I am pretty sure you can return data by passing in argument to an SP service through a browser, firefox in my case. I am trying to use the GetGroupCollectionFromUser from the UserGroup.asmx service.
I think the url should be along the lines of h.ttp://site/mysitecollection/_vti_bin/UserGroup.asmx?op=GetGroupCollectionFromUser&query=domain/user
I tried this and got error(below) with authentication.
The system cannot contact a domain controller to service the authentication request
You can to use REST services from browser. For your task use this url http://mysharepoint2013portal/_api/site/rootweb/GetUserById(usrID)/groups
Hope it help to you.
Related
I'm trying to understand the process of login to a website using the Network tab on Google Chrome because I have to use that process for autenticate accounts on an mobile application.
The login is completed when I reach the page "HomepageStudente.do", but I don't understand how to replicate all this on Postman. I've tried to do this:
Right-click on the SSO request
Copy as Curl (bash)
And it seems to work, but when I do the same thing with the second request (POST) I get a different message compared to the one on the Network tab.
Those 3 calls are based on automatic redirect by the browser, and I don't understand how to replicate it on Postaman. Is this possibile to do? Any other suggestion on how to use those requests for authenticate an account outside the website (example mobile app)?.
Thanks
I'm trying to hit a web service using RestAssured. I'm struggling with authentication which is actually performed by a third party system. Details are given below:
My web service requires session ID & Cookie in the request header. Otherwise the service call will be failed.
For that I need to fetch Session Id & Cookie after the authentication.
Authentication is done by third party service and it takes the windows credentials for authentication.
When I launch my app URL on browser, say: 'XYZ.com/dim' it will be redirected to authentication service using a URL like:
http://hantweb.DOMAIN.com/authenticate/encdefault.asp?location=XYZ.com/dim
After the authentication it will again be redirected to actual application back.
I tried below code but it says: "401 - Unauthorized: Access is denied due to invalid credentials." even though my credentials are correct.
RestAssured.given().auth().basic("userID", "password").get("http://hantweb.DOMAIN.com/authenticate/encdefault.asp?location=XYZ.com/dim")
I'm confused no idea what I've missed here..
I did some trial and error and finally understood that I need to use .auth().ntlm(userId, password,"","") as the authentication. Here I'm using windows credentials as basic or any other auth type won't work in this case.
This answer can help someone in need.
I have a web service which is validated by OAuth (Authorization code).
I am using Oracle IDM stack (OAM /Oath service , OES etc).
The issue is - I want to have OAUth validation only when a webService API is processed at the backend, but not when a client is just browsing a WSDL or XSD.
In my current implementation, I am using filter in the web.xml and I have added web service name ( which is web service Servlet) URL in the filters. The url to browse the service and execute the service, will have same name except the ?WSDL at the end of the URL, in case of WSDL/XSD query.
So, the problem is when I query WSDL, then also it goes goes via OAuth validation, which I don't want!
I tried to add logic to determine if the http query string is ?WSDL then by pass OAUTH validation, but it does not work because clients like SOAP UI and others can actually use ?WSDL in the URL, to even execute the web service API, which sort of fails the whole validation purpose.
Has anyone come across similar issue? how to resolve this issue ?
I am trying to create an authentication in ADF mobile where the login URL is the peoplesoft login page. When i give in the username and password in the emulator, it throws an error.\
Terminating
Authentication URL responded with an illegal response code.
It is not basic authentication end point.
Please contact administrator
I have followed the following tutorial
https://blogs.oracle.com/shay/entry/accessing_secure_web_services_from
Here instead of creating a remote secured login server, I want to use peoplesoft to authenticate.Any Ideas?
I have also seen somewhere that you can authenticate each web service you call by adding the username and password in the SOAP header. Any tutorials for ADF would be much appreciated and #Shay Shmeltzer any ideas would be helpful
Thanks
Oracle MAF only supports security authentication against HTTP Basic Authentication pages, so I don't think you can use peoplesoft login page to authenticate neither your application nor you web services.
Otherwise you can create a secure ADF page the validates login through peoplesoft login credentials(username-password) then deploy that page to a server and secure your MAF application using that page.
Some useful links
Accessing Secure Web Services from ADF Mobile
ADF Mobile - Secured Web Service Access
ADF Mobile Application Security
And about your second question yes you can customize the envelop header being send from MAF application to a soap webservice (add username and password or any other attributes) by extending the SOAPProvider class and add it to the datacontrol.dcx file as the provider for the webservice.
The only example I can find online
http://docs.oracle.com/cd/E37975_01/doc.111240/e24475/amxwebservices.htm#autoId3
everyone.
I have a problem securing my REST web service. It's part of Java EE web application. To secure the pages I used login-config tag and set up "FORM" authentication. Now I don't know how to secure web services, because "FORM" is not appropriate for it and I can't have two login-config tags for app. I considered splitting into 2 apps, but don't think it's a good idea. Any suggestions?
This has info on how to create secured web services using NetBeans: http://netbeans.org/kb/docs/websvc/wsit.html
Many web service providers use an api key to authenticate access to the service. You may want to consider doing something similar for your service.
It is pretty common for the REST API to have a separate subpath - that way you can specify the auth constraint just to the URL's specific to your application and for the URI's corresponding to your REST API implement authentication using jersey OAuth filter or something else.
In case your app is all written in Jersey and you would like to expose exactly the same URI's for REST clients as well as browser (and differentiate just based on the requested media type), you can have a "login" URL (for displaying a login page) and only that you could protect using FORM authentication. Then again you would add Jersey OAuth filter (or other auth filter) which would not kick in unless there is OAuth header in the request, and another filter where you would check if ContainerRequest.getUserPrincipal() is null. If it is null, you could return Response.seeOther(UriBuilder.fromPath("/login").queryParam("redirect", request.getAbsolutePath()).build()).build() - that will redirect to the login (for oauth this would not kick in, since either the oauth request would succeed, or the previous filter would fail and return Unauthorized or Bad Request status codes). In the login resource you can use the redirect query parameter to redirect back to the original page once successfully logged in.