Topic
  • 6 replies
  • Latest Post - ‏2015-02-15T14:24:50Z by SohiniJ
SMNair
SMNair
8 Posts

Pinned topic Read from HTTP - Calling https://... giving 403 error

‏2013-09-06T21:14:07Z |

I am trying to make an https:// call from IBM BPM V8.0 using the system service "Read from HTTP". It works perfect with http://.... calls however for https://.. the request is giving a giving a 403 response.

The https:// call expects an authentication token in header. Can someone let me know how I can pass the header information using "Read from HTTP"? Is it through the "sslParameters" vairable?

btw.. I am able to make the call successfully from "Firefox poster" by passing the header information.

Regards,

Sreeja Nair

 

  • kolban
    kolban
    3316 Posts

    Re: Read from HTTP - Calling https://... giving 403 error

    ‏2013-09-07T03:57:23Z  

    Howdy,

    To what are you making the HTTPS call?  Is it a GET, PUT, POST request ...?  What text comes back with the 403 code?  What do you consider an authentication token ... is it LTPA, SAML, Keberos or something else?  When you make a REST request outside of BPM, what do the extra header fields looks like?

    Neil

  • SMNair
    SMNair
    8 Posts

    Re: Read from HTTP - Calling https://... giving 403 error

    ‏2013-09-07T05:30:52Z  
    • kolban
    • ‏2013-09-07T03:57:23Z

    Howdy,

    To what are you making the HTTPS call?  Is it a GET, PUT, POST request ...?  What text comes back with the 403 code?  What do you consider an authentication token ... is it LTPA, SAML, Keberos or something else?  When you make a REST request outside of BPM, what do the extra header fields looks like?

    Neil

    The HTTPS call is a java synchronous web service call. It resides in Tomcat. The call is a GET call. The authentication token is an encrypted token and my best guess is it is LTPA (if not LTPA it is a company custom authentication). This Authentication token is added in the HTTP header of the RESTful Web Service request.

    When called outside BPM, the header value is encrypted and looks some what like this.

    ECMSerive-Auth = ZxMMtulG6Gl8Uce9PpO1BrereUEVFrZXrP33Znjvr3Ip1c5qRsy52ered7896ard6wFT8ExdlIHBtgfQCQfoKdardererw3Tc0ozuRqB8kROBeev5JBPzTXYJVznHfTITToZ5WCX01fvs88Pr9HIdZd2pK060u5Rf6piXBPMauYKe3umENvh2pqg5LhTfYKgsTE1EhuNDPgoyOtET8VXPfBZpYJDQyLKZ7ZzQxfoYwtS93Zgft5gSim9LF

     

    Regards,

    Sreeja

  • kolban
    kolban
    3316 Posts

    Re: Read from HTTP - Calling https://... giving 403 error

    ‏2013-09-09T01:24:00Z  
    • SMNair
    • ‏2013-09-07T05:30:52Z

    The HTTPS call is a java synchronous web service call. It resides in Tomcat. The call is a GET call. The authentication token is an encrypted token and my best guess is it is LTPA (if not LTPA it is a company custom authentication). This Authentication token is added in the HTTP header of the RESTful Web Service request.

    When called outside BPM, the header value is encrypted and looks some what like this.

    ECMSerive-Auth = ZxMMtulG6Gl8Uce9PpO1BrereUEVFrZXrP33Znjvr3Ip1c5qRsy52ered7896ard6wFT8ExdlIHBtgfQCQfoKdardererw3Tc0ozuRqB8kROBeev5JBPzTXYJVznHfTITToZ5WCX01fvs88Pr9HIdZd2pK060u5Rf6piXBPMauYKe3umENvh2pqg5LhTfYKgsTE1EhuNDPgoyOtET8VXPfBZpYJDQyLKZ7ZzQxfoYwtS93Zgft5gSim9LF

     

    Regards,

    Sreeja

    Sreeja,

    It looks like you are going to have to research making a REST call from an arbitrary Java application.  Imagine IBM BPM wasn't in the picture, would you know how to correctly make your REST request from a Java application?  If you can do that, then we should be closer to figuring out how to do same from within the BPM environment.

    Neil

  • AndrewPaier
    AndrewPaier
    736 Posts

    Re: Read from HTTP - Calling https://... giving 403 error

    ‏2013-09-11T17:22:36Z  
    • kolban
    • ‏2013-09-09T01:24:00Z

    Sreeja,

    It looks like you are going to have to research making a REST call from an arbitrary Java application.  Imagine IBM BPM wasn't in the picture, would you know how to correctly make your REST request from a Java application?  If you can do that, then we should be closer to figuring out how to do same from within the BPM environment.

