WebService Authentication

Similar Messages

• Webservices Authentication in PI

  Dear friends,
    When we create Webservices in PI.Is therE any way to authenticate those webservices.can we provide security for Webservices.
  I wish to know webservices  authentication is Possible in PI.

  Hey
  You can check the following blog
  XI : Controlling access to Sensitive Interfaces
  Security: Access Control via Assigned Users
  Thanx
  Aamir
  Edited by: Aamir Suhail on Aug 19, 2008 4:52 PM

• Webservice authentication using plaintext password

  Hi All,
  A basic question:
  For plaintext password authentication, where on the server, do I set what password and username should it against?
  Details:
  We are trying to configure Webservice authentication using plaintext password. Using Jdev 10.1.3.0.4 [constrained to use this], from WebServices editor, it adds the following lines in oracle-webservices.xml:
  <runtime enabled="security">
  <security>
  <inbound>
  <verify-username-token password-type="PLAINTEXT"
  require-nonce="false"
  require-created="false"/>
  </inbound>
  <outbound/>
  </security>
  </runtime>
  I am also able to see the username / password fields in the webservices UI.
  The question is: where on the server, do I set what password and username should it against?
  Any help would be appreciated
  Thanks

  Thanks indeed, Vinod. But my question still remains [perhaps what is obvious to you as expert, might not be obvious to me]. I have folllowed same steps and have achieved the results documented in this post. But where do I provide the correct password on the server side? Currently for any password that is supplied by the client, it allows the call to web services.
  Thanks again!

• Webservice authentication problem

  Web Service Authentication problem
  Posted: Jun 17, 2005 3:32 PM        Reply      E-mail this post 
  Hi
  I have created a portal service and exposed this service as a webservice. I am consuming this webservice in webdynpro. Portal service contains 2 simple methods putdata() and getdatat().
  When i access the webservice i am getting the following error.
  "javax.xml.rpc.soap.SOAPFaultException: The User Authentification is not correct to access to the Portal Service com.sap.portal.prt.soap.GlobalData or the service was not found"
  My Enterprise portal server is configured for SSO to back end R/3 system. I have checked for portal service availability and it is fine.
  My Webdynpro and Portal are running on different machines. EP is running on AIX with SP11.
  Any help please.
  Regards
  NagaKishore V

  Hi Shahab,
  Can you reproduce the issue if you create 2 applications. One that exposes a secured web service and the other one the one, consumes the web service? This would help to isolate the issue and move forward in case is a bug.
  Thanks,
  Juan Camilo

• Webservice authentication failure

  Hi
  I have a webservice which need a userid and pwd for authentication purpose. I have configured these credential information in my communication channel. But my webservice team claims this authentication information is not available at http header (they are capturing the message that is going to webservice from XI throguh some java test tool)and that's why XI is unable to communicate with the webservice. Could you plz tell me how to send the authentication information in the header ??
  thanks
  kumar

  Hi Palanti,
  There are some information missing in your query. first which adapter are you using? Sender or receiver SOAP adapter? As you might be knowing, SOAP adapter is imperative for web services.
  If you are using a receiver SOAP adapter, then the user credentials can be entered while configuring the adapter itself.
  But, if you are using a sender SOAP adapter then you need to specify, which conversion parameters you are using?
  please elaborate your query for better help.
  Thanks,
  Varun

