But how to pass the that username with its password to web service
  Please give your suggestions
  Regards,
  Aditya Deshpande

  i am closing this thread