13 Replies Latest reply: May 24, 2012 11:42 PM by user410911 RSS

    Integration Broker - Service Operation Userid/Password Check box usuage

    user410911
      I have created a service operation and checked the userid password required check box. I see the Soap request message XML has the block wsse security.

      <soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken>
      <wsse:Username>PTDMO </wsse:Username>
      <wsse:Password>PTDMO</wsse:Password>
      </wsse:UsernameToken>
      </wsse:Security>
      </soapenv:Header>

      I am not sure what is the password does this element <wsse:Password>PTDMO</wsse:Password> means?

      Is it node password or psoprdefn password or gateway password?
        • 1. Re: Integration Broker - Service Operation Userid/Password Check box usuage
          HakanBiroglu
          it is the PSOPRDEFN password, this is username and password is first validated, after confirmation of the username and password in PSOPRDEFN, the permissons on the user is checked to see if this service is allowed to be invoked.

          WS-Security is quite complicated, I would advice you to read the following section in PeopleBooks to give you an idea on what happens.
          PeopleBooks > PeopleTools 8.52: PeopleSoft Integration Broker Administration > Setting Up Secure Integration Environments > Implementing Web Server SSL/TLS Encryption
          • 2. Re: Integration Broker - Service Operation Userid/Password Check box usuage
            user410911
            Thanks. But we have integrated LDAP with PeopleSoft portal. In this case we dont have any password set up in the PSOPRDEFN.

            For all the users OPRDEFN password fields will be blank. How do we need to handle this situation?
            • 3. Re: Integration Broker - Service Operation Userid/Password Check box usuage
              HakanBiroglu
              Hmmm, an additional level of complexity :)

              You can always add an PeopleSoft user especially for this service, because you do not want to use an LPAD user for this, since the password will need to be changed every so time.
              • 4. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                user410911
                Our assumption was like, since OPRDEFN is blank LDAP password will be honoured. Will it work out that way?


                You can always add an PeopleSoft user especially for this service, because you do not want to use an LPAD user for this, since the password will need to be changed every so time.
                Do you mean to set up a default user id for this web service?
                • 5. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                  HakanBiroglu
                  Yes, a seperate user to for just invoking this service.
                  • 6. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                    user410911
                    I understand. Now we have decided to uncheck the userid/password required checkbox.

                    Still we are getting the same Soap request message structure which includes the wsse security.

                    When we tried publishing a request message with blank userid password for the wsse security it throws error like
                    "Integration Gateway failed while processing the message"

                    What should I do so that I dont need to use the wsse security data block?
                    • 7. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                      HakanBiroglu
                      You can just leave the soap:Header node empty, something like:
                      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                         <soapenv:Header/>
                         <soapenv:Body>
                             <your message here>
                         </soapenv:Body>
                      </soapenv:Envelop>
                      • 8. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                        user410911
                        Still no luck. We tried removing the wsse security block from the request message and getting error like invalid user id password. After doing this we could not even get the message in service operation monitor.It looks like at integration gateway itself getting stopped and third party requesting application is getting error response stating "invalid user id/password"

                        Moreover if we use the common user id then our code used as %oprid will have trouble.

                        Now we are in a situation to by pass this PSOPRDEFN - wsse security check point. Could you please help us to by pass this?

                        Edited by: 923121 on 23-May-2012 07:28

                        Edited by: 923121 on 23-May-2012 08:53
                        • 9. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                          HakanBiroglu
                          Just curious how your default local node is defined.
                          What do you have as the Authentication Option?
                          This should be Password and which user/password did you use here?

                          Reason, why I ask this is when you do not have WSS configured, IB will use the user defined in the default local node to check the permission list for access to the web service you are trying to invoke.
                          And in this case you do not need to supply any username/password in the request message as I my example in previous post.
                          What does your request message look like and what is the exact error response you receive.

                          Hakan
                          • 10. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                            user410911
                            We are using a node called PSFT_PA. It has the password set. User id is PS.

