XI as a WS Provider - Authentication

Hello Everybody
I've configured a SOAP Sender Adapter to expose a RFC as a Web Service. Then, I've created an ASP (Active Server Page) to send SOAP requests to http://myXIHost:50100/XISOAPAdapter/MessageServlet?channel=:MyService:MyChannel. The problem is that ASP is getting a "-2147024891 - Access is denied." error, because this URL (inbound address for SOAP messages) requires authentication.
Where/How do I suppress a user/pass to XI? ps: I wouldn't like the user of my ASP page had to suppress the user/pass by himself.
Thanks
Julio

Cesar,
When ever you are trying to invoke your webservice it asks for userid and password(if they are specified in your webserice). Check this weblog which may help you:
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/1442 [original link is broken] [original link is broken] [original link is broken] [original link is broken]
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2131 [original link is broken] [original link is broken] [original link is broken] [original link is broken]
---Satish

Similar Messages

  • Provide authenticated username as parameter to a business service in OSB 12c

    Dear OSB/OSB experts,
    I have the following issue:
    1. I have a web service that would accept username as a parameter in the SOAP request in order to do some internal authorization checks (filtering database rows, tables, etc.)
    2. I want to connect that web service as business service in OSB 12c
    3. The proxy service should NOT accept username as parameter
    4. The proxy service should be protected via OWSM policy for authentication (either against the WLS authentication providers or through SAML tokens validation)
    Based on the above is there any mechanism in the implementation of the proxy service to get the authenticated username from the security context and provide it as a parameter to the business service?
    The authentication policy could use SAML tokens between two WLS domains - one will be running the WLS where proxy service clients will be running and the other - for the SOA 12c.
    Many thanks in advance,
    Anatoli

    HI,
    u can use Conditional Branching
    http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/userguide/modelingmessageflow.html#wp1061670
    Split join would be used in case u need to split your request and call your Business Service in Serial/parallel & then gather resposnes from multiple callouts to have single response
    http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/userguide/splitjoin.html#wp1137258
    Abhinav

  • Configure Apps domain for Trusted Identity Provider Authentication

    Hi
    I have a web application which is using siteminder as authentication provider for SharePoint 2013 enviornment.
    Can we configure Apps domain on the environment?
    If yes, can you provide a link or steps to follow. Our website is using SSL certificate and is public facing site.

    Hi
    I am receiving 401 unauthorized error when trying to access the app from the SharePoint site.
    Any help is appreciated
    Regards,
    Amol

  • Providing authentication for standard MDM we bservice.

    Hi,
    We are calling mdm web service from portal. Can any one tell me how to authenticate user when calling standard web service.
    Regards,
    Sandeep Reddy.

    Hi Sandeep,
    For a particular user to use a particular webservice say for eg Search Webservice.You need to provide that particular MDM user authentication to the webservice i the Visual Administrator configurations.
    The MDM user must be defined in MDM Console with proper Roles and Authorizations.When you give this MDM user access to the Search Webservice for eg then this user can login and run the search webservice.
    To know about the configuration required to work with MDM 5.5 Webservices then view the below link;
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/20e06073-f485-2910-adb1-9a197bf98994(MDM webservice webinar)
    If you are working with MDM 7.1 then the features are little more advanced, you can view the below link to know more on MDM 7.1 webservice
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a04e6281-b9d4-2b10-f1b3-ee7884e720c3 (Webservice 7.1)
    Hope It Helpes
    Thanks & Regards
    Simona Pinto

  • Unable to provide authentication details in SOAP header in 11g

    Hi Team,
    I have been provided a webservice for which i created a partner link in my BPELProcess. This webservice requires HTTP authentication and i need to provide username/password as provided by them.
    When i tried this in SOAP UI by providing the authentication information in Request Properties of SOAUI, i get response from my webservice.
    But when i do this using BPEL, it doesnt work on my server and i get Bad Request 404 in response. I tried applying the Http_toekn client policy and provided username/password in its properties in composite.xml but this is not working.
    What am i doing wrong. Please help?
    Radhika

    use tcpmon, wfetch like tools to intercept your call and see if you are able to see HTTP header with username/pwd.
    also refer to this blog, may be your problems solution is in here
    http://georgie-soablog.blogspot.com.au/2013/09/bpel-calling-web-services-with-http.html
    Cheers,
    Sahil

