I have been creating a Proxy service using service chaining mechanism.
1. First I make a call to an endpoint, get the result and send the result to a sequence.
2. In the sequence, I have a data mapper and then a property to specify the username and password to a secure endpoint and then send mediator to call an endpoint.
However, I have been getting the following error:
HTTPSender Unable to sendViaPost to url[endpoint Url] org.apache.axis2.AxisFault: Transport error: 401 Error: Unauthorized,
With the description as "This request requires HTTP authentication"
The solution I have tried:
1. Tried adding a property "FORCE_HTTP_1.0" to true before making a call to the endpoint.
But nothing seems to work. Any help would be appreciated.
Thanks in advance.
If your backend requires Basic authentication, set the following property before your backend call.
Mmh seems like it's not possible to paste Code from my iPhone. Hope the link works.
https://docs.wso2.com/display/ESB470/Enabling+HTTP+Basic+Authentication+through+a+Proxy+Server
Just set the property "Proxy-Authorization"
Related
I was doing a automation testing on my web application with SOAPUI, I have found a bug which is http method fuzzing basically it means "HTTP Method Fuzzing
An HTTP Method Fuzzing Scan attempts to use other HTTP verbs (methods) than those defined in an API. For instance, if you have defined GET and POST, it will send requests using the DELETE and PUT verbs, expecting an appropriate HTTP error response and reporting alerts if it doesn't receive it.
Sometimes, unexpected HTTP verbs can overwrite data on a server or get data that shouldn't be revealed to clients."
Can anyone knows how I can solve this issue or how I block the HTTP request other than GET or POST which may remove this bug.
I am using Node.js and express for my web application.
Please check the images:
Image 1
Image 2
I am encountering the following error after amending a scope value being sent in the headers of a token POST request against the token API endpoint for our WSO2 instance:
ERRORS.900901
Invalid CredentialsAccess failure for API: /scheme/v1, version: v1 with key: fa41109938522762bcca953336f0e0e2.
Make sure your have given the correct access token
This error comes after I successfully get a token returned and then use that token for a an API setup in WSO2 publisher. This particular endpoint in the error does not actually have any scopes applied to it which causes me some confusion about why this error comes up since its not a scope protected endpoint so my token shouldn't matter?
This happened after I realised there was a typo in a scope value I was sending in the POST request and so I updated it accordingly.
If I leave the typo in I can use the token generated for a subsequent API request and dont get this error.
Am I right in thinking that tokens are generated based on the list of scopes returned back by the Token API for the given user?
I have tried manually revoking the access token using a cURL command as documented here and generating a new one using the corrected scope names, but still this error comes back after trying to access that API.
What could be the issue here?
Thanks
This error comes after I successfully get a token returned and then
use that token for a an API setup in WSO2 publisher. This particular
endpoint in the error does not actually have any scopes applied to it
which causes me some confusion about why this error comes up since its
not a scope protected endpoint so my token shouldn't matter?
This also can happen if there were any errors while validating the token. This doesn't look like a scope issue. So if you can provide the corresponding logs in wso2carbon.log, I can tell the exact reason.
Am I right in thinking that tokens are generated based on the list of
scopes returned back by the Token API for the given user?
Yes.
I setup an API Gateway in AWS that uses custom authorizers to implement an OAuth2 flow. It works fine. When the user is not authorized they get a 401 Authorized response. That is correct as well, but I would like to add a header that gives the client the endpoint where it can get the token. Something like AuthorizeUrl: url
How can I add this header to my response?
Unfortunately this isn't possible but it's on our backlog. I know it doesn't really make sense when the client gets a 401 but you can't tell them how to authorize.
I don't have an ETA to provide but I'll add a +1 to the feature request.
AWS added this functionality last year.
Refer to this
To do it manually:
Go to 'Response Headers' in API Gateway Console.
Choose Unauthorized (401)
Below 'Response Headers' add AuthorizeUrl and url
Save and deploy API to some stage.
