Web Serviices Authentication Settings

Similar Messages

• Mac Adobe Flash Player not supporting Web Proxy Authentication

  Anyone else got an enterprise network where you use web proxies with web authentication and no traffic allowed out except through the proxies?
  You may need to be in the UK for this, but try accessing BBC iPlayer content - http://www.bbc.co.uk/iplayer and you should discover that the content won't play. the error says "This content doesn't seem to be working. Try again later.". The content will never work as the Mac version of Flash (currently 10.1.53.64) is not able to respond to web proxy authentication requests. The BBC use various streaming server which are randomly selected when a user starts a stream and they have no DNS. Just IP addresses. They don't publish a list for security reasons. So it is almost impossible to exempt all their servers from authentication.
  I've logged a bug with Adobe. If you have this issue too, please add a comment and vote so that they can begin to grasp the impact of this problem:
  https://bugs.adobe.com/jira/browse/FP-5161

  I have the same issues in Australia trying to access flash content from the ABC website. The strange thing is the content will play if your leave the browser open for 5min.
  After several packet data captures we identified that it has to do with the amount of time it takes the Mac timeout from the proxy before it plays the video content.
  No solution yet.

• SOAP Web Service Authentication configuration

  Hello,
  I've got a little problem with Web Service authentication configuration.
  I'm working on the SAP NetWeaver CE EHP1 7.11. I also have a XMII application deployed on the server and there are some SOAP Web Services(over XMII Transactions) that require basic authentication.
  I use all Web Services in the EJB layer. So, I've generated proxy using SAP NetWeaver as a Web Service Runtime for generation. And Iuse an injection mechanism to get a service implementation:
  @WebServiceRef(name="GetBatchListService")
  private XacuteWS batchListWS;
  In this case I could use Single Service Administration application in the NetWeaver Administrator@SOA Management@Application and Scenario Communication to configure basic authentication for EVERY Web Service. And this configuration disappears after every redeploy.
  The question is how and where could I configure authentication for all web services?
  I've read a lot of documentation, but, unfortunately, I haven't found needed one. I could see 2 direction of searching now, it might help:
  1) Destination: Configure HTTP Destination or Web Service Template Destination and use it in all Web Services proxies somehow.
  2) Find Configuration way: Create a configuration group or anything else to configure all services from one screen.
  Best Regards,
  Dmitry

  Dimtris,
  If your WSDL url is pointing to the URL of the Adapter Engine as shownin the Hot to Use the SOAP adapter there is no option. You cannot add it to the SOAP Url.
  But, if you change the SOAP Url to the Url shown in this blog by Stefan Grube then you can add the user id and pasword to the url by adding sap- user=userid and sap-password = password.
  The optin shown ion the blog by Grube can be used as long as you do not have to use SOAP attachments and in this  case you would not need both sender SOAP adapter and a sender agreement.
  /people/stefan.grube/blog/2006/09/21/using-the-soap-inbound-channel-of-the-integration-engine
  Regards
  Bhavesh
  Regards
  Bhavesh

• X.509 Web Service Authentication for ABAP AS Web Service Interaction

  We are trying to use X.509 web service authentication with SAP Web AS ABAP between 2 different SAP installations. Company 1 is trying to consume a web service set up by Company 2.
  Company 1 has installed Company 2's public key, generated the client proxy using Company 2's WSDL and created a corresponding lpconfig entry.
  Then company 2 has set up the profile parameter ICM/HTTPS/verify_client to accept certificates and imported Company 1's SLL client certificate and mapped the user in USREXTID.  Note that Company 1 uses self-signed certificates, so it does not have a root certificate, which is what the documentation says should be imported into the PSE instead of the SSL client certificate.
  When Company 1 tries the web service call, it receives a request to authenticate the web service from Company 2. (basic authentication logon screen, even though the web service configuration is set to X.509 Client Certificate.
  Should this work or is there a problem because Company 1 uses self-signed certificates or is there something else we are missing?