• Error in Webservices Authentication from ADF Page

  Hi All,
  I have created an ADF page which calls secured web services deployed in another weblogic server.
  While running the ADF page from local host (weblogic server installed on my m/c) it is working fine and creating the connection to web services but when I deploy same ADF application to the development server it is not making the connection with web service and throwing below errors..
  I analyzed the issue and found that
  •     Connection from local host: while creating the data control for web services from jdeveloper, am providing some user credentials for http authentication, only then we can access the webservices.
  •     Connection from development instance: however these credentials are missing while making the connection to webservices from development instance. Probably these credentials are not getting passed/stored in the EAR file through which I am deploying the application.
  ERROR -
  [2011-03-10T02:41:41.051-08:00] [ManagedServerADF] [ERROR] [WSM-02054] [oracle.wsm.resources.policymanager] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: OracleSystemUser] [ecid: 0000IuVMrXxESOcLxis1yW1DUASn00000l,0] [APP: ADFMCOApproval] [arg: PolicyAccessService#oracle.wsm.policymanager.ejb.IStringPolicyAccessServiceRemote] Failure in looking up EJB component PolicyAccessService#oracle.wsm.policymanager.ejb.IStringPolicyAccessServiceRemote.
  [2011-03-10T02:41:41.053-08:00] [ManagedServerADF] [ERROR] [WSM-06108] [oracle.wsm.resources.policyaccess] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IuVMrXxESOcLxis1yW1DUASn00000l,0] [APP: ADFMCOApproval] Error initializing the Oracle WSM Policy Resolver because incorrect configuration is passed: {0} {1}.
  [2011-03-10T02:41:43.560-08:00] [ManagedServerADF] [ERROR] [] [oracle.adf.model.connection.webservice] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IuVMrXxESOcLxis1yW1DUASn00000l,0] [APP: ADFMCOApproval] Failed to execute a SAAJ interaction.
  javax.xml.ws.WebServiceException: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Bad response: 401 Unauthorized
  Please help me in resolving this issue…
  Thanks,
  Shuchi

  Another way would be to update Your Credential Store.Using wlst, you can use something like:
  wls:/DefaultDomain/serverConfig> createCred(map="oracle.wsm.security",key="basic.credentials", user="USERNAME", password="PASSWORD", desc="User credentials key")
  This adds the key basic.credentials to the map oracle.wsm.security with the username as "USERNAME". This entry will be stored inside <your domain>/config/fmwconfig/cwallet.sso.
  Thanks,
  Vishal

• ATG webservice authentication

  Hi all,
  we have developed for our customer a custom webservice. We used the ATG WS guide in order to have a webservice that is full compilant with the ATG standards.
  Our main problem is the authentication. Infact the WS responds without perform before a request to the loginUser ATG WS (http://localhost:7001/userprofiling/usersession/loginUser?WSDL), and this behaviour is not what we expected.
  We are using curl to test our WS:
  curl -v -b cookies.txt -X POST -H "Content-Type: text/xml" -d "<soapenv:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:web=\"http://www.atg.com/webservices\"><soapenv:Header/><soapenv:Body><web:findCustomer soapenv:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"><identificationID xsi:type=\"xsd:string\">abc123</identificationID></web:findCustomer></soapenv:Body></soapenv:Envelope>" http://localhost:7001/vws/findCustomer/findCustomer
  the response is correct, but we shouldn't have right response becouse we have not send before a login request loginUser ATG WS.
  During the WS Creation Wizard we have selected the right option "Provide session and security constraints" and than we have created a new security policy by selecting the user that should be use the WS.
  Does someone have the same problem?
  Thanks.

  Have you set a default response of such type of ATG Web-Service?
  Sometimes even when you give the incorrect request, a default response is thrown back from the Web-Service.
  Let me know if this is the case?

• MSSQL2005 Endpoint  (Webservice) Authentication

  Hello,
  I am trying to fetch data from SQL Server 2005, bypassing
  IIS, SQL 2005 Endpoints require a username and password and don't
  support anonymous access. How can I send a username and password
  for authentication? This is the Flex 2 Beta 2 code I am using to
  call the service:
  <mx:WebService id="zoban" wsdl="
  http://zoban/Library?WSDL">
  <mx
  peration name="GetBooks">
  <mx:request>
  <Text>{kaka.text}</Text>
  </mx:request>
  </mx
  peration>
  When I point my browser to the service I just get the
  username prompt. Can I squeeze in something like
  <mx:username> and <mx
  assword> in there?
  Best!

