cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Agentry - HTTP-XML Connection Authentication

Former Member

on ‎06-01-2016 3:27 PM

0 Kudos

I am having trouble authenticating an Agentry HTTP-XML connection to an IIS deployed web service.  The users are authenticated via Directory Service (LDAP/AD) and the HTTP-XML connection is set to Enable Authentication.  The web service is HTTPS and has been configured for Basic and Windows authentication.  I've tested connecting to the web service via a REST client and using basic authentication with success.  Is there something else I could be missing in the back end configuration section?  The Agentry client always gives me the invalid password pop-up.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

mark_pe
Active Contributor
‎06-01-2016 10:33 PM
0 Kudos

Christopher,

Most of our product developed in Agentry uses the Java Backend for authentication or SQL Authentication.  In theory during the Server authentication, the system (Thru Server authentication and class) has to return true for the Agentry Server to accept the connection.

By stating HTTP-XML as your Backend Connection and making it the primary authentication criteria, there may be a need wherein the Agentry server and authentication classes needs to receive a true or return for your system.   If you are using AD then there may be libraries that needs to created to use the Agentry server classes for your authentication.  For example, in our Work Manager product, our product team had to create special jar files that utilize the authentication libraries (Agentry server.class and others) to make things work.

I think something to that regards may need to be done. I have no example of this type of pure connectivity (HTTPXML) from any of our out of the box but one of our partners who have pure HTTPXML backend was able to get it to work but I did not have the chance to look at their application libraries in detail.  They may have worked with the Agentry server libraries (i.e. server.class and others) or something else.  Not sure if they are online and they can comment on their project.

Regards,

Mark Pe
SAP Platinum Support Engineer

Show replies
Show replies
Former Member
‎06-02-2016 1:09 PM
0 Kudos

Thanks Mark!  Can you point me to any examples or documentation for these Agentry server libraries?

mark_pe
Active Contributor
‎06-02-2016 3:07 PM
0 Kudos

Christopher,

After thinking about this closely, in Agentry you define the System Connection Backend you are willing to support for your mobile application.

In SAP, we have two major out of the box product categories and they are:

1) Work Manager, Inventory Manager for SAP ERP

then you also have Service Manager, Sales Manager for SAP CRM.

AND

2) Work Manager and Inventory Manager for IBM Maximo.

For each of these products, The SAP ERP and SAP CRM uses Java as Backend interface while the IBM Maximo uses both Java and SQL Interface.

To authenticate between the two types of products, you will choose either SQL backend or Java Backend to Authenticate in.

In IBM Maximo, authentication is controlled in the SQL/Java backend part while in the SAP ERP it is controlled in the JAVA Backend part.

So what does this mean?

In Agentry Editor, when you select the System Connection you specify if you have Java, SQL, HTTPXML, Windows File system or ODATA.

In most of our products, authentication for the specified backend requires the use of the corresponding BackEnd initialization file (*BE.ini).  So in SQL that will be SQLBE.ini for Java it will be JAVABE.ini.

So if we take this same route the HTTPXML will be using the HTTPXMLBE.ini - backend configuration ini file.

The Java server class file (that I am stating above)  may be tied to the Java Backend in particular.  So the SSO or NON_SSO type of authentication that the Work Manager for SAP ERP may ask the user to add certain Java class file to authenticate and this will be listed in the classPath + what is listed as required in the javaBE.ini

~~~~javaBE.ini~~~~~~

..

..

[LOGON_METHOD]

;  USER_AUTH if standard UID/Password authentication is used

;  USER_AUTH_GLOBAL if pooled connections using single UID/Password is used

;  USER_AUTH_GROUP if UID/Password authentication with SAP Message Server

;   (load balancing) is used

;  USER_AUTH_SSO if SSO2 ticket authentication with SAP Portal Server is used

;  USER_AUTH_CUSTOM for a custom login module setup

LOGON_METHOD=USER_AUTH

..

..

[REQUIRED_BAPI_CLASS_MAPPING]

ChangePasswordBAPI=com.syclo.sap.bapi.ChangePasswordBAPI

CTBAPI=com.syclo.sap.bapi.CTBAPI

CTConfirmationBAPI=com.syclo.sap.bapi.CTConfirmationBAPI

DTBAPI=com.syclo.sap.bapi.DTBAPI

GetEmployeeDataBAPI=com.syclo.sap.bapi.GetEmployeeDataBAPI

GetUserDetailBAPI=com.syclo.sap.bapi.GetUserDetailBAPI

GetUserProfileDataBAPI=com.syclo.sap.bapi.GetUserProfileDataBAPI

LoginCheckBAPI=com.syclo.sap.bapi.LoginCheckBAPI

