Topic
  • 12 replies
  • Latest Post - ‏2012-10-06T20:31:28Z by Santhosh61
Santhosh61
Santhosh61
38 Posts

Pinned topic ID/PWD Authentication using Webservice Proxy

‏2012-10-05T13:24:30Z |
Hi All,

I'm trying to configure a user/password authentication prompt using a webservice proxy.
I have a WSDL and i need to prompt for entering username and password which will be validated in backend servers. Plz help
Updated on 2012-10-06T20:31:28Z at 2012-10-06T20:31:28Z by Santhosh61
  • swlinn
    swlinn
    1348 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-05T13:39:40Z  
    The userid and password are not provided in the request, for example a wsse:UsernameToken in the SOAP Header?

    Regards,
    Steve
  • Santhosh61
    Santhosh61
    38 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-05T13:42:39Z  
    • swlinn
    • ‏2012-10-05T13:39:40Z
    The userid and password are not provided in the request, for example a wsse:UsernameToken in the SOAP Header?

    Regards,
    Steve
    No.

    My WSDL donot contain any User Id/PWD fields but i need to ask for prompt to enter and carry forward the same to backend servers. Users will be sending these credentials along with the request structures mentioned in WSDL.
  • Santhosh61
    Santhosh61
    38 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-05T14:10:40Z  
    No.

    My WSDL donot contain any User Id/PWD fields but i need to ask for prompt to enter and carry forward the same to backend servers. Users will be sending these credentials along with the request structures mentioned in WSDL.
    Hi Steve,

    May be the interface are sending Id/Pwd thru soap header and which will be read by soap webservice hosted on backend servers. Can you please help me in getting the details and asking for prompt?/
  • swlinn
    swlinn
    1348 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-05T14:32:30Z  
    Hi Steve,

    May be the interface are sending Id/Pwd thru soap header and which will be read by soap webservice hosted on backend servers. Can you please help me in getting the details and asking for prompt?/
    For Web Service / SOAP requests, there is no "prompt" from the web service to tell the consumer to provide credentials. Web service calls are not like web applications where the server can redirect their request to a login page. If the consumer does not provide credentials in their request, their request is rejected. It is the consumer's job to create the SOAP request that matches the provider's wsdl, which generally describes the SOAP Body schema. Security credentials can be provided in a number of ways by the consumer, but most typically in the SOAP Header, although I've seen HTTP Basic Auth headers too. The AAA action supports these mechanisms for client identification. Here's the spec on the ws security header that will specify the UsernameToken element, with examples. https://www.oasis-open.org/committees/wss/documents/WSS-Username-02-0223-merged.pdf

    Regards,
    Steve
  • Santhosh61
    Santhosh61
    38 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-05T16:47:35Z  
    • swlinn
    • ‏2012-10-05T14:32:30Z
    For Web Service / SOAP requests, there is no "prompt" from the web service to tell the consumer to provide credentials. Web service calls are not like web applications where the server can redirect their request to a login page. If the consumer does not provide credentials in their request, their request is rejected. It is the consumer's job to create the SOAP request that matches the provider's wsdl, which generally describes the SOAP Body schema. Security credentials can be provided in a number of ways by the consumer, but most typically in the SOAP Header, although I've seen HTTP Basic Auth headers too. The AAA action supports these mechanisms for client identification. Here's the spec on the ws security header that will specify the UsernameToken element, with examples. https://www.oasis-open.org/committees/wss/documents/WSS-Username-02-0223-merged.pdf

    Regards,
    Steve
    Hi Steve,
    The web server in the backend requires basic authentication. So when client sends an soap request it inputs basic authentication credentials using Stub ( in axis it uses super.cachedEndpoint,cachedUsername,cachedPassword).
    We need to replicate the same using web proxy on the Front side.
  • Santhosh61
    Santhosh61
    38 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-05T19:17:08Z  
    Hi Steve,
    The web server in the backend requires basic authentication. So when client sends an soap request it inputs basic authentication credentials using Stub ( in axis it uses super.cachedEndpoint,cachedUsername,cachedPassword).
    We need to replicate the same using web proxy on the Front side.
    Also, when i enter the web service url in browser it should prompt for user name n password
  • HermannSW
    HermannSW
    4741 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-05T19:21:01Z  
    Hi Steve,
    The web server in the backend requires basic authentication. So when client sends an soap request it inputs basic authentication credentials using Stub ( in axis it uses super.cachedEndpoint,cachedUsername,cachedPassword).
    We need to replicate the same using web proxy on the Front side.
    > We need to replicate the same using web proxy on the Front side.
    >
    The WSP uses the Basic-Auth settings from the WSP's XMLManager's UserAgent.

