cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication for Webservice

Go to solution
Former Member

on ‎04-25-2007 10:42 AM

0 Kudos

Hi All,

I have exposed my outbound interface as a webservice sucessfully

But the problem is I need to provide a User Id to contact XI SOAP adapter. I dont require any authentication for this webservice client. How can I disable the authentication check for this particular webservice.

I have seen some forum posts, which suggested me to make some modification in web.xml which will disable auth for all webservices. Is it possible for me to disable the authentication check only for this particular webservice?

Regards,

Jai Shankar

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

MichalKrawczyk
Active Contributor
‎04-25-2007 10:49 AM
0 Kudos

Hi Jai,

>>>>How can I disable the authentication check for this particular webservice.

you can only do it for the whole SOAP adapter - so not advisable

>>>>Is it possible for me to disable the authentication check only for this particular webservice?

not possible

Regards,

michal

Show replies
Show replies
Former Member
‎04-25-2007 10:55 AM
0 Kudos

Michal,

Thanks for the input. In that case, I do not wat the end user to provide a user id, pwd to send the msg to SOAP adapter. Is it a recommended approach to hard code the user id in the application?

Any other alternative approach?

Your insights are highly appreciated.

Regards,

Jai Shankar

bhavesh_kantilal
Active Contributor
‎04-25-2007 10:57 AM
0 Kudos

Jai,

I guess one option is to create a Service User Id with a non expiring password and hardcoding it in the application.

Even here, like you do in a J2EE application you can have a properties file to key in the user id and password.

and when the dats is being sent from the application to XI, it can use this to red the user name and password and make the call to XI.

Just like you do for any J2EE application etc.

Regards

Bhavesh

MichalKrawczyk
Active Contributor
‎04-25-2007 10:57 AM
0 Kudos

Hi,

>>>>>Is it a recommended approach to hard code the user id in the application?

no

as if you change the pass (even by accident) you will need to recompile

your app

try to put it in some configuration (property) file

together with your app

anyway it has to be changeble somehow

Regards,

michal

Former Member
‎04-25-2007 11:14 AM
0 Kudos

Bhavesh/Michal,

Thanks a lot. Your inputs helped me a lot.

Saw this forum thread, where Bernard said such an option would be available from SP14. But it seems, the functionality is still not included.

Regards,

Jai Shankar

henrique_pinto
Active Contributor
‎04-26-2007 6:23 AM
0 Kudos

Best option to avoid client system to have to provide user/pwd is to use client certificates for authentication. You'll have to register your server certificate with a particular https port and also you'll have to maintain the client certificate in SSL Provider Service.

It is the same principle behind Single Sign-On.

Check this link for further information: http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/frameset.htm.

Regards,

Henrique.

Former Member
‎04-26-2007 6:29 AM
0 Kudos

Henrique,

Thanks a lot. Have never used certificates so far. Will try to read more and get back if I face any problems.

Regards,

Jai Shankar

Former Member
‎04-26-2007 6:30 AM
0 Kudos

Hi,

If you are using a username/password based authentication, then don't maintain the user as Communication user, as the password will expire.

Better to keep it as type Service.

Regards

Puloma.

Former Member
‎12-11-2007 4:37 PM
0 Kudos

Hi Jai,

Can you provide me the code as to how to pass the userid and password from the J2EE application on apache when calling the XI webservice.

Answers (1)

Answers (1)

bhavesh_kantilal
Active Contributor
‎04-25-2007 10:52 AM
0 Kudos

Jai,

><i>How can I disable the authentication check for this particular webservice.</i>

Check this thread. But this will turn of Authentication for all SOAP Sender Adapters.

><i>I have seen some forum posts, which suggested me to make some modification in web.xml which will disable auth for all webservices. Is it possible for me to disable the authentication check only for this particular webservice?</i>

Its either for all SOAP adapters or for none . there is no middle ground.

Better way is to use Access Control List.

Regards

Bhavesh

Show replies
Show replies
Ask a Question