  WE;; NEXT WAS UR QUESTION OF using a query string parameter
  pART 2 Passing request data into Flex applications
  You can pass request data to Flex applications by using a
  query string parameter or defining flashVars properties in the HTML
  wrapper. When you use query string parameters, Flex converts them
  to flashVars variables and passes them to the application.
  Inside the Flex application, you access flashVars properties
  and query string parameters exactly the same way, but the way that
  you pass them to the Flex application is different:
  * The flashVars properties: You explicitly define the
  flashVars properties in the HTML wrapper that points to the Flex
  application.
  * Query string parameters: You attach query string
  parameters to the URL in the browser's target window and the Flex
  Enterprise Services 2.0 converts them to flashVars variables.
  Changing either the query string parameter or the flashVars
  property does not trigger a recompilation of the Flex application
  if you are using the Flex Enterprise server.
  To use flashVars or query string parameters inside your MXML
  file, you access the Application.application.parameters object. The
  parameters property points to a dynamic object that stores each
  parameter as a name-value pair. You can access variables on the
  parameters object by specifying parameters.variable_name. As with
  any variable, you can bind the parameters object's properties to a
  display control or modify the value and return it to another
  function.
  The following example defines the myName and myHometown
  variables and binds them to the text of Label controls:
  <mx:Application xmlns:mx="
  http://www.macromedia.com/2005/mxml"
  creationComplete="initVars()">
  <mx:Script><![CDATA[
  // Declare bindable properties in Application scope.
  [Bindable]
  private var myName:String;
  [Bindable]
  private var myHometown:String;
  // Assign values to new properties.
  private function initVars():void {
  myName = Application.application.parameters.myName;
  myHometown = Application.application.parameters.myHometown;
  ]]></mx:Script>
  <mx:VBox>
  <mx:HBox>
  <mx:Label text="Name: "/>
  <mx:Label text="{myName}" fontWeight="bold"/>
  </mx:HBox>
  <mx:HBox>
  <mx:Label text="Hometown: "/>
  <mx:Label text="{myHometown}" fontWeight="bold"/>
  </mx:HBox>
  </mx:VBox>
  </mx:Application>
  When a user requests this application with the myName and
  myHometown parameters defined, Flex displays their values in the
  Label controls. The following URL passes the name Nick and the
  hometown San Francisco to the Flex application:
  http://localhost:8100/flex/myApp.swf?myName=Nick&myHometown=San%20Francisco
  To view all the flashVars properties, you can iterate over
  the parameters object, as the following example shows:
  for (var i:String in Application.application.parameters) {
  ta1.text += i + ":" + Application.application.parameters
  + "\n";
  Flex does not recompile the application if the request
  variables have changed. As a result, if you dynamically set the
  values of the flashVars properties or query string parameters, you
  do not force a recompilation.
  Query string parameters must be URL encoded. The format of
  the string is a set of name-value pairs separated by an ampersand
  . You can escape special and nonprintable characters
  with a percent symbol (%) followed by a two-digit hexadecimal
  value. You can represent a single blank space using the plus sign
  (+).
  The encoding for flashVars properties and query string
  parameters is the same as the page. Internet Explorer provides
  UTF-16-compliant strings on the Windows platform. Netscape sends a
  UTF-8-encoded string to Flash Player.
  Most browsers support a flashVars String or query string up
  to 64 KB (65535 bytes) in length. They can include any number of
  name-value pairs.

• Webservice authentication: missing "domain" parameter

  Hi,
  we are using the LC 8.2 webservice component and need to authenticate with user, password and domain. Unfortunately the webservice component has no parameter for the "domain". How can we configure it that the authentication mechanism using the "domain" parameter works?
  Thanks and regards,
  Daniel

  Try to prefix your domain name with the user name as like:
  mydomain\myusername
  Nith

• JAXWS EJB3.0 Based WebService Authentication and Authorization - Weblogic

  Hi Experts,
  I need to Create a EJB3.0 WS where this Service has static Authentication and Authorization. How can I achieve it, any pointer.
  TIA

  The below sample is for basic authentication and authorization.
  Web service
  ========
  import javax.ejb.Stateless;
  import javax.ejb.TransactionAttribute;
  import javax.ejb.Remote;
  import javax.jws.WebMethod;
  import javax.jws.WebService;
  import javax.annotation.security.RolesAllowed;
  import javax.ejb.SecurityRoles;
  @Stateless(mappedName="com.slsbBean")
  @Remote( { com.bea.Service.class})
  @WebService(name="TransactionPortType", serviceName="TransactionService",
  targetNamespace="http://example.org")
  public class ServiceBean implements Service {
  @WebMethod()
  @RolesAllowed ( {"Admin","Manager"})
  public void testMethod(String s) {
  System.out.println("inside ejb method");
  System.out.println("username : " + weblogic.security.SubjectUtils.getUserPrincipal(weblogic.security.Security.getCurrentSubject()));
  Client
  ====
  import java.util.Map;
  import javax.xml.ws.BindingProvider;
  public class Test {
  public static void main(String[] args) {
  TransactionService simple = new TransactionService();
  TransactionPortType port = simple.getTransactionPortTypePort();
  BindingProvider bindingProvider = (BindingProvider) port;
  Map<String, Object> reqContext = bindingProvider.getRequestContext();
  reqContext.put(BindingProvider.USERNAME_PROPERTY, "XXXXXX");
  reqContext.put(BindingProvider.PASSWORD_PROPERTY, "XXXXXX");
  port.testMethod("hello");
  Regards,
  Sunil P