  • How to provide authentication to a caller (Axis Web-Services)

    Hi everybody
    im a new bie to web services .So,i donno how to provide a user name and password to the client who is consuming my web service.My web server is Tomcat and soap engine is Axis.
    Kindly provide me a sample prog(if any) or any links which can help me.
    So plz help me as soon as possible.....
    Thanks & Regards
    Aleem

    http://www.w3.org/2002/ws/ <- basics
    http://ws.apache.org/axis2/1_2/adv-userguide.html <- there's a security section
    edit: I think axis2 comes with a lot of samples, you should check those, too.
    regards
    slowfly
    Edited by: slowfly on 09.04.2009 11:38

  • FIM 2010 can provide user authentication?

    Hi
    Can FIM 2010 be used to provide authentication to a 3th party applcation developed, for example, in .NET?
    These are the steps the application must accomplish:
    1. User provides his username and his password on login page.
    2. .NET app calls FIM 2010 and validate user and password with the user informations created in a previous synchronization with AD.
    Thanks 

    On Wed, 3 Sep 2014 11:08:14 +0000, Kusma wrote:
    Can FIM 2010 be used to provide authentication to a 3th party applcation developed, for example, in .NET?
    These are the steps the application must accomplish:
    1. User provides his username and his password on login page.
    2. .NET app calls FIM 2010 and validate user and password with the user informations created in a previous synchronization with AD.
    FIM does not provide login authorization.
    Paul Adare - FIM CM MVP
    About the use of language: it is impossible to sharpen a pencil with a
    blunt
    ax. It is equally vain to try to do it with ten blunt axes instead.
    -- Dijkstra

  • Is it possible to use a 10.9 server for authentication to apple clients without providing a network home?

    We are testing 10.9 server with 2 10.9 clients.  We would like to get away from Network Homes completely, but still provide authentication from our servers.  All users homes need to be on the local Workstations.  So far we have had no success.  Test user accounts that we have created with homes on the 10.9 server login fine.  However, user accounts that we have created with no homes get the infamous shake.  I havent been able to find anything in the logfiles on the server that indicate what the problem might be.  Im thinking this setup may not even be possible.
    ddh

    Firstly not only is this more than possible but it really should be easy.
    Let's pretend the local account on one of your workstation's is 'dwayne' and has a password to match. You'd create a user account using the Server App with the same credentials (username and password). On configured shares add that user account to the share as an ACL (not a POSIX user), apply desired permissions and propagate.
    Alternatively create an account that is not related to the dwayne local account in any way. Let's call it 'user' instead with a password to match. You use that instead to connect to the server.
    Treat every other user in the same way.
    By connect I mean "Connect to Server" from the Go Menu. When using the Go Menu you can either use the server's IP address (eg: 172.16.16.254) or it's FQDN (assuming DNS is set up correctly) or even it's Bonjour name (eg: server.local).
    It really makes no difference whether you create a user with a network home or for services only. It's all about how you connect to the Server. If you've gone for networked homes you could bind client workstations to the server if you wish (although there's no real requirement for you to do so) and providing the required network elements are in place and functioning correctly (we're rmostly talking about DNS here) users with networked accounts will be able to log in and access their home folders on any workstation that's been bound to the mac server. But you could just as easily not bind client workstations and use the same account details to access a properly configured server shares (and additionally the user's network home folder) by selecting "Connect to Server" from the Go Menu instead.