  >
  Connie Begovich wrote:
  > We are trying to use X.509 web service authentication with SAP Web AS ABAP between 2 different SAP installations. Company 1 is trying to consume a web service set up by Company 2.
  >
  > Company 1 has installed Company 2's public key, generated the client proxy using Company 2's WSDL and created a corresponding lpconfig entry.
  >
  > Then company 2 has set up the profile parameter ICM/HTTPS/verify_client to accept certificates and imported Company 1's SLL client certificate and mapped the user in USREXTID.  Note that Company 1 uses self-signed certificates, so it does not have a root certificate, which is what the documentation says should be imported into the PSE instead of the SSL client certificate.
  >
  > When Company 1 tries the web service call, it receives a request to authenticate the web service from Company 2. (basic authentication logon screen, even though the web service configuration is set to X.509 Client Certificate.
  >
  > Should this work or is there a problem because Company 1 uses self-signed certificates or is there something else we are missing?
  I think that the problem is in Service Authentication (in transaction sicf). You have to consume web-service, transmitting user-password for access.

• Web based authentication for wired client, Crendentials submission failure.

  Hi,
  I am trying to set up the functionnality "cisco web based authentication" for the wired clients.
  The problem i encountered is that my switch doesnt forward the client's password to the ACS.
  When the user validate his credentials on the login page only the login seems to be forwarded.
  The result of the command "show ip admission cache" always show the client in the init state.(i use the default cisco web login page).
  the connection between aaa servers and the switch is working.
  You will find in attachements the running-config and the debug file.
  Thanks for your help, any ideas are welcome :) (its t os version c3750e-ipbasek9-mz.150-2.SE7).

  Well i took a look on your documents but i didnt find anything that helped me ;S.
  I'm still stucked on the same step.

• Exchange 2010 Virtual Directory Authentication Settings

  Is it normal for authentication settings to be different in IIS Manager and Exchange 2010 Management Console? OWA and ECP are set to forms based in EMC, but IIS shows OWA and ECP as basic = enabled and everything else = disabled. IIS shows
  OAB as windows = enabled and everything else = disabled.

  Hi,
  Here is a reference about the default IIS authentication settings and default
  Secure Sockets Layer (SSL) settings for the Client Access and Mailbox server roles:
  http://technet.microsoft.com/en-us/library/gg247612(v=exchg.141).aspx
  It is recommended to manage your Exchange virtual directories authentication settings in Exchange Management Console or Exchange Management Shell instead of IIS manager. Some authentication changes in IIS require an IIS reset. If you are using Exchange management
  tools, you will see a warning that would tell you to reset IIS if needed.
  Thanks,
  Winnie Liang
  TechNet Community Support

• HT204291 I am trying to connect my new Apple TV to a wifi connection at a hospital.  This apple tv connects at home but is unable to at hospital bc of a web page authentication agreement page.  All of my iOS devices are connected.

  I cannot connect my apple tv to the wifi bc of the web page authentication.  When signing my other iOS devices on the network an immediate web page pops up with a user agreement to check and agree.  How can I do this with the new apple tv?

  Welcome to the Apple community.
  Unfortunately that isn't possible with the Apple TV, the Apple TV does not have a web browser.

• Org Modeler 3.0: Authentication Settings

  Hi,
  I'm using Org Modeler 3.0
  When I go to security settings->Authentication Settings, the settings never takes effect. For example, I change the Authentication Mechanism to Anonymous, but I was still prompted to logon. If you enter my crendital, it says logon invalid.
  I checked the log, it has this warning:
  29. 27 Dec 2010 09:39:04 WARN com.nakisa.Logger - com.nakisa.framework.utility.XSLRender : loadTemplates : E:\usr\sap\NKD\J00\j2ee\cluster\apps\Nakisa\OrgModeler\servlet_jsp\OrgModeler\root
  Security\security.xsl does not exist.
  I notice something strange. First of all, it has "
  " before the security folder, this doesn't look right to me. Anyway, the bigger problem is, the Security folder actually doesn't exist!
  (I cross checked the same path in Org Chart, security folder exists)
  Can someone help?