• Invoking webservice-Authentication issue

  Hi All,
  I need a help to solve the given below issue.
  Scenario is to use the Webservice concept for the integration between  non SAP system ( webservice) with the non SAP System( webservice) via PI using SOAP Adapter.
  I have generated the WSDL file from PI and given it to the Source System.When I tried testing with the SOAP Client (Altova  XML Spy) to PI , the establishment of connection is fine for HTTP (the userID and Password is given in the prompt window of XMLSpy tool).Getting the message as "Webservice has sent an empty response".
  But the problem occur when the Java Client tries to invoke the webservice from their desktop(within the network).
  Error message from Java client while connecting is given below( pasted few lines):
  org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
  INFO: basic authentication scheme selected
  Jan 15, 2008 9:56:13 AM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
  INFO: No credentials available for BASIC 'XISOAPApps'@192.85.27.136:50800
  Jan 15, 2008 9:56:13 AM org.codehaus.xfire.transport.http.HttpChannel sendViaClient
  I also tried giving the user ID and Password in the URL of SOAP Address .But still it did not work out.I have gone through so many blogs ( How to remove the authentication in sender SOAP Adapter).But that option is not accepted as we are changing the SAP Standard code.
  I would like to know whether the user/password authentication is to be done in the visual administrator in PI or Java webclient should write any code from their side for authentication ( user Id/Password).
  If the code is to be written in Java ,Can you give me the piece of code written for authentication.
  Right now I am only  testing the interface between  the Source and the PI System.
  Please provide your assistance.
  Regards
  B.Dheepa

  The Java Cient has to provide the user name and password.
  You can use the folowing snippet
  connection = url.openConnection();
  if( connection instanceof HttpURLConnection )
  ((HttpURLConnection)connection).setRequestMethod("POST");
       connection.setRequestProperty("Content-Type","text/xml");
       connection.setDoOutput(true);
       String password = User + ":" + Password ;
       String encodedPassword = new String(new BASE64Encoder().encode(password.getBytes()));
       connection.setRequestProperty ("Authorization", "Basic " + encodedPassword);
       connection.connect();
  Please award points if you find the message useful
  Edited by: Kanwaljit Singh on Jan 22, 2008 11:03 PM

• VC call webservice Authentication Problem

  I am trying to follow the tutotia l(Tutorial 1: Modeling a Simple Application ) of VC in CE72 at http://help.sap.com/saphelp_nwce72/helpdata/en/44/d958673ef05f4de10000000a11466f/frameset.htm. When run the model, error 401 occurs when call the webservice. I tested webservice successfully by right click the data service. however, it need enter UID/Pwd(In NWA-> SOA Manager, Single service admin, it doesn't allow no authention). I think the problem is bwteen user mapping beween VC(EP) and webservice. Any one know how to define such a user mapping in EP?
  I created a system object in EP, but cannot find it in user management. Thanks!

  Hi Shahab,
  Can you reproduce the issue if you create 2 applications. One that exposes a secured web service and the other one the one, consumes the web service? This would help to isolate the issue and move forward in case is a bug.
  Thanks,
  Juan Camilo

• Jdeveloper webservice authentication - HELP!

