HTTPAPI header authentication
Posted: Thu Mar 09, 2023 6:27 pm
Hi all.
I'm making a request against a webservice with http_url_post_stmf function. This request only check the webservice status. The web service require authentication.
Basically this is my code:
http_setAuth( HTTP_AUTH_BASIC
: %trim(Usuario)
: %trim(Contrase) );
rc = http_url_post_stmf(%trim(httpurl)
: %trim(inpfile)
: %trim(outFile)
: 120
: HTTP_USERAGENT
: 'text/xml;charset=UTF-8'
: %trim(SoapAct));
The post function fails. Mi http_log say:
Authorization: Basic UHJveGl1bVdTOlBYQ2xpZW50ZXNXUw==
The response xml say:
<SOAP-ENV:Fault>
<faultcode>wsse:FailedAuthentication</faultcode>
<faultstring>The security token could not be authenticated or authorized</faultstring>
<detail></detail>
I'm trying set user and password with HTTP_SETAUTH function, but it don't works. I tried with all options: HTTP_AUTH_NTLM, HTTP_AUTH_MD5_DIGEST and
HTTP_AUTH_BASIC.
Anyway, I tested with SOAPUi app and it works fine.
The webservice admin said me that in the log appears the follow string for authentication as HEADER SECTION:
---- webservice log - begin -------------------------
<soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id=
"UsernameToken-D1C0FA819A1166BA9C16783646053262">
<wsse:Username>UserWS</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/ ... sswordText">
PasswordWS</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-soap-message-security-1.0#Base64Binary">X8vCvBOX5zZ+5SH/dC3mvg==</wsse:Nonce>
<wsu:Created>2023-03-09T12:23:25.326Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
---- webservice log - end -------------------------
I copied and pasted this header in my RPG program and worked fine.
But I have to do my program allow to use parameters dynamically, taking user and password as need.
Does anyone knows how I can replicate this header with a HTTPAPI function?
Thanks, regards!
Gerardo
I'm making a request against a webservice with http_url_post_stmf function. This request only check the webservice status. The web service require authentication.
Basically this is my code:
http_setAuth( HTTP_AUTH_BASIC
: %trim(Usuario)
: %trim(Contrase) );
rc = http_url_post_stmf(%trim(httpurl)
: %trim(inpfile)
: %trim(outFile)
: 120
: HTTP_USERAGENT
: 'text/xml;charset=UTF-8'
: %trim(SoapAct));
The post function fails. Mi http_log say:
Authorization: Basic UHJveGl1bVdTOlBYQ2xpZW50ZXNXUw==
The response xml say:
<SOAP-ENV:Fault>
<faultcode>wsse:FailedAuthentication</faultcode>
<faultstring>The security token could not be authenticated or authorized</faultstring>
<detail></detail>
I'm trying set user and password with HTTP_SETAUTH function, but it don't works. I tried with all options: HTTP_AUTH_NTLM, HTTP_AUTH_MD5_DIGEST and
HTTP_AUTH_BASIC.
Anyway, I tested with SOAPUi app and it works fine.
The webservice admin said me that in the log appears the follow string for authentication as HEADER SECTION:
---- webservice log - begin -------------------------
<soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id=
"UsernameToken-D1C0FA819A1166BA9C16783646053262">
<wsse:Username>UserWS</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/ ... sswordText">
PasswordWS</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-soap-message-security-1.0#Base64Binary">X8vCvBOX5zZ+5SH/dC3mvg==</wsse:Nonce>
<wsu:Created>2023-03-09T12:23:25.326Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
---- webservice log - end -------------------------
I copied and pasted this header in my RPG program and worked fine.
But I have to do my program allow to use parameters dynamically, taking user and password as need.
Does anyone knows how I can replicate this header with a HTTPAPI function?
Thanks, regards!
Gerardo