    Neil

    Neil -

    I think you are mis-understanding the scenario.  Sreeja is attempting to use the integration service in the system data toolkit  that allows you to make a HTTP request to an arbitrary URL and supply the parameters for that request (Read from HTTP).  It has already been proven that they know everything they need to know to make that request.  The question then becomes how to add the specific parameter above to the header of the request so that the request works.

    Now, unfortunately that service is really old and seem to have pretty much nothing on it to help you figure out what to feed in for the variables beyond the URL (and if you don't know what to supply for that, lets just stop now).

    I don't have a sample that I can test this against, but I'm going to guess that the connector doesn't really support supplying arbitrary items in the header of the call.  You could try adding the token you supplied above either as a parameter, in hopes that the server on the other side is pretty forgiving about where in the call the authentication resided.  If that doesn't work then based the parameters I would guess this connector only supports basic auth (given the 'username' and 'password' inputs).  

    You can, of course, write your own java connector to provide the right access for what you need to do, but it looks to me like if the above doesn't work there isn't an OOTB way to do this on the server side.

    If you wanted (and perhaps this is what Neil was hinting at) you could look into moving this call to the client side, assuming the data  is to be used in a UI, but even that feel clunky and I don't really like it because of the complexity browsers add to that approach.

    Andrew Paier | Director | BP3 Global, Inc.
    BP3 Global's |  Website  |  Twitter  |  Linkedin  |  Google+  | Blogs

  • kolban
    kolban
    3316 Posts

    Re: Read from HTTP - Calling https://... giving 403 error

    ‏2013-09-12T00:23:45Z  

    Neil -

    I think you are mis-understanding the scenario.  Sreeja is attempting to use the integration service in the system data toolkit  that allows you to make a HTTP request to an arbitrary URL and supply the parameters for that request (Read from HTTP).  It has already been proven that they know everything they need to know to make that request.  The question then becomes how to add the specific parameter above to the header of the request so that the request works.

    Now, unfortunately that service is really old and seem to have pretty much nothing on it to help you figure out what to feed in for the variables beyond the URL (and if you don't know what to supply for that, lets just stop now).

    I don't have a sample that I can test this against, but I'm going to guess that the connector doesn't really support supplying arbitrary items in the header of the call.  You could try adding the token you supplied above either as a parameter, in hopes that the server on the other side is pretty forgiving about where in the call the authentication resided.  If that doesn't work then based the parameters I would guess this connector only supports basic auth (given the 'username' and 'password' inputs).  

    You can, of course, write your own java connector to provide the right access for what you need to do, but it looks to me like if the above doesn't work there isn't an OOTB way to do this on the server side.

    If you wanted (and perhaps this is what Neil was hinting at) you could look into moving this call to the client side, assuming the data  is to be used in a UI, but even that feel clunky and I don't really like it because of the complexity browsers add to that approach.

    Andrew Paier | Director | BP3 Global, Inc.
    BP3 Global's |  Website  |  Twitter  |  Linkedin  |  Google+  | Blogs

    Thanks Andrew, that helps.  I had missed that this was specific to the IBM supplied service.   There are a few (more than one) samples on the IBM BPM Wiki that provide "alternative" REST calling services.

    Here for example is one (but there are others):

    http://bpmwiki.blueworkslive.com/display/samples/Call+REST+from+BPM+server+run-time

    I haven't done a comparison on them but this one (for example) allows for arbitrary HTTP header parameters and also supports the various HTTP requests such as GET, POST, PUT etc.

    Neil

  • SohiniJ
    SohiniJ
    1 Post

    Re: Read from HTTP - Calling https://... giving 403 error

    ‏2015-02-15T14:24:50Z  
    • kolban
    • ‏2013-09-12T00:23:45Z

    Thanks Andrew, that helps.  I had missed that this was specific to the IBM supplied service.   There are a few (more than one) samples on the IBM BPM Wiki that provide "alternative" REST calling services.

    Here for example is one (but there are others):

    http://bpmwiki.blueworkslive.com/display/samples/Call+REST+from+BPM+server+run-time

    I haven't done a comparison on them but this one (for example) allows for arbitrary HTTP header parameters and also supports the various HTTP requests such as GET, POST, PUT etc.

    Neil

    HI Kolban,

    I am facing a problem in setting Bearer token (as Authorization) in an HTTP header in order to call a third party  https rest implementation. Although it is reaching to right URL, header is becomming empty. Inside HTTPHeader of SMO Name and Value  has been set as Authorization and Bearer:Accesstoken using BOMAP. But its not getting propagated. I am using WPS /WID 6.1.2.

    Could you please point me some document where I can get the  right way of implementation. I have hit above link

    http://bpmwiki.blueworkslive.com/display/samples/Call+REST+from+BPM+server+run-time ,my intranet IBM ID is not working, I have requested  for  fresh sign up. Request is awaiting approval.  I need to fix my issue urgently . I have used the custom class for forming the URL.(HTTPStreamDataBinding implemented).

    Regards

    Sohini