                            Do you mean the user PS should have the necessary permission list to invoke the service operation?

                            if it is permission list issue, we should get the authorization error. but we are getting error like Integration Gateway failed while processing the message

                            Request Message
                            <?xml version="1.0"?>
                            <soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2003/03/addressing/" xmlns:xsd="http://www.w3.org/2001/XMLSchema/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance/">
                            </soapenv:Header>
                            <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                            <S_AUTHMSG>
                            <FieldTypes>
                            <S_AUTH_REQ class="R">
                            <S_LOGINID type="CHAR"/>
                            <S_PASSWORD type="CHAR"/>
                            <S_SESSIONID type="CHAR"/>
                            <S_IMEIND type="CHAR"/>
                            </S_AUTH_REQ>
                            <PSCAMA class="R">
                            <LANGUAGE_CD type="CHAR"/>
                            <AUDIT_ACTN type="CHAR"/>
                            <BASE_LANGUAGE_CD type="CHAR"/>
                            <MSG_SEQ_FLG type="CHAR"/>
                            <PROCESS_INSTANCE type="NUMBER"/>
                            <PUBLISH_RULE_ID type="CHAR"/>
                            <MSGNODENAME type="CHAR"/>
                            </PSCAMA>
                            </FieldTypes>
                            <MsgData>
                            <Transaction>
                            <S_AUTH_REQ class="R">
                            <S_LOGINID IsChanged="Y">1306332</S_LOGINID>
                            <S_PASSWORD IsChanged="Y">DVL1234</S_PASSWORD>
                            <S_SESSIONID IsChanged="Y">
                            </S_SESSIONID>
                            <S_IMEIND IsChanged="Y">eb3e1792f84c28e5b8a259c519ae1da2a2d2c034</S_IMEIND>
                            </S_AUTH_REQ>
                            <PSCAMA class="R">
                            <LANGUAGE_CD IsChanged="Y">XYZ</LANGUAGE_CD>
                            <AUDIT_ACTN IsChanged="Y">Y</AUDIT_ACTN>
                            <BASE_LANGUAGE_CD IsChanged="Y">XYZ</BASE_LANGUAGE_CD>
                            <MSG_SEQ_FLG IsChanged="Y">Y</MSG_SEQ_FLG>
                            <PROCESS_INSTANCE IsChanged="Y">0</PROCESS_INSTANCE>
                            <PUBLISH_RULE_ID IsChanged="Y">XYZ</PUBLISH_RULE_ID>
                            <MSGNODENAME IsChanged="Y">XYZ</MSGNODENAME>
                            </PSCAMA>
                            </Transaction>
                            </MsgData>
                            </S_AUTHMSG>
                            </soapenv:Body>
                            </soapenv:Envelope>

                            Response Message:


                            :<?xml version="1.0" ?>
                            <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
                            <SOAP-ENV:Body>
                            <SOAP-ENV:Fault>
                            <faultcode>SOAP-ENV:Server</faultcode>
                            <faultstring>Server Error</faultstring>
                            <detail>
                            <IBResponse type="error">
                            <DefaultTitle>Integration Broker Response</DefaultTitle>
                            <StatusCode>20</StatusCode>
                            <MessageID>10201</MessageID>
                            <DefaultMessage>Integration Gateway failed while processing the message</DefaultMessage>
                            </IBResponse>
                            </detail>
                            </SOAP-ENV:Fault>
                            </SOAP-ENV:Body>
                            </SOAP-ENV:Envelope>

                            Any thoughts on the same?
                            • 11. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                              HakanBiroglu
                              slash of Header at the start bracket instead of the end bracket
                              Try this and see if you still get an error.

