| Author |
Message
|
| SN_IIB |
 Posted: Tue Feb 03, 2015 9:00 am Post subject: IIB - SOAP Input - HTTP Basic Authentication |
 |
|
Novice
Joined: 20 Jul 2014
Posts: 10
|
Dear Experts,
I am trying to implement HTTP basic authentication [Transport level authentication] for SOAP Input node. IIB is web service provider here. I could not get it working. Please can you validate my steps and let me where am I going wrong?
1. Register userid/password in the broker registry -
Command: mqsisetdbparms IB9NODE -n soap::SOAPInputIdentity -u userid -p password
2. In IBM Integration Explorer, right click on Integration Node --> Properties --> Security and Policy --> Security Profiles --> Add:
Name: SOAPInputSecurityProfile
Authentication: WS-Trust v1.3STS
Authentication config: http://localhost:9080
Mapping, Authorization: NONE
Password Value: PLAIN
Security token Service URL: http://localhost:9080
3. Generate the bar file. In the bar file --> SOAP Input properties:
Security Profiles: SOAPInputSecurityProfile [that was created in step-2]
Now, in the HTTP header of the soap request sent to IIB message flow, I pass on the userid and password. But it does not work.
Am I missing something or totally wrong?
Thanks for your time and comments.
Last edited by SN_IIB on Wed Feb 04, 2015 2:18 am; edited 1 time in total |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Tue Feb 03, 2015 9:05 am Post subject: Re: IIB - SOAP Input - HTTP Basic Authentication |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| SN_IIB wrote: |
| Now, in the HTTP header of the soap request sent to IIB message flow, I pass on the userid and password. |
How?
| SN_IIB wrote: |
| But it does not work. |
How? |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Feb 03, 2015 9:29 am Post subject: Re: IIB - SOAP Input - HTTP Basic Authentication |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| SN_IIB wrote: |
| I am trying to implement HTTP basic authentication [Transport level authentication] for SOAP Input node. IIB is web service provider here. I could not get it working. Please can you validate my steps and let me where am I going wrong? |
I don't see anything here that indicates the SOAP node should use transport level basic auth rather than the WS-Security header.
I also agree that "it does not work" is a massively unhelpful and detail-less description of the symptoms.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Feb 03, 2015 9:38 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Is this the same set up you described in this earlier post?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| SN_IIB |
| Posted: Wed Feb 04, 2015 12:07 am Post subject: |
|
|
Novice
Joined: 20 Jul 2014
Posts: 10
|
Thanks mqjeff and Vitor.
Vitor, the earlier post is about IIB message flow in web service consumer scenario, I have used HTTP Header node to hard code the HTTP Basic authentication userid/password just before SOAP Request node and it worked. Though it worked, I am looking for a way to store the userid/password in the system rather than hardcoding it in HTTP Header node.
What I am doing now is IIB message flow in web service provider scenario and I need to validate HTTP Basic authentication userid/password in the HTTP Header.
For the webservice provider scenario, from your comment, seems that I am taking totally wrong direction then. Please can you point me to right one with high level steps. I could explore and get back in case I am struck?
Also, have you come across step by step guides for WMB scenarios [ especially security ]. I searched my best but could not find.
Thank you. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Feb 04, 2015 5:32 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| If you want the soap request node to attach an identity, you need to set the identity and instruct the soap request node to use the appropriate policy to use the identity. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Feb 04, 2015 5:52 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| SN_IIB wrote: |
| I am looking for a way to store the userid/password in the system rather than hardcoding it in HTTP Header node. |
Like the static id facility built into IIBv9 for example? 
It's to this that I believe my most worthy associate is referring.
| SN_IIB wrote: |
| What I am doing now is IIB message flow in web service provider scenario and I need to validate HTTP Basic authentication userid/password in the HTTP Header. |
Fair enough.
| SN_IIB wrote: |
| For the webservice provider scenario, from your comment, seems that I am taking totally wrong direction then. |
Well I don't understand in this or your previous thread why you're using any of the HTTP nodes for a web service, especially in conjunction with the SOAP nodes.
I also (as indicated in my earlier post) don't see where you've configured any policy to tell the SOAP Input node to look in the HTTP header rather than the WS-Security header. I also believe that the SOAP Input as you've configured it has nothing to authenticate the passed user id and password against; is the WS-Trust provider on the same server at port 9080? Certainly if you're trying to authenticate the passed user against the credentials you've stored using mqsisetdbparms then that isn't going to work.
| SN_IIB wrote: |
| Also, have you come across step by step guides for WMB scenarios [ especially security ]. I searched my best but could not find. |
I've not encountered such step by step guides, except the instructions in the InfoCenter which you'd do well to follow more closely. That's not to say such guides do not exist and others may know better than me.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