  Hi there,
  You are right, OrgModeler does not have a security folder. However, if you create a Security folder in the Root folder in your build folder and put in the files from the OrgChart Security folder then this should work. I've done it before to create security configurations for OrgModeler and I'm suprised it is needed here because the default configuration does not have any roles etc.
  Regarding it not saving configuration, it could be because of this or it could be because of the known bug with NetWeaver CE 7.2. Which CE platform are you on?
  Good luck!
  Luke

• The Aironet 1240AG Autonomous Web Interface authentication

  Hi,
  I would like to know if the Aironet 1240AG Autonomous, is capable to do Web Interface authentication (like a public hotspot, so no security on Wifi, but you will only get access to the network/internet when one has opened a Internet Browser and got an Username password challange from the Access Point )
  I'm planning to use this methode to make a guest access wifi connection to Internet available.
  Had this first with a propper WPA key, but lot's of guests had many dificulties to connect this way.
  So now I'm want to try it on a way most users are used to due to the Web interface authentication they know from public hotspots (hotels etc. )

  The only way I found to do this with autonomus is with third party software, that has the function known as "captive portal". You could try the sofware based on freebsd named monowall (its a firewall) with the captive portal feature.

• IBNS web-based authentication HTTPS intercept

  Hi everybody,
  Hopefully this is an easy question.
  I have configured an IBNS setup with Wired Web-Authentication. To sum this up: connect a computer to the switch, go to a web page, the switch intercepts the http request, sends you a log-in page, you log in and get directed to the original web page.
  For this, I have used the following guide http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577494.html
  Before I implemented this, I had the HTTP and HTTPS server on the switch disabled. But if I disable the HTTP serer (and leave the HTTPS server enabled), the switch doesn't intercept the web pages anymore. Is there a way to use web-based authentication without using the HTTP server and using only the HTTPS server on the switch?
  Hope someone can help me with this.
  Thanks
  Ian

  Well I haven't had any luck getting an iPhone to present an SSL certificate to an IIS7 ASP.Net webserver.
  The same .p12 certificate works on IE7, PocketIE (WM6), Firefox and Safari (PC version). The website is set to Require an SSL certificate. From the Windows Mobile or PC browsers, you get a prompt for the client certificate. I have tried Nick's website and the iPhone will prompt to choose between his and my certificates, however with IIS7 you just get a 403.7 client SSL certificate required error.
  I have turned on SSL tracing in HTTP.Sys and get the following (edited for length) :
  <Opcode>SslInititateSslRcvClientCert</Opcode>
  - <Keywords>
  <Keyword>Flagged on all HTTP events handling ssl interactions</Keyword>
  </Keywords>
  <Task>HTTP SSL Trace Task</Task>
  <Message>Server application is attempting to receive the SSL client certificate, which will be provided if available. If the client certificate is not available, a renegotiation will be initiated.</Message>
  <Channel>HTTP Service Channel</Channel>
  <Provider>Microsoft-Windows-HttpService</Provider>
  ... then after various SSL negotiations and receive raw data traces I see...
  <Opcode>SslRcvClientCertFailed</Opcode>
  - <Keywords>
  <Keyword>Flagged on all HTTP events handling ssl interactions</Keyword>
  </Keywords>
  <Task>HTTP SSL Trace Task</Task>
  <Message>Attempt by server application to receive client certificate failed with status: 0xC0000225.</Message>
  <Channel>HTTP Service Channel</Channel>
  <Provider>Microsoft-Windows-HttpService</Provider>
  Which basically seems to mean a "not found" error.
  Anyone had any luck with iPhone to IIS 7 (which we have to use as it is an ASP.Net website)?