  • How to provide access to multiple users connected to a Dumb switch? (multi-auth/multi-domain)

    Good morning everybody,
    I am writing on behalf of not being able to implement a desired outcome in our company network. In fact the situation is as follows:
    What I want to do is to be able to authenticate users (802.1x authentication) in our company radius server and authorize them access by having a dynamic VLAN assignment in a multi-user environment on one and the same port of a Cisco 2960 switch. So far, the authentication and authorization has been working completely smoothly (there are no problems with itself). The concept involves the configuration of both DATA and VOICE VLANs as I there is also phone authentication implemented. In order to simulate this environment I introduce a Dumb switch connected to my Cisco 2960 Catalyst.
    What I have successfully managed to get to work so far is this:
    1) On one switch port I have tried the “authentication host-mode multi-domain” and it worked perfectly for a PC behind a telephone, or with one PC connected to a the dumb switch + the telephone connected to another port of the dumb switch. Logically it is the same situation as there is a separation in two domains – DATA and VOICE. Bellow is an output from show authentication sessions for this scenario.
    Interface  MAC Address     Method   Domain   Status         Session ID          
    Fa0/23     0021.9b62.b79b  dot1x    DATA     Authz Success  C0A8FF69000000F3008E (user1)
    Fa0/23     0015.655c.b912  dot1x    VOICE    Authz Success  C0A8FF69000000F9009F (phone)
    2) On the other hand, when I try the same scenario with the “authentication host-mode multi-auth”, the switch still separates the traffic in two domains and is able to authenticate all users, AS LONG AS they are in the same VLAN.
    show authentication sessions:
    Interface  MAC Address     Method   Domain   Status         Session ID          
    Fa0/23     0021.9b62.b79b  dot1x    DATA     Authz Success  C0A8FF69000000F3008E (user1)
    Fa0/23     b888.e3eb.ebac   dot1x    DATA     Authz Success  C0A8FF69000000F8008C (user2)
    Fa0/23     0015.655c.b912  dot1x    VOICE    Authz Success  C0A8FF69000000F9009F (phone)
    However, I cannot succeed authentication of many users from DIFFERENT VLANs, neither in multi-auth nor in multi-domain modes.
    What I want to get is an output like this:
    Interface  MAC Address     Method   Domain   Status         Session ID          
    Fa0/23     0021.9b62.b79b  dot1x    DATA     Authz Success  C0A8FF69000000F3008E (user1)
    Fa0/23     b888.e3eb.ebac dot1x    DATA     Authz Success  C0A8FF69000000F8008C (user2)
    Fa0/23     0015.655c.b912  dot1x    VOICE    Authz Success  C0A8FF69000000F9009F (phone)
    I want the switch to authenticate the users anytime they connect to itself and for them to have an instant access to the network. (I tell this because I tried scenario 1) with multi-domain mode and authentication violation replace, and it worked but, two users never had access to the “Internet” simultaneously!!!
    The configuration of the interface connected to the Dumb switch is as follows.
    interface FastEthernet0/x                                                      
     description Connection to DUMBswitch                                            
     switchport mode access                                                         
     switchport voice vlan XXX                                                      
     switchport port-security maximum 10                                            
     switchport port-security                                                       
     switchport port-security violation protect                                     
     authentication host-mode multi-auth                                            
     authentication priority dot1x                                                  
     authentication port-control auto                                               
     authentication timer reauthenticate 4000                                       
     authentication violation replace                                               
     dot1x pae authenticator                                                        
     dot1x timeout tx-period 10                                                     
     spanning-tree portfast                                                         
    The way I see it is explained in the following steps:
    - PC1 connects to the Dumb switch. This causes the Cisco switch to authenticate user1. This creates an auth. session with its MAC address linked to a domain DATA.
    - When PC2 connects to the Dumb switch, this causes the violation replace which replaces the recent authenticated MAC address with the MAC of PC2. I would like it once authenticated to appear in the authentication sessions with a link to a new DATA domain linked to the VLAN assigned from the RADIUS server.
    Is this possible? I think (in theory) this is the only way to provide authenticated access to multiple users connecting through Dumb switch to the network.
    Has anybody ever succeeded in such a configuration example and if yes, I would be love to get some help in doing so?
    Thank you
    Stoimen Hristov

