| Author |
Message
|
| Bravo |
 Posted: Mon Dec 17, 2012 3:52 pm Post subject: HTTP:WWW-Authenticate header on unauthorized request |
 |
|
Centurion
Joined: 03 Oct 2005
Posts: 146
|
Hi All,
Is there any property/setup on Broker for HTTP Basic Authentication must add a "WWW-Authenticate" header on unauthorized requests?.
One of our clients require this info in order to resend.
Any thoughts!
_________________
Bravo |
|
| Back to top |
|
 |
| Bravo |
| Posted: Wed Dec 19, 2012 10:54 am Post subject: |
|
|
Centurion
Joined: 03 Oct 2005
Posts: 146
|
Is anybody came across below situation?
One of our clients uses HTTP protocol supports authentication as a means of negotiating access to a secure resource.
The initial request from a client is an anonymous request, not containing any authentication information. HTTP server applications can deny the anonymous request while indicating that authentication is required. The server application sends WWW-Authentication headers to indicate the supported authentication schemes which is Basic.
Here Broker acting as server. Is this possible in Broker?
This client also communicates for same request with SAP PI which is another integration tool that works fine.
_________________
Bravo |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Dec 19, 2012 11:02 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| McueMart |
| Posted: Thu Dec 20, 2012 1:44 am Post subject: |
|
|
Chevalier
Joined: 29 Nov 2011
Posts: 490
Location: UK...somewhere
|
I dont think broker can do this out the box (although maybe its worth logging a RFE for it...). I think it would be relatively simple modify your flow to return a 401 response with the WWW-Authenticate header if someone calls your service without a BasicAuth header.
You could create a generic subflow which is along the lines of:
| Code: |
HTTPInput-->Compute(checks for BasicAuth header)-->Output(if header existed)
|->HTTPReply(if header didnt) |
|
|
| Back to top |
|
|
| JosephGramig |
| Posted: Thu Dec 20, 2012 7:31 am Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
@Bravo
Well, you probably don't want to directly expose your Broker to the requesters. It would be better to have an http server in front of it as described by the link mqjeff gave you. Or you could put a DataPower device in front in stead!
That way you can load balance between multiple brokers (which comes in handy if you need to scale out your solution). |
|
| Back to top |
|
|
| cemeinz |
| Posted: Thu Dec 20, 2012 10:25 pm Post subject: |
|
|
Newbie
Joined: 01 Sep 2009
Posts: 6
|
Hello everybody,
we had a more or less the same topic at one of our customers while implementing a SOAP node.
We described our needs to IBM via a PMR and received an update to WMB v7003. We had to place one or two libs into runtime and add a setting / variable to the profile.
Our scenario was as follows:
Web Service consumer sends SOAP request without username/password, WMB via SOAP node and HTTP basic authentification enabled forced the customer to resend this information via WWW-Authenticate in the HTTP header response. Web Service consumer reacted on this and send this information to WMB.
Hope this helps. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Dec 21, 2012 9:33 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| cemeinz wrote: |
| We described our needs to IBM via a PMR and received an update to WMB v7003. |
That means the APAR should be in at least FixPack 5 of 7.
And likely built into v8. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Fri Dec 21, 2012 9:37 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
|
| Back to top |
|
|
| Bravo |
| Posted: Fri Dec 21, 2012 10:18 am Post subject: |
|
|
Centurion
Joined: 03 Oct 2005
Posts: 146
|
Wow..That exactly I need. The difference is I am using HTTPInput instead of SOAPInput. Could you please provide instruction to set the profile or APAR number, so that I can take a look?. I am running WMB 7005 on Linux
_________________
Bravo |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Dec 21, 2012 10:24 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Bravo wrote: |
| Wow..That exactly I need. The difference is I am using HTTPInput instead of SOAPInput. Could you please provide instruction to set the profile or APAR number, so that I can take a look?. I am running WMB 7005 on Linux |
Did you create a security profile? or otherwise enable the flow to use the default security profile? |
|
| Back to top |
|
|
| Bravo |
| Posted: Fri Dec 21, 2012 12:58 pm Post subject: |
|
|
Centurion
Joined: 03 Oct 2005
Posts: 146
|
I created security profile. All other clients web service request works fine expects this unusal one which I am stuck.
_________________
Bravo |
|
| Back to top |
|
|
| cemeinz |
| Posted: Fri Dec 21, 2012 1:45 pm Post subject: |
|
|
Newbie
Joined: 01 Sep 2009
Posts: 6
|
| Bravo wrote: |
| Wow..That exactly I need. The difference is I am using HTTPInput instead of SOAPInput. Could you please provide instruction to set the profile or APAR number, so that I can take a look?. I am running WMB 7005 on Linux |
As I am currently have no allowance from this specific customer, I am not able to send you this information.
But ask IBM for a WMB v7 patch regarding WWW-Authenticate from June / July this year. There should not be sooooo much.  |
|
| Back to top |
|
|
|
|