                              <?xml version="1.0"?>
                              <soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2003/03/addressing/" xmlns:xsd="http://www.w3.org/2001/XMLSchema/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance/">
                              *<soapenv:Header/>*
                              <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                              <S_AUTHMSG>
                              <FieldTypes>
                              <S_AUTH_REQ class="R">
                              <S_LOGINID type="CHAR"/>
                              <S_PASSWORD type="CHAR"/>
                              <S_SESSIONID type="CHAR"/>
                              <S_IMEIND type="CHAR"/>
                              </S_AUTH_REQ>
                              <PSCAMA class="R">
                              <LANGUAGE_CD type="CHAR"/>
                              <AUDIT_ACTN type="CHAR"/>
                              <BASE_LANGUAGE_CD type="CHAR"/>
                              <MSG_SEQ_FLG type="CHAR"/>
                              <PROCESS_INSTANCE type="NUMBER"/>
                              <PUBLISH_RULE_ID type="CHAR"/>
                              <MSGNODENAME type="CHAR"/>
                              </PSCAMA>
                              </FieldTypes>
                              <MsgData>
                              <Transaction>
                              <S_AUTH_REQ class="R">
                              <S_LOGINID IsChanged="Y">1306332</S_LOGINID>
                              <S_PASSWORD IsChanged="Y">DVL1234</S_PASSWORD>
                              <S_SESSIONID IsChanged="Y">
                              </S_SESSIONID>
                              <S_IMEIND IsChanged="Y">eb3e1792f84c28e5b8a259c519ae1da2a2d2c034</S_IMEIND>
                              </S_AUTH_REQ>
                              <PSCAMA class="R">
                              <LANGUAGE_CD IsChanged="Y">XYZ</LANGUAGE_CD>
                              <AUDIT_ACTN IsChanged="Y">Y</AUDIT_ACTN>
                              <BASE_LANGUAGE_CD IsChanged="Y">XYZ</BASE_LANGUAGE_CD>
                              <MSG_SEQ_FLG IsChanged="Y">Y</MSG_SEQ_FLG>
                              <PROCESS_INSTANCE IsChanged="Y">0</PROCESS_INSTANCE>
                              <PUBLISH_RULE_ID IsChanged="Y">XYZ</PUBLISH_RULE_ID>
                              <MSGNODENAME IsChanged="Y">XYZ</MSGNODENAME>
                              </PSCAMA>
                              </Transaction>
                              </MsgData>
                              </S_AUTHMSG>
                              </soapenv:Body>
                              </soapenv:Envelope>

                              You can also shorten above request to
                              <?xml version="1.0"?>
                              <soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2003/03/addressing/" xmlns:xsd="http://www.w3.org/2001/XMLSchema/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance/">
                              <soapenv:Header/>
                              <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                              <S_AUTHMSG>
                              <MsgData>
                              <Transaction>
                              <S_AUTH_REQ>
                              <S_LOGINID>1306332</S_LOGINID>
                              <S_PASSWORD>DVL1234</S_PASSWORD>
                              <S_SESSIONID> </S_SESSIONID>
                              <S_IMEIND>eb3e1792f84c28e5b8a259c519ae1da2a2d2c034</S_IMEIND>
                              </S_AUTH_REQ>
                              </Transaction>
                              </MsgData>
                              </S_AUTHMSG>
                              </soapenv:Body>
                              </soapenv:Envelope>
                              • 12. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                                HakanBiroglu
                                >
                                Do you mean the user PS should have the necessary permission list to invoke the service operation?
                                >

                                Indeed, PS should have a permission list which give access to invoke your web service.
                                • 13. Re: Integration Broker - Service Operation Userid/Password Check box usuage
                                  user410911
                                  Hi. This is resolved by sending the soap header as below

                                  <soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                                  <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                                  <wsse:UsernameToken>
                                  <wsse:Username>PTDMO </wsse:Username>
                                  <wsse:Password/>
                                  </wsse:UsernameToken>
                                  </wsse:Security>
                                  </soapenv:Header>

                                  we need the username in the wsse security section so we retained the soap header. Thanks for all your inputs Haken