I'm trying to setup the mTLS authentication process for an endpoint created in the SICF transaction on ABAP-based software. I'm not using SAP HANA.
I've already imported the certificates into the STRUST transaction (SSL server Standard),
Inside the service on SICF, I've put the following settings in Logon Data tab:
But when I receive the HTTP request, the connection is returning the 401 status code.
Is that the right way to achieve this goal? If not, is there any documentation, where I can find a step by step on how to configure this type of authetication?
Related
I am new to apache camel. What I am trying to do is I have exposed and Rest api to get data.
From that I need to communicate to an existing TCP server(Simple java server application) to retrieve data and send back to a client. What I have picked is Apache camel to do this integration.
rest()
.consumes("application/json").produces("application/json")
.get("/weather2/{city}").outType(WeatherDto.class).to("direct:get-weather-data")
from("direct:get-weather-data")
.process(this::setTCPMsg)
.to("netty://tcp://127.0.0.1:9898")
Above is the way I have defined the routes but when I try to run the appication I get below eror
org.apache.camel.FailedToCreateRouteException: Failed to create route route5 at: >>> To[netty://tcp://127.0.0.1:9898] <<< in route: Route(route5)[From[direct:get-weather-data] -> [process[Proc... because of No endpoint could be found for: netty://tcp://127.0.0.1:9898, please check your classpath contains the needed Camel component jar.
Please advice How to solve this issue.
We are trying to deploy an EAR on WebSphere Liberty.
Our application contains an EJB-module, which contains and EJB that makes a call to another SOAP server.
The WSDL of the service defines a wsp:Policy with ExactlyOne of http:BasicAuthentication xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http"/
After deployment when we send a request to our application, which would trigger that SOAP-call we get an error: None of the policy alternatives can be satisfied.
I found some java-code on how to solve this
HTTPConduit http = (HTTPConduit) client.getConduit();
http.getAuthorization().setUserName("user");
http.getAuthorization().setPassword("pass");
But I do not want to do this in the Java-code but I want to make it part of the server config.
I found several helpful links, but still could not get it working.
Does anybody have any suggestions on how I can set this up?
https://www.ibm.com/support/knowledgecenter/en/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/twlp_wssec_migrating.html
https://www.ibm.com/support/knowledgecenter/en/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/twlp_sec_ws_clientcert.html
You could use the JNDI feature to express the userid and password in server.xml, then have your java code pull it out of JNDI.
https://www.ibm.com/support/knowledgecenter/en/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_dep_jndi.html
I am working to understand the SAML request process using PingFederate.
I am making the SAML RST request in order to gain access to a SharePoint Online instance. PingFederate SSO is successfully set up and users must login through ping in order to get to sharepoint online.
Now I want to make a Saml RST to PingFederate STS using the Java STS SDK 1.1.
I have a working STS endpoint: https://my.ping.endpoint/sp/sts.wst
And my SharepointOnline endpoint is: https://mydomain.sharepoint.com
I am trying to figure out what to use as AppliesTo in this scenario.
Definition:
The Relying Party realm the token is to be issued for.
I've tried setting it to anything we can think of. But no luck. I was fairly sure I could use: https://tenantname.sharepoint.com/_forms/default.aspx?wa=wsignin1.0 but it didn't work. I keep getting a SOAP Fault from ping STS:
Unable to determine partner SP connection by AppliesTo: http://my-AppliesTo-url-here
Is this some URL I need to get from the PingFederate admin UI? How can I find this?
Under your "SP Connection", "WS-Trust STS", "Protocol Settings" there is a place to enter the "PARTNER SERVICE IDENTIFIER (CORRESPONDS TO APPLIESTO IN RST)"
We are using PingFederate as Service Provider and are using Opentokenadapter.
We are also using mod_pf apache library provided by PingFederate.
Is there any way we can configure "Logout Service (present in OpenToken Adapter )" in the mod_pf configuration? Is there any query parameter for it just like we have for PartnerIdpId, TargetResource etc?
The Apache Integration Kit's mod_pf.conf refers to the /sp/startSLO.ping application endpoint. In that configuration file is where you will configure various bits for the integration... You can review the /sp/startSLO.ping options as listed here:
https://documentation.pingidentity.com/pingfederate/pf81/index.shtml#concept_spServices.html#concept_spServices
The "Logout Service", as defined in the adapter, is where the browser will be sent to for an SLO that will destroy any current session within the SP Application. By spec, that application must return BACK to PingFederate, so that PingFederate can respond back to the IdP with a success/fail. If you plan to support SLO, then this "service" must exist. It's "goal" will be close the session, and redirect back to PingFederate with a success.
I am testing my application with PayPal sandbox.
The URI I use for the transaction is https://sandbox.paypal.com/cgi-bin/webscr?cmd=_xclick.
In my return page I read the data from PayPal then I form a new string to send back with cmd = _notify-validate.
When I make a call to https://sandbox.paypal.com/cgi-bin/webscr I am getting error saying "The remote certificate is invalid according to the validation procedure."
I tried making a call to https://www.paypal.com/cgi-bin/webscr instead and it always return t "INVALID".
This appears to be an SSL issue: This error message is caused because the process is not being able to validate the Server Certificate supplied by the Server during an HTTPS (SSL) request. The very first troubleshooting step should be to see if the server supplied certificate and every certificate in the chain is trouble free.