SOA Suite 12c BPEL invoke basic authentication service problem — oracle-tech

    Forum Stats

  • 3,701,023 Users
  • 2,239,262 Discussions
  • 7,834,978 Comments

Discussions

SOA Suite 12c BPEL invoke basic authentication service problem

Peter551059Peter551059 Posts: 446

Hi. I am using Oracle fusion middleware 12.2.1.3.0

I have web service secured by basic authentication on Microsoft IIS/8.5 server.

I can invoke ws without problem in SoapUI but I have problem invoke ws from BPEL process.

I have configured ws reference with properties username/password and set preemptive=true (see picture).

Regarding to Random Cerebrations on SOA: BPEL calling web services with http basic authentication+authotrization.

Bez názvu.png

When I invoke ws I get response HTTP/1.1 401 Unauthorized.

I use Wireshark to see the communication. I see request GET /ServicesPHX/CskmdSyncService/CskmdSyncService.svc?singleWsdl HTTP/1.1 with ECID-context long 1173.

I don't see soap message.

After that I get TCP segment of reassembled PDU and resposonse Unauthorized.

I tried use oracle/wss_http_token_service_policy (Java / Oracle SOA blog: HTTP Basic authentication with SOA Suite 11g ) but no luck.

But if I use same configuration for OSB proxy service then invoking basic authorization secured service is not problem

What is wrong in my setup?

Thank you in advance.

Tagged:
Peter551059

Answers

  • RakeshKrRakeshKr Posts: 401
    edited July 2018

    Microsoft services usually use Kerboros authentication. Verify exactly what authentication is used in your case.

    When kerboros is used, it works from SoapUI but not from SOA.

    Peter551059
  • Peter551059Peter551059 Posts: 446
    edited July 2018

    Thank you for your response. I am going to ask partner about authentication.

    Strange is that OSB is authenticated well.

  • Peter551059Peter551059 Posts: 446
    edited July 2018

    There is no Kerberos authentication.

    Service has basic authentication enabled on itself. Local user account is used to authenticate service.

    xx.png

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited July 2018

    Hi Peter,

    Although it should work with SOASuite in more or less the same way as OSB, architecturally it is not a bad idea to have SOASuite call the MS Webservice through OSB.

    That way you abstract that (external) service  from the internal processing. And it is a good workaround for this problem.

    I would be curious to try to solve it from SOASuite, but actually in my projects I wouldn't even call the MS services directly from SOA, but through OSB. Based on the PSA (project start architecture) it wouldn't even be allowed.

    Regards,
    Martien

    Peter551059
  • RakeshKrRakeshKr Posts: 401
    edited July 2018
  • Peter551059Peter551059 Posts: 446
    edited July 2018

    Thank you for tip but service has HTTP endpoint. So I cannot use oracle/http_basic_auth_over_ssl_client_policy

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited July 2018

    Yeah, OWSM only supports basic authentication over ssl. And that figures: if you do it over http, everyone can see the base64 encoded authentication string.

    But honestly, I have no clue what's going wrong at your site, currently.


    regards,

    Martien

  • RakeshKrRakeshKr Posts: 401
    edited July 2018

    Passing username / password over ssl is a good idea.

    If you still want to pass username / password over http then try this:

    Add the policy to external reference: "oracle/wss_http_token_client_policy"

    Add the following Binding Properties from the Property Inspector for the external reference:

    "oracle.webservices.auth.username" : value

    "oracle.webservices.auth.password" : value

    You can also pass the username password from the invoke activity. Add these two properties to invoke activity:

    javax.xml.ws.security.auth.username

    javax.xml.ws.security.auth.password

    Peter551059
  • Peter551059Peter551059 Posts: 446
    edited July 2018

    Thank you for tips. I know this practice but for some reason it doesn't work.

    This is outcome

    Invoke (faulted)

    Jul 12, 2018 4:19:19 PM Started invocation of operation "GetList" on partner "SyncService".Started invocation of operation "GetList" on partner "SyncService".

    Jul 12, 2018 4:19:19 PM Sending property "javax.xml.ws.security.auth.password", value is "*********".Sending property "javax.xml.ws.security.auth.password", value is "*********".

    Jul 12, 2018 4:19:19 PM Sending property "javax.xml.ws.security.auth.username", value is "name".Sending property "javax.xml.ws.security.auth.username", value is "name".

    Jul 12, 2018 4:19:19 PM Faulted while invoking operation "GetList" on provider "SyncService". Faulted while invoking operation "GetList" on provider "SyncService".

This discussion has been closed.