ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Getting credentials stored in a WS-Security Policy from ESQL

Post new topic  Reply to topic
 Getting credentials stored in a WS-Security Policy from ESQL « View previous topic :: View next topic » 
Author Message
KJCB
PostPosted: Sat Dec 09, 2017 10:51 am    Post subject: Getting credentials stored in a WS-Security Policy from ESQL Reply with quote

Apprentice

Joined: 09 Dec 2017
Posts: 26

Hello all,

I need to call to an external web service which requires Basic Authentication with a username and a password, and a header to be sent in the HTTP Request with the username and password concatenated. If I use a WS-Security policy set in the server, how can I read the stored credentials using ESQL in order to build the HTTP Header afterwards?

(I'm using v9.4 of the Integration Bus)

Thanks for your help
Back to top
View user's profile Send private message
souciance
PostPosted: Sun Dec 10, 2017 11:55 am    Post subject: Reply with quote

Disciple

Joined: 29 Jun 2010
Posts: 169

Why don't you add it as you normally would in a standard HTTP request call rather than venture in WS Security stuff?
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Dec 11, 2017 6:05 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

KJCB wrote:
Hello all,

I need to call to an external web service which requires Basic Authentication with a username and a password, and a header to be sent in the HTTP Request with the username and password concatenated. If I use a WS-Security policy set in the server, how can I read the stored credentials using ESQL in order to build the HTTP Header afterwards?

(I'm using v9.4 of the Integration Bus)

Thanks for your help

You don't. You add the corresponding SecurityPolicy to the request node.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
KJCB
PostPosted: Thu Dec 14, 2017 8:49 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Apprentice

Joined: 09 Dec 2017
Posts: 26

fjb_saper wrote:
KJCB wrote:
Hello all,

I need to call to an external web service which requires Basic Authentication with a username and a password, and a header to be sent in the HTTP Request with the username and password concatenated. If I use a WS-Security policy set in the server, how can I read the stored credentials using ESQL in order to build the HTTP Header afterwards?

(I'm using v9.4 of the Integration Bus)

Thanks for your help

You don't. You add the corresponding SecurityPolicy to the request node.


Hi fjb_saper and souciance,

Thanks for your answer. Actually, I don't know how to resolve this problem: I need to call to a webservice with Basic Authentication, but sending the credentials also in an HTTP Header.

What I want to know is:
- Which is your recommendation for storing the credentials (reading IBM Documentation, I guess defining a Security Policy is the best option) for the Basic Auth part.
- And if I do store webservice credentials using a Security Policy, how can i build custom HTTP Request Header with the credentials concatenated.

Thanks for your help and Best regards.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Fri Dec 15, 2017 7:33 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

KJCB wrote:

- And if I do store webservice credentials using a Security Policy, how can i build custom HTTP Request Header with the credentials concatenated.

Thanks for your help and Best regards.

You don't. You assign the security policy to the Request node.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
joebuckeye
PostPosted: Mon Dec 18, 2017 8:58 am    Post subject: Reply with quote

Partisan

Joined: 24 Aug 2007
Posts: 364
Location: Columbus, OH

Making them accessible via ESQL would defeat the security of them.
Back to top
View user's profile Send private message
KJCB
PostPosted: Tue Jan 02, 2018 5:08 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Apprentice

Joined: 09 Dec 2017
Posts: 26

fjb_saper wrote:
KJCB wrote:

- And if I do store webservice credentials using a Security Policy, how can i build custom HTTP Request Header with the credentials concatenated.

Thanks for your help and Best regards.

You don't. You assign the security policy to the Request node.


Hi fjb_saper,

Thanks for your answer. I have created the security profile in the Bus console using mqsisetdbparms and mqsicreateconfigurableservice commands, associating webservice username and password.

Afterwards, I have modified properties "Customer Policy Set" and "Customer Policy Set Binding" of my SOAPRequest node according to the profiles created.

Right here it's supposed to be sending the credentials, but I'm still missing my "Authorization" header. How can I configure it?
It must send a HTTP Request header like this Authorization: Basic username:password (in plain text) when calling to SOAP Webservice.

Thanks for your help.
Back to top
View user's profile Send private message
Vitor
PostPosted: Tue Jan 02, 2018 6:39 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

KJCB wrote:
Right here it's supposed to be sending the credentials, but I'm still missing my "Authorization" header. How can I configure it?


You talk about the profile, what about the rest of the configuration?

Refer to the InfoCenter and search for "Basic Authorization"
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
KJCB
PostPosted: Fri Jan 05, 2018 7:44 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Apprentice

Joined: 09 Dec 2017
Posts: 26

Vitor wrote:
KJCB wrote:
Right here it's supposed to be sending the credentials, but I'm still missing my "Authorization" header. How can I configure it?


You talk about the profile, what about the rest of the configuration?

Refer to the InfoCenter and search for "Basic Authorization"


Hi,

I followed this page: https://www.ibm.com/support/knowledgecenter/SSMKHH_10.0.0/com.ibm.etools.mft.doc/ac56190_.htm which talks about SOAPRequest node.
At the beginning, it says:

"A SOAPRequest node that uses HTTP transport can consume a service that requires the following authentication mechanisms:
Basic authentication, see..." and redirects you here https://www.ibm.com/support/knowledgecenter/SSMKHH_10.0.0/com.ibm.etools.mft.doc/bp19260_.htm

which talks about "You can configure a static username and password identity to be used, by specifying the credentials on the mqsisetdbparms command".

So, that what I did: run mqsisetdbparms and mqsisetdbparms commands.

Then, in my application I modified BAR configuration, and set the created identity in the "Security Profile" option of the SOAPRequest node.

What am I doing wrong? I can see that the node is not sending the header in the request, and service is crashing.

Thanks for your help
Back to top
View user's profile Send private message
Vitor
PostPosted: Fri Jan 05, 2018 8:11 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

KJCB wrote:
What am I doing wrong?


You don't talk about setting up the configurable service, referred to in the link you posted.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
KJCB
PostPosted: Fri Jan 05, 2018 8:25 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Apprentice

Joined: 09 Dec 2017
Posts: 26

Vitor wrote:
KJCB wrote:
What am I doing wrong?


You don't talk about setting up the configurable service, referred to in the link you posted.


Oh,

Instead of apply bar override command I created the BAR package manually, configuring the Security Profile Name Property.
And I did created the identity using both commands it proposed. This steps are done.
Back to top
View user's profile Send private message
Vitor
PostPosted: Fri Jan 05, 2018 10:06 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

KJCB wrote:
And I did created the identity using both commands it proposed.


Post the commands.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Fri Jan 05, 2018 11:10 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

KJCB wrote:

It must send a HTTP Request header like this Authorization: Basic username:password (in plain text) when calling to SOAP Webservice.

Thanks for your help.

This is not Basic Authentication. In Basic Authentication username:password are at least 64 bit encrypted on the wire...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
joebuckeye
PostPosted: Mon Jan 08, 2018 5:24 am    Post subject: Re: Getting credentials stored in a WS-Security Policy from Reply with quote

Partisan

Joined: 24 Aug 2007
Posts: 364
Location: Columbus, OH

fjb_saper wrote:
KJCB wrote:

It must send a HTTP Request header like this Authorization: Basic username:password (in plain text) when calling to SOAP Webservice.

Thanks for your help.

This is not Basic Authentication. In Basic Authentication username:password are at least 64 bit encrypted on the wire...


Encrypted is probably too strong a word for the base-64 encoding that occurs in your standard Basic Auth scenario.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Getting credentials stored in a WS-Security Policy from ESQL
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.