    So in WebGUI
    • go to "Proxy Settings" tab of WSP
    • create new XML Manager or open existing
    • scroll down, and create new User Agent or open existing
    • goto "Basic-Auth Policy" tab
    • add a new Basic-Auth policy (consisting of URL Matching Expression, User Name and Password).

     
    Hermann<myXsltBlog/> <myXsltTweets/>
  • Santhosh61
    Santhosh61
    38 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-06T03:26:07Z  
    • HermannSW
    • ‏2012-10-05T19:21:01Z
    > We need to replicate the same using web proxy on the Front side.
    >
    The WSP uses the Basic-Auth settings from the WSP's XMLManager's UserAgent.

    So in WebGUI
    • go to "Proxy Settings" tab of WSP
    • create new XML Manager or open existing
    • scroll down, and create new User Agent or open existing
    • goto "Basic-Auth Policy" tab
    • add a new Basic-Auth policy (consisting of URL Matching Expression, User Name and Password).

     
    Hermann<myXsltBlog/> <myXsltTweets/>
    Thanks,
    I have tried this, but failed while wsp connecting to back end web server it is not providing the username and password.
    do i need to give entire backend url in the url matching expression
  • HermannSW
    HermannSW
    4741 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-06T07:17:45Z  
    Thanks,
    I have tried this, but failed while wsp connecting to back end web server it is not providing the username and password.
    do i need to give entire backend url in the url matching expression
    From InfoCenter:

    4. Add a policy.
    a. Click Add.
    b. In the URL Matching Expression field, enter a shell-style expression to be the pattern to match against the URL set.
    c. Define credentials for authentication.
    i. In the User name field, enter the name of the user.
    i.. In the Password and Confirm Password fields, enter the password for the user.
    d. Click Save to add this policy to the list.

    Just test with "*" for the URL Matching Expression first to get it working.
    If it still does not work, please take a packet capture and let us know what HTTP headers get sent to backend.

    You may want to modify/restrict the URL Matching Expression later after the connection works.

     
    Hermann<myXsltBlog/> <myXsltTweets/>
  • Santhosh61
    Santhosh61
    38 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-06T09:33:57Z  
    • HermannSW
    • ‏2012-10-06T07:17:45Z
    From InfoCenter:

    4. Add a policy.
    a. Click Add.
    b. In the URL Matching Expression field, enter a shell-style expression to be the pattern to match against the URL set.
    c. Define credentials for authentication.
    i. In the User name field, enter the name of the user.
    i.. In the Password and Confirm Password fields, enter the password for the user.
    d. Click Save to add this policy to the list.

    Just test with "*" for the URL Matching Expression first to get it working.
    If it still does not work, please take a packet capture and let us know what HTTP headers get sent to backend.

    You may want to modify/restrict the URL Matching Expression later after the connection works.

     
    Hermann<myXsltBlog/> <myXsltTweets/>
    Thanks,
    It worked with * in url expression.
    But i have hard coded the user name and password here, but it requires the wsp to propmt for basic authentication and provide the same to back end web server( just how it worked with the user agent configuration).
  • Santhosh61
    Santhosh61
    38 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-06T19:39:25Z  
    Thanks,
    It worked with * in url expression.
    But i have hard coded the user name and password here, but it requires the wsp to propmt for basic authentication and provide the same to back end web server( just how it worked with the user agent configuration).
    Hi ,
    Can you guide to perfrom basic authentication using AAA ploicy.
    I need to verify the username and passowrd coming in http request.
  • Santhosh61
    Santhosh61
    38 Posts

    Re: ID/PWD Authentication using Webservice Proxy

    ‏2012-10-06T20:31:28Z  
    Hi ,
    Can you guide to perfrom basic authentication using AAA ploicy.
    I need to verify the username and passowrd coming in http request.
    Hi,
    I have tried http authentication using AAA ploicy and authentication using AAA info file.
    But while accessing wsp it didn't prompt me for user name and password, Could you please guide me here