• Caching for Web Portal Authenticated clients

  Reading CUWN documentation, Sticky Key Caching works only on WPA2-enabled WLANs.   Is it possible to enable a caching to help Web Portal Authenticated clients perform intra-controller roaming faster?

  Ok, so here's how it works:
  When the client gets on the network, the controller contacts the DHCP server and hands the client back its IP (as with any helper address).
  In order for web auth to work, you need to open a browser on the client.
  When you go to a page (say www.google.com) your browser does a DNS query for the IP address of the site (www.google.com), the controller intercepts the query.
  Since you have not been authenticated yet, the controller does not allow the query directly, but it proxies the query to the DNS server you were trying to resolve against. It sources this query from its interface that is on the VLAN the SSID your client is on maps to.
  That reply is proxied back to your computer, and then your browser does its normal request to Google?s IP.
  The controller then intercepts that request, and sends a reply back redirecting the browser to the controller login page (usually https://1.1.1.1).
  Once you log into the web page, you will be redirected back to your original page (www.google.com).
  I hope I explained it well. If I wasn't clear, please let me know.
  -Eric

• Outlook client proxy authentication settings default to basic

  So we are moving our way towards exchange 2013 and something odd keeps happening. When you setup the outlook client (either 2010 or 2013) the proxy authentication settings keep defaulting to basic despite the fact that I have ntlm setup on the cas. This
  then continues prompting users for a username and password. We could definitely teel them to click the remember this password button but I would like to make the upgrade as smooth as we possible can. Here are the settings:
  ServerName                                   ExternalClientAuthenticationMethod      InternalClientAuthenticationMethod
  MAILHUB2                                                                   Ntlm    
                                 Ntlm
  MAILHUB1                                                                  Basic    
                                 Ntlm
  Mailhub1 is the 2010 frontend, mailhub2 is the new 2013. All DNS and autodiscovery is flowing through mailhub2. Thanks for you help!

  Hi,
  From your description, I recommend you use the following cmdlet to check if the ClientAuthenticationMethod is set to NTLM.
  Get-OutlookAnywhere -Server "xxx" |fl ClientAuthenticationMethod
  If no, you can use the Set-OutlookAnywhere -Name xxx -ClientAuthenticationMethod NTLM cmdlet to set it and check the result.
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• Advice needed for provider hosted web application - authentication and access to SharePoint document library

  I haven't done SharePoint 2013 development with claims so I apologize in advance if my assumptions and questions are way out in left field.
  I'm trying to understand SharePoint 2013 claims authentication for a scenario that involves:
  A SharePoint provided hosted (web forms) app that will pull information and assets (e.g. PDFs) from SharePoint into the web page.
  It will be a VS 2012 solution with asp.net.identity feature.
  Security will be set for internal users, federated external users and forms-based external users.  Based on their security and (claim type) role it will define what information and assets that can be retrieved from SharePoint
  I have looked through MSDN and other sources to understand.
  This one helped with my understanding 
  Federated Identity for Web Applications and assumed that the general concept could be applied to forms-based identity for non-Federated external users .
  What I have now:
  VS 2012 solution web forms application set to Provider Host with asp.net.identity feature and its required membership tables.
  I can create new users and associate claims to the new user.
  I can log in with a user from the membership tables and it will take me to a default.aspx page.  I have added code to it that displays the claims associated to a user.
  For POC purposes I'd like to retrieve documents that are associated to this user from the default.aspx page.
  This is where I am having trouble understanding:  Is my understand correct?
  Internal users
  since they are internal on the network i am assuming that they would already have access to SharePoint and they would already be configured to what documents that they have available to them.
  Federated external users & Forms authentication external users
  it seems to me that the authentication for external users are separate from SharePoint authentication process.
  changes to the configuration settings are necessary in SharePoint, IIS, web application.
  I believe this is what i read.
  claims processes (e.g. mappings) need to be set up in SharePoint
  as long as external users are authenticated then things are ok b/c they would have claims associated to the user and the configuration in SharePoint takes are of the rest.
  This statement bothers me because I think it's wrong.
  So basically i'm stuck with if my understanding is correct: once a user is authenticated either by federated identity or asp.net.identity authentication that it should go to the provider hosted default.aspx page because the claim is authenticated and means
  that it should have access to it and the SharePoint document library based on some claim property.  I could then write the calls to retrieve from a document library and SharePoint will know based on some claim property that the logged in user can only
  access certain documents.
  It just sounds too good to be true and that i'm missing something in the thought process.
  Thanks in advance for taking the time to read.
  greenwasabi

