Topic
  • 2 replies
  • Latest Post - ‏2010-05-06T18:24:57Z by SystemAdmin
SystemAdmin
SystemAdmin
254 Posts

Pinned topic logon to a repository avoiding credential encryption using SOA Web Services

‏2010-04-29T10:24:57Z |
In the following IICE 8.5.1 infocenter page
Link: http://publib.boulder.ibm.com/infocenter/ce/v8r5/index.jsp?topic=/com.ibm.discovery.ci.appdev.doc/cdnap009.htm
is described a simple logon sample; such code avoids to use credential encryption.

It is possible to have the same login mode accessing to a repository using SOA Web services?
The customer needs to access IBM Content Manager from a .NET application running in windows environment, and cannot use BlowfishKey.ser file because it is a java object, unusable from .NET applications.

If is not possible to avoid encryption, we need to know how to perform it from a .NET application.
Thanks in advance, Andrea Calfurni.
Updated on 2010-05-06T18:24:57Z at 2010-05-06T18:24:57Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    254 Posts

    Re: logon to a repository avoiding credential encryption using SOA Web Services

    ‏2010-04-29T19:08:38Z  
    Hi Andrea,

    This appears to be a bug in SOA Web Services. If no Header information is specified for the element "PasswordEncryptionType", then the system is assuming that Blowfish encryption is being used, which is not the case. I also have to apologize on behalf of our team that this is not documented anywhere.

    Can you please open a PMR for this issue (or ask your customer to, as the case may be)? As a temporary workaround, you can probably get it working by replacing "<soapenv:Header/>" in your requests with the following:

    <soapenv:Header>
    <PasswordEncryptionType>None</PasswordEncryptionType>
    </soapenv:Header>

    Thanks,
    Jeremy
  • SystemAdmin
    SystemAdmin
    254 Posts

    Re: logon to a repository avoiding credential encryption using SOA Web Services

    ‏2010-05-06T18:24:57Z  
    Hi Andrea,

    This appears to be a bug in SOA Web Services. If no Header information is specified for the element "PasswordEncryptionType", then the system is assuming that Blowfish encryption is being used, which is not the case. I also have to apologize on behalf of our team that this is not documented anywhere.

    Can you please open a PMR for this issue (or ask your customer to, as the case may be)? As a temporary workaround, you can probably get it working by replacing "<soapenv:Header/>" in your requests with the following:

    <soapenv:Header>
    <PasswordEncryptionType>None</PasswordEncryptionType>
    </soapenv:Header>

    Thanks,
    Jeremy
    Hi,

    I have a minor but important update. The workaround for the SOAP Header would actually look like this:

    <soapenv:Header>
    <Encryption>
    <PasswordEncryptionType>None</PasswordEncryptionType>
    </Encryption>
    </soapenv:Header>

    Thanks,
    Jeremy