    Hi Stoimen,
    I have done a setup similar to yours with the only exception being VLAN assignment. When I used dACLs only, it makes things somewhat easier as the VLAN no longer matters. Remember that the switchport is in access mode and will only allow a single VLAN across it (with the exception of the voice VLAN). I think that is the real cause of your problem.
    From what I can see, you have 2 options available to you:
    1) Use dACLs instead of VLAN assignment. This means that an access list will be downloaded from the radius server straight to the authenticated user's session. I have tested this and it works perfectly. Just Google Cisco IBNS quick reference guide and look for the section that deals with Low Impact mode.
    2) Get rid of the dumb switches and use managed switches throughout your network. Dumb switches will always be a point of weakness in your network because they have no intelligence to do advanced security features like port security, 802.1x, DHCP snooping, etc.
    Hopefully someone else will chime in with another option.
    Xavier

  • Authentication Thru an external LDAP

    Hi
    I'm using Oracle database 10g r2.
    We have Tivoli Access Manager and Tivoli Identity Manager. I don't want migrate to OID.
    I'd like to provide authentication to Oracle, Thru our existing LDAP.
    Is this possible ? if yes, is there a documentation somewhere describing this possibility ?
    Thanks in advance
    Regards.
    Val.

    Follow:
    http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/handson02.htm
    Its the same procedure no matter what LDAP Directory you want to use.

  • DataSource Connection Issues w/Authentication Sample App

    Hi,
    I'm trying to accomplish database provided authentication as described in this how to article:
    http://www.oracle.com/technology/products/jdev/howtos/1013/oc4jjaas/oc4j_jaas_login_module.htm
    I have enabled logging for the oc4j security module in the j2ee_logging.xml file for troubleshooting, and have been inspecting the log entries returned whilst attempting to login.
    It seems my datasource is not connecting, and i can't work out why not.
    The relevent log information is here :
    14/08/2007 13:33:40 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User Han Solo not authenticated: username or password mismatch
    14/08/2007 13:33:40 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]Error: Listener refused the connection with the following error:
    ORA-12514, TNS:listener does not currently know of service requested in connect descriptor
    The Connection descriptor used by the client was:
    //oratestsvr:1521/BIDB
    oratestsvr is the correct server name, and BIDB is the correct service name, i can successfully connect to this database via sqlplus.
    The datasource definition in the embedded oc4j data_sources.xml file is:
    <native-data-source name="OracleNativeDS" jndi-name="jdbc/OracleNativeDS" data-source-class="oracle.jdbc.pool.OracleDataSource" user="TIMESHEET_SYS" password="->DataBase_User_zdvhhyJa_CMhuW4MPzpmFZRhjNO9WQeI" url="jdbc:oracle:thin:@//oratestsvr:1521/BIDB" login-timeout="1000">
    </native-data-source>
    However changes to this file are not reflected in the log errors, i can alter the log response by changing the datasource definition found in 'embedded OC4j Server preferences.. -> Current Workspace -> Data Sources -> OracleNativeDS (appears to be the same definition)
    I am unsure how to proceed as i can't find anything wrong with my datasource configuration, yet i keep getting the same connection error in the log.
    Any idea's?
    Thanks

    Ah, fixed it.. the // slashes weren't needed.
    url="jdbc:oracle:thin:@oratestsvr:1521:bidb"

  • Safari, Proxy Authentication, and Certificate Authorities ( for https )

    A recent update to Safari has caused it to not work with our proxy authentication.  It will not provide authentication details when looking up SSL certificate authorities, causing certificate errors on all https:// websites. All other traffic (http, https if certificate is bypassed, plugins, etc.) seem to work just fine. Is anyone else having this problem?  If so, is there a fix?
    It occurs on Mac and PC.  I am using SquidGuard with NTLM authentication.  All other browsers on our system (IE x.x, FireFox, Chrome, Opera ) don't have this issue.