  Hi GreenWasabi,
  i agree this is an interesting topic to discuss,
  as you can check from the article, you may check this example from the codeplex:http://claimsid.codeplex.com/
  when i thinking regarding this topic, its looks like an environment with multiple of realms,
  from what you understand, its correct that all the authentication is based from the provider, so for example i have a windows live ID and internal ID, then when i login windows live ID, it will be authenticated using windows live ID server.
  here is the example for the webservice:
  http://claimsid.codeplex.com/wikipage?title=Federated%20Identity%20for%20Web%20Services&referringTitle=Home
  as i know, if you using this federated, i am not quite sure that you will need to go to the provider page literally, perhaps you can check this example if we are using azure:
  http://social.technet.microsoft.com/wiki/contents/articles/22309.integrating-windows-live-id-google-and-facebook-accounts-with-sharepoint-2013-white-paper.aspx
  Regards,
  Aries
  Microsoft Online Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• XI Web Service Authentication problem

  Hi,
  I have a XI Web Service that our third-party PeopleSoft client is trying to consume. I tested the Web Service and that works. I used SOAP client testing tool that I have which posts SOAp message to the web service URL. Before i use this tool using Internext Explorer, I attempt to connect to the Web Service URL (by putting the entire web service URL in the Address Bar), it prompts me for the user name & password and upon successful authentication, MessageServlet gives me a success message.Once authenticated, i am successfully able to post SOAP messages to the Web Service URL.
  I provided my PeopleSoft team with the WSDL document, they uploaded into their system, made some configs, and the SOAP message that they are generating is as below
  As you can see in the SOAp message, they are attempting to pass the user name and password in SOAP header and I understand XI ignores SOAP headers OR that is at least not the way to authenticate.
  Shouldn't they be able to somehow authenticate themselves against SOAP adapter using User name and password that we provided them with and the send SOAP messages?
  ********<soap:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Header>
  <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken><wsse:Username>user name</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><MI_EMP_ADDR_CHG_OSSERVICE xmlns="https://pics.sco.ca.gov"><PERSON_ID>BB000001</PERSON_ID><START_DATE>20100501</START_DATE><ADDR_LINE1>100 MAIN ST</ADDR_LINE1><ADDR_LINE2/><CITY>CORONA</CITY><COUNTY>RIVERSIDE</COUNTY><STATE>CA</STATE><ZIP_CODE>91881</ZIP_CODE></MI_EMP_ADDR_CHG_OSSERVICE></soap:Body></soap:Envelope>
  I will appreciate any ideas.
  Thanks,
  Saurabh

  Indeed, they should take care of the authentication according to supported XI mechanisms, as explained here :
  http://help.sap.com/saphelp_nw04/helpdata/en/1f/7e2441509fa831e10000000a1550b0/content.htm
  There is also a note #891877 that explains security level settings for SOAP adapter
  Chris

• P6 Bridge Authentication Settings

  Looking for insights on how to set up p6 bridge from Portfolio Manager v9 to P6 v8.1 for an evaluation system. Bridge configuration seems to require selection of an Authentication mode in order for proper setup, however guides do not detail authentication modes or their respective settings.

  The Authentication mode has to match the authentication mode used in your implementation of P6 Web Services.