This content has been marked as final. Show 6 replies
Hi - Did you find any solution? Everything I see is how SOA has as the server and browser as the client and not the other way around.
Not sure if I can help but have you tried setting up SPEGNO at WLS level similar to what needs to be done for windows native authentication?
I have raised a SR with support and have got some feedback which points to setting up Kerberos/SPNEGO on WLS for single sign-on. Seems like quite a lot of configuring, and not sure it will work for this particular web service...
Anyone who has any experience with this?
I have been able to authenticate with NTLM to the REST interface (http://msdn.microsoft.com/en-us/library/gg334279.aspx) using a java client as described in How to enable NTLM authentication in OSB???
I'm looking into creating a simple java callout from OSB to do the authentication and the basic http operations (GET, POST, PUT, DELETE). A proxy service will then act as a wrapper exposing a SOAP interface for Create-/Get-/Update-/Delete- Contact/Account/Lead etc operations, transforming these to/from REST operations which are executed by the java callout.
Have you taken a look at this blog post?
Once kerberos/SPEGNO is created for WLS , you should then be able to apply policies for WS-TRUST which should achieve your authentication mechanism although I have not tried this for OSB, it works perfectly well for webcenter and SOA Suite without the need
to perform java callouts or write java clients.
Should point that the Kerberos/SPEGNO approach will only for client consumers that logging into the Active Directory network via a windows desktop. If this is not your use case then your approach may be more appropiate.
Hi, thanks for the update.
My scenario is that the OSB will be the "client" accessing MS CRM. We want to be able to connect to CRM from OSB specifying a username when doing this. This is due to the fact that we want to expose "CRM services", e.g. CreateLead, GetLead, CreateAccount, GetAccount etc. on the bus, and the consumers of these services are not necessarily users authenticated on AD (or even on the LAN). The OSB will be the proxy between the consumers and MS CRM (or even a different CRM application in future). We would like to achieve "louse coupling".
The OSB is running on WebLogic on Linux.
Does this mean that your approach will not work then, and that using a Java callout and REST is a good idea for the time being?
I would really like to use the "real" IOrganization wsdl based interface from MS CRM, but have been struggling to come up with a solution for this.
An update on the use of the REST interface: I have created at basic Java HTTP client using HttpClient from the Apache HttpComponents (ver. 4.2) and have successfully connected to the REST interface from the OSB/WebLogic on Linux.
My previous Http client based on java.net only worked in my local eclipse environment on Windows, not when I deployed it to OSB/WebLogic on Linux.