    I have the same problem and it's frustrating as can be.
    What happens to me is that When I bring my laptop to work, and put it on the work network and launch Safari, Safari informs me that each of my plugins is invalid and then uninstalls them - I'm effectively not able to use any plug ins at work, and I have to go hunt them down when I get back home (for reference, The extensions are still physically in \users\me\Library\Safari\Extensions - so when I get home I can just double click on all of them)
    I opened a case with apple and I encourage you to do the same. Perhaps if enough users complain they will find a gentler way to work with it.
    They had me do a capture and after analyzing it said it was an issue with the work network and not being able to valdate the extensions.
    It sounds like the same issue you have - as my work network uses a proxy as well.
    The rep suggested that I use a different browser at work, but I'm so used to clicking safari, that I do it out of habit.
    I really like Safari, and hope they get it fixed - Safari may not get respect in the windows world, but it's really a great browser - especially on a laptop where screen real estate is limited (where I often hit command-shift-\ to hide the address bar to see more of the page)
    -Jack

  • Authentication Web Services for Java applications

    Hi All,
    We are building Java based SAP applications for mobile devices such as Blackberry, iPhone etc. The applications are browser based (thin client) to be deployed on SAP Netweaver WAS and would interface with SAP backends such as SAP ECC, SAP BW using SAP Web Services (converted from BAPIs).
    For certain reasons we do not want to use Mobile Webdynpro Java using JCO/BAPIs as we would be using a Java based middleware which is built in-house for rendering on multiple devices and it does not go well with Mobile Webdynpro with Java. We are NOT using SAP Enterprise Portal as well.
    What I would like to know is are there any standard Authentication Web Services that can be used to authenticate the user, when he tries to login to the application through the mobile browser. Also does SAP Netweaver WAS provide authentication mechanism for a Java based web application by default.
    Any pointers would be appreciated and thanks in advance for the same.
    Suresh

    Hi All,
    We are building Java based SAP applications for mobile devices such as Blackberry, iPhone etc. The applications are browser based (thin client) to be deployed on SAP Netweaver WAS and would interface with SAP backends such as SAP ECC, SAP BW using SAP Web Services (converted from BAPIs).
    For certain reasons we do not want to use Mobile Webdynpro Java using JCO/BAPIs as we would be using a Java based middleware which is built in-house for rendering on multiple devices and it does not go well with Mobile Webdynpro with Java. We are NOT using SAP Enterprise Portal as well.
    What I would like to know is are there any standard Authentication Web Services that can be used to authenticate the user, when he tries to login to the application through the mobile browser. Also does SAP Netweaver WAS provide authentication mechanism for a Java based web application by default.
    Any pointers would be appreciated and thanks in advance for the same.
    Suresh

  • Email server authentication

    Hi,
    I am trying to write a report vi that sents out an email once an experiment process is complete. After running the program written with send message.vi, I am always getting the  error message "Error 54 : The network address is ill-formed". I am not too sure what this error mean. Anyone can enlighten me on this?
    I am suspecting whether is this is related to the requirement of providing authentication for the smtp server I am using. If so, anyone know whether there is a vi that has parameter input for authentication? I am currently using Labview 7.1
    Thanks for your help!

    Hi,
    I have seen error 54: Network address is ill-formed" when either 1) your format for the server string is ill formed or 2) if you have some sort of firewall.  A firewall would block the TCP connection needed to use the SMTP send email  Further troubleshooting would be needed to narrow down as to where you are getting this error.  Use the debugging tools provided to locate as to where exactly you are getting that error.
    I hope this helps,
    Regards,
    Nadim
    Applications Engineering
    National Instruments

  • Email server needs authentication

    I want to send an email from a Creator project, but my email server requires authentication. The sun.net.smtp.SmtpClient does not seem to provide an API for that.
    Can anyone supply a solution?

    I want to send an email from a Creator project, but
    my email server requires authentication. The
    sun.net.smtp.SmtpClient does not seem to provide an
    API for that.
    Can anyone supply a solution?Try JavaMail.
    http://java.sun.com/products/javamail/index.jsp
    It has the bells and whistles that allow you to provide authentication. Search/google the web for
    "Javamail authentication" and look for examples.
    It's not as simple to use as SmtpClient, but has the
    flexibility to do many things.
    -Joel

Maybe you are looking for