~~~~end~~~~~~~~~~~

So in Java authentication for the Java Backend the Agentry server class may have been use for the Java libraries to authenticate the user in the backend (i.e. Agentry jar files <-- the product team extended or use some of the (known before as Agentry-v5.jar) server class to make the JAVA authentication to work for some of the SAPWM.jar files <hint> look at how the com.syclo.sap.workmanager.server.class or user.class - you may notice extension to the Agentry server.class and/or Agentry.user.class).

If we compare this to the SQL Backend for Agentry that uses the SQLBE.ini then the authentication is configured inside the SQLBE.ini under authentication and all this does is during this point in time of the transmit, if the SQL script returns true then the user is authenticated and Agentry accepts them as a user.  This is just an example of where a pure SQL backend user will have to setup their environment to make things work.  I believe some of our other partners who OEM Agentry are pure SQL backend (or Oracle) and they use this quite a lot.

~~~~sqlBE.ini~~~~

..
..

; Queries to run when a user attempts to log into the server

[ValidateUser]

; Queries to run when a user logs in

[LoggedIn]

q1=insertSycloSiteUser.sql

q2=insertSycloDeviceUser.sql

; Queries to run when a user attempts to log into the server

[ValidateUser]

; Queries to run when a user login fails (i.e. [ValidateUser] returns VALID=false or VALID=DB and the database does not validate)

[LoginFailed]

; Queries to run when a user login returns blocked (i.e. [ValidateUser] returns USER_BLOCKED=true or VALID=BLOCKED)

[LoginBlocked]

; Queries to run when a user changes a password

[ChangePassword]

..

..

~~~~~end example sqlBE.ini~~~~~~~~

But our IBM Maximo products uses both SQL and Java so there will be a combination of using the Server class files to authenticate the user.

For your question above, we need to review the httpxmlBE.ini file to see what is required for authentication.  As far as I know depending if we have the documentation for pure HTTPXML backend or httpxmlBE.ini then that may be the answer we may be looking.

I am trying to see if I can find examples as I am not sure which of our products or consulting customized projects have pure httpxml backend.  As I said, I only saw one customer who has pure HTTPXML but I didn't pay attention to authentication (There is a chance that the authentication is using Java BE as primary and HTTPXML as not a primary authentication tool).

As I said, I have only seen one HTTPXML backend configured by one of our partners in production (as a third party mobile application - they OEM Agentry) but I did not remember how the interface was setup.

All our Server class information for Agentry is part of the SDK documentation or openUI documentation.  As soon as you go to the SDK documents try to find the Agentry SDK and hopefully it is one of those links (hint. I normally Google Agentry OpenUI then look for a website that has help.sap.*.com) those links mostly can find what you need for the SDK Agentry tool kit.

It may also be known that some of the SMP 3.0 SDK Service Packs (ex: SP03 versus SP12) may have more details on documentation when you visit the link (under the help.sap.*.com).  It may be that the doc team is still updating the newer information on newer service packs.  But worst comes to worst, you may try to see if the documentation exist on older service packs.

Hope this helps.