To add this to Cloudformation, refer to this similar answer.
You can also add this to swagger, by adding this snippet(yaml):
x-amazon-apigateway-gateway-responses:
UNAUTHORIZED:
statusCode: 401
responseParameters:
gatewayresponse.header.AuthorizeUrl:"url"
responseTemplates:
application/json: "{\"message\":$context.error.messageString}"
In the API Gateway console go to the "Method Response" interface. You can add HTTP Status 401. In "Response Headers" add your custom "AuthorizeUrl" header. Then in the "Integration Response" interface you can add the value you'd like for that header.
I am using webMethods from the SAG and it seems if the service
pub.client.http
throws an exception on status code 401 "Unauthorized".
This leads me to the problem that I cannot handle the status code because nothing is written to the pipeline.
getLastError
does contain the string "Unauthorized" but not the status code.
Except that I do not want to start parsing exception messages...
Any ideas?
The output parameter header from the pub.client.http call should contain the information you’re after:
header Document Conditional. HTTP response headers.
Key Description
lines Document Fields in the response header, where key names represent
field names and values represent field values.
status String HTTP status code of the response.
statusMessage String HTTP status message of the response.
See the webMethods Integration Server Built-In Services Reference page 122 for more details.
Asked a SAG senior consultant.
This is the normal behavior.
There is no flag which you can set to enforce suppression of this exception...
You can suppress the exception and have the HTTP 401 status returned like any other HTTP response. Go to the IS Admin Extended Settings and set:
watt.net.http401.throwException=false
Note this is a server-wide setting, so it will affect all your applications/services that use pub.client:http.
According the comment from #Hugo Ferreira probably there are ACL restriction whether inside your webMethods environment, or your client URLs.
Things you should consider:
Do your webMethods server located inside closed environment wherein need to get connected to proxy to get to the outgoing request. Which is likely you can investigate by run web-browser program directly from your wM server towards the URL address (i.e using SSH to run firefox in my case and popup appeared)
The client that your request will go to, have HTTP for authentication requests
Solution
To pass this all you need to do is input the auth user/password or any other auth mechanism i.e kerberos, token, etc. inside the pub.client:http
I'm implementing an R wrapper around PiCloud's REST API using the RCurl package to make HTTP(S) requests to the API server. The API uses Basic HTTP authentication to verify that users have sufficient permissions. The PiCloud documentation gives an example of using the api and authenticating with curl:
$ curl -u 'key:secret_key' https://api.picloud.com/job/?jids=12
This works perfectly. Translating this to an equivalent RCurl's command:
getURL("https://api.picloud.com/job/?jids=12", userpwd="key:secret")
Executing this function I receive the following error message:
[1] "{\"error\": {\"msg\": \"No HTTP Authorization information present\", \"code\": 995, \"retry\": false}}"
Exploring the issue in more depth I found that the HTTP requests made by the curl command included the Authorization field in the first GET command.
RCurl does not do this. Instead it first sends a GET request without the authorization field set. If it receives a 401 error code AND a response with a WWW-Authenticate field it sends another GET request with the Authorization field.
Although the HTTP spec requires messages that return with a 401 error code to include the WWW-Authenticate field PiCloud API messages do not. Thus when calling getURL even with the userpwd option set RCurl will never send a GET request with the authorization field set. As a result authentication will always fail.
Is there any way to force RCurl to set the Authorization field in the first GET message it sends? If not are there any other R packages that I could look into using?
I've resolved the problem with the help of the author of RCurl, Duncan Lang. The solution is to explicitly set the httpauth option which sets the authentication method to try initially. This works:
getURL("https://api.picloud.com/job/?jids=12", userpwd="key:secret", httpauth = 1L)
httpauth is a bitmask specifying which authentication methods to use. See the HTTP Authentication section of the libcurl tutorial for more details.
The equivalent code in httr is:
library(httr)
GET("https://api.picloud.com/job/?jids=12", authenticate("key", "secret"))