  Hi
  ok, this is the situation: I developed a java webservice that i installed in aplication server 10g. It's working fine without authentication! What I need is to force anyone that tries to access the web service to authenticate himself against OID.
  I tried a lot of things that worked throw a web browser but they don't work throw a client stub! My goal is when the clent stub tries to access the web service, some kind of authentication mechanism is fired. I need some help urgent on how to secure my web service in AS10g.
  What do I need to do from the client side and from the server side? I read the Oracle Application Server web services documentation but the only thing that it states is that it is possible to secure but it doesn't say how!
  Please someone respond! I'm using JDeveloper 90501 and AS 10g, my client stub accesses by SOAP.
  Thanks in advanced
  Vitor Cardoso

  Victor,
  there's a way doing it, but NOT against OID per default - you can use as a first step basic auth from your webservice stub, and do the rest programmaticly from you stub by calling a login method for example that does authentication on the server;
  For basic authentication, there's an article on my weblog
  http://clemensblog.blogspot.com/2004_05_01_clemensblog_archive.html - that points to a detailed howto.
  hth clemens

• MDM Webservice: Authentication

  when we deploy MDM Webeservices on J2EE Box, WSDL overview shows that Authentication paramter is none, how do we turn on Authentication?
  -Sudhir

  Hi Sudhir,
  After deploying the webservices, you have to provide the MDM userid/password in the property sheets of the deployed web service using visual administrator.
  1. Visual Administrator -> Server -> Configuration Adapter -> (aaps->sap.com->tcmdmws~facade->appcfg)
  2. click edit mode.
  3. double click propertysheet.application.global.properties
  4. then you can see user id, password for create, search, update, etc.
  I hope this helps you.
  Thanks,
  Raags

• WebService authentication problems

  I am trying to use a web service that serves over https, has wsdl that is accessible using account name and password, and then when I actually call methods, requires basic authentication using account name and API key.
  I have tried to work with Flex WebService generated by the Data import capability of flex builder 3 and flash builder 4. They both DO NOT handle the authentication...
  When I construct the webService object, it loads the wsdl (I don't understand why, because flash builder already imported it to build the service classes). This fails, because I can't specify the required authentication info.
  Since I do not use a proxy I can't use the "setCredentials" methods.
  What should I do ?

  The Flash Builder generated code still uses the underlying WebService class and it requires wsdl to be available during run time too. As discussed in a separate post, I have filed a enhancement request to exclude this during run time, pls. feel free to vote for it
  http://bugs.adobe.com/jira/browse/SDK-21811
  With regards to authentication support for WebServices, The WebService class has the following properties to set your authentication details
  headers : Array
  Returns the array of SOAPHeaders registered for the WebService. AbstractWebService
  httpHeaders : Object
  Custom HTTP headers to be sent to the SOAP endpoint.
  Currently the Data Menu - > Connect to Web Service Wizard does not support authenticated web services and those on https, the bug id for that is
  http://bugs.adobe.com/jira/browse/FB-20632

• How to add WebService authentication in pl/sql using UTL_HTTP

  Hi,
  I am passing SOAP request and getting output as a soap response from WebService using UTL_HTTP.
  Calling Web service client call from the PL/SQL procedure.
  Java web service is a service producer.
  Now we needs to add security to the application we are planing to add some of the userid/pwd credientials.
  So what needs to be add sql code in the sq/sql for making client call.
  i checked from the few of the articles. it shown like
  UTL_HTTP.set_authentication(http_req, 'username', 'password' );
  is it enough for making clent call or any other changes are required.
  Please let me know and any code to be implemented in the jave side aslo(if you knows) :-)
  Thanks,
  Pradeep.

  Okay, backtrack.
  A web server can deliver all kinds of content. From static HTML pages, to XML files and videos and dynamic content. Including reports.
  The communication language (protocol) used to talk to a web server is HTTP.
  UTL_HTTP is an Oracle PL/SQL library that implements the client side of this communication. It allows the developer to write code that acts like a web browser and communicates with a web server.
  Now what do you not understand and cannot use?
  HTTP is not simple and easy. You need to understand the basics of this communication language in order to communicate successfully with the web server. Like knowing the difference between GET and PUT and POST commands, how the URL query string works and so on.
  Once you know that, you can look at how the web server provides reports. How do you authenticate as a web browser with the web reporting system? What URLs do you use to access which reports? How do you pass name-values to the web server as report parameters? What HTTP response formats (MIME types) does the web report server provide? Which one do you plan to use and how do you parse that response into a meaning structured data format?
  If you're thinking it is "easy", think again. Sure, someone here can provide sample code that for example grabs a CSV report file from a web server and (using a pipeline table function), turn that into rows and columns. But that will not teach you the fundamentals you need to know and not equip you with dealing with the problem with your own brains, hands and keyboard.
  PS. In other words, learn to crawl and walk before trying to run. Get to grips with how HTTP works before diving into the deep end of web report integration.