Regards,

Mark Pe
SAP Platinum Support Engineer

Former Member
‎06-02-2016 6:03 PM
0 Kudos

I appreciate the quick replies.  The .ini file could be what I'm missing but I would need to see an example to know how to use it.  I'd prefer not to write Java code as part of the reason we are using web services is to simplify things.  Is there a SDML-like placeholder that could be used for the basicUserName and basicPassword properties (e.g. <username>, <password>)?

Former Member
‎06-06-2016 1:21 PM
0 Kudos

Any updates for me?  Please let me know if there is a way to pass credentials via Basic Authentication using an Agentry HTTP-XML connection.

mark_pe
Active Contributor
‎06-06-2016 3:08 PM
0 Kudos

Christopher,

Hi. I am pinging people around SAP (dev and consultants) if anybody has experience here or would know how to do pure HTTP-XML connection.  I am waiting for their reply. Hopefully they respond soon so I can share it with the community.

Best Regards,

Mark Pe
SAP Platinum Support Engineer

mark_pe
Active Contributor
‎06-10-2016 9:17 PM
0 Kudos

Christopher,

Just to update this thread.  I am still trying to find an old project in our system (in archive) to see if we have an example. There is a particular project from our old archives that may have the syntax. I can't believe this syntax was not expose in any of our documentation. 

My colleagues and/or dev/consultant team may also need to dig deep in 10 year old examples.  In zip file storage or subversion or in hard drives stored in somewhere.  It may be in our very old online area but was deactivated.  I'll try to find if it got migrated to the new area.

Regards,

Mark Pe
SAP Platinum Support Engineer

mark_pe
Active Contributor
‎06-10-2016 10:59 PM
0 Kudos

Christopher,

After digging and working with very very old data and SAP QA, I found some app and old docs.  I may need time to review it.  I'll shoot for next week to see if I can share it to the community.

Best Regards,

Mark Pe
SAP Platinum Support Engineer

Former Member
‎06-13-2016 12:31 PM
0 Kudos

Thanks Mark!  I'll look forward to seeing your post.

mark_pe
Active Contributor
‎06-15-2016 10:40 PM
0 Kudos

Christopher,

Okay. Sorry for the delay.

Here is the basic example of authentication for pure HTTPXML Agentry backend.  Please note this is very generic. It is assumed that the designer will create a more lavish authentication tied to your web service.

Enjoy.

2331011 - Test Case: Agentry HTTPXML Backend Authentication example


Best Regards,

Mark Pe

SAP Platinum Support Engineer

bill_froelich
Product and Topic Expert
Product and Topic Expert
‎06-01-2016 5:17 PM
0 Kudos

How do you have the backend configured?  Are you trying to authenticate the user against the XML backend as well as via LDAP/AD?

--Bill

Show replies
Show replies
Former Member
‎06-01-2016 5:26 PM
0 Kudos

The backend is configured to accept basic authentication and windows authentication.  We've used the same configuration for Kapsel apps with the Basic SSO mechanism and it's worked.  We are trying to authenticate the users against the HTTP-XML backend and LDAP/AD.  The backend uses the logged in user to filter data and perform authorization to certain data.

lee_bennett2
Explorer
‎06-13-2016 7:57 PM
0 Kudos

Christopher

I believe that you what you need to do is to create your Authorization request under the "Validate User Requests" section of your HTTP-XML backend definition as defined here:

http://help.sap.com/saphelp_smp3012sdk/helpdata/en/7c/1317e77006101483a8ef0415dc1b17/content.htm

This request can be used to confirm user authentication immediately prior to any other HTTP-XML requests from your backend.

Note that this request can be configured to use Basic Authentication by checking this options when creating the request.

In this case, it seems that Agentry will add Basic Authentication to the request using the UserId and Password configured in the Management cockpit as documented here:

http://help.sap.com/saphelp_smp303svr/helpdata/en/7c/30292170061014b520e7c92429b164/content.htm

I have developed a HTTP-XML solution, but it doesn't use the Basic Authentication settings.

FYI,

Lee

Ask a Question