Re: Web Services and WebAuth
Hi Joe, Sorry for the late reply! LJ is right! The problem is that --- The script, before it could reach Remedy web service should be authenticated by WebAuth(which uses Kerberos)! One of my friend is working on finding an alternative to bypass this without breaching security! Meanwhile, to continue with the testing, we have come up with a temporary fix - to allow the server of the external application to be added in the exclude ip address list of the WebAuth! Though it doesnt seems to be OK security-wise, temporarily we are going to use this method! Will update once i get a proper solution for this! Thanks, Gifthia On Mon, Jun 11, 2012 at 5:33 AM, Longwing, LJ CTR MDA/IC < lj.longwing@mda.mil> wrote: > Joe, > The only SSO I've ever worked on was based on the community sample > one...but the way we implemented it was to Kerberos protect the /arsys > context. This made it so that you couldn't even get to the web service > without first Kerberos authenticating. I suspect that this is the problem > that Gifthia is experiencing. > > -Original Message- > From: Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] On Behalf Of Joe Martin D'Souza > Sent: Friday, June 08, 2012 2:49 PM > To: arslist@ARSLIST.ORG > Subject: Re: Web Services and WebAuth > > OK I admit I have never done this before but isn't this what the web > service authentication from the mid-tier is for where you specify the > anonymous user and its password? > > -Original Message- > From: Longwing, LJ CTR MDA/IC > Sent: Friday, June 08, 2012 1:18 PM Newsgroups: > public.remedy.arsystem.general > To: arslist@ARSLIST.ORG > Subject: Re: Web Services and WebAuth > > Gifthia, > Being you are building the WebAuth...you should be able to build something > that says > > 1 - Connection attempt is being made > 2 - Prompt for validation (whatever method you are using for that > validation 2a - If they provide proper validation, pass that validation > onto the application and give them what they need (this is what you are > already > doing) > 2b - If they can't/won't provide proper validation ( the scenario you are > trying to make work), pass them onto the application as anonymous (this > would be just like not having SSO in place) > > -Original Message- > From: Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] On Behalf Of Remedy Guy > Sent: Friday, June 08, 2012 11:10 AM > To: arslist@ARSLIST.ORG > Subject: Re: Web Services and WebAuth > > ** Hi Joe, > > This is not Cisco WebAuth! But, an internally developed one! > Thanks for your help! > > In a nutshell, my problem is that - the applications are protected by > WebAuth! So, before the external application reaches the webservice > published from Remedy Application, it should authenticate with WebAuth! So, > I need to figure out a way in which the external application can by pass > WebAUth and contact web services directly! I am just stuck wondering which > direction should i head towards first?!? > > Thanks, > Gifthia > > > > On Thu, Jun 7, 2012 at 8:38 PM, Joe Martin D'Souza > wrote: > > > Gifthia > > Is it Cisco WebAuth? > > I am currently dealing with web services issues too (not authentication) > but > am interested in your thread for that reason. I do not know what your > problem may be but wish to follow this thread.. If I do get some > information > related to this I'll share.. > > Joe > > -Original Message- From: Gifthia > Sent: Thursday, June 07, 2012 5:52 PM Newsgroups: > public.remedy.arsystem.general > To: arslist@ARSLIST.ORG > Subject: Web Services and WebAuth > > Hi Friends! > > We use ARS 7.1 patch 6, Unix Server! > > We have published web services to communicate with an Oracle eAM > application! > > The problem is - We use SSO / WebAuth for authentication for all > applications used! > So, when the external application is trying to call the Web Service, it > needs to be WebAuthed first (obviously)! > > Is there a way, we can make the webservice bypass WebAuth by any means? Or > does Web Service support WEBAUTH if i change any settings! > > I am new to this area and stuck with this?It will be great if someone can > help me on this! > > Thanks, > Gifthia > > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > > > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > > >
Re: Web Services and WebAuth
Joe, The only SSO I've ever worked on was based on the community sample one...but the way we implemented it was to Kerberos protect the /arsys context. This made it so that you couldn't even get to the web service without first Kerberos authenticating. I suspect that this is the problem that Gifthia is experiencing. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Joe Martin D'Souza Sent: Friday, June 08, 2012 2:49 PM To: arslist@ARSLIST.ORG Subject: Re: Web Services and WebAuth OK I admit I have never done this before but isn't this what the web service authentication from the mid-tier is for where you specify the anonymous user and its password? -Original Message- From: Longwing, LJ CTR MDA/IC Sent: Friday, June 08, 2012 1:18 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: Web Services and WebAuth Gifthia, Being you are building the WebAuth...you should be able to build something that says 1 - Connection attempt is being made 2 - Prompt for validation (whatever method you are using for that validation 2a - If they provide proper validation, pass that validation onto the application and give them what they need (this is what you are already doing) 2b - If they can't/won't provide proper validation ( the scenario you are trying to make work), pass them onto the application as anonymous (this would be just like not having SSO in place) -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Remedy Guy Sent: Friday, June 08, 2012 11:10 AM To: arslist@ARSLIST.ORG Subject: Re: Web Services and WebAuth ** Hi Joe, This is not Cisco WebAuth! But, an internally developed one! Thanks for your help! In a nutshell, my problem is that - the applications are protected by WebAuth! So, before the external application reaches the webservice published from Remedy Application, it should authenticate with WebAuth! So, I need to figure out a way in which the external application can by pass WebAUth and contact web services directly! I am just stuck wondering which direction should i head towards first?!? Thanks, Gifthia On Thu, Jun 7, 2012 at 8:38 PM, Joe Martin D'Souza wrote: Gifthia Is it Cisco WebAuth? I am currently dealing with web services issues too (not authentication) but am interested in your thread for that reason. I do not know what your problem may be but wish to follow this thread.. If I do get some information related to this I'll share.. Joe -Original Message- From: Gifthia Sent: Thursday, June 07, 2012 5:52 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Web Services and WebAuth Hi Friends! We use ARS 7.1 patch 6, Unix Server! We have published web services to communicate with an Oracle eAM application! The problem is - We use SSO / WebAuth for authentication for all applications used! So, when the external application is trying to call the Web Service, it needs to be WebAuthed first (obviously)! Is there a way, we can make the webservice bypass WebAuth by any means? Or does Web Service support WEBAUTH if i change any settings! I am new to this area and stuck with this?It will be great if someone can help me on this! Thanks, Gifthia ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: Web Services and WebAuth
OK I admit I have never done this before but isn't this what the web service authentication from the mid-tier is for where you specify the anonymous user and its password? -Original Message- From: Longwing, LJ CTR MDA/IC Sent: Friday, June 08, 2012 1:18 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: Web Services and WebAuth Gifthia, Being you are building the WebAuth...you should be able to build something that says 1 - Connection attempt is being made 2 - Prompt for validation (whatever method you are using for that validation 2a - If they provide proper validation, pass that validation onto the application and give them what they need (this is what you are already doing) 2b - If they can't/won't provide proper validation ( the scenario you are trying to make work), pass them onto the application as anonymous (this would be just like not having SSO in place) -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Remedy Guy Sent: Friday, June 08, 2012 11:10 AM To: arslist@ARSLIST.ORG Subject: Re: Web Services and WebAuth ** Hi Joe, This is not Cisco WebAuth! But, an internally developed one! Thanks for your help! In a nutshell, my problem is that - the applications are protected by WebAuth! So, before the external application reaches the webservice published from Remedy Application, it should authenticate with WebAuth! So, I need to figure out a way in which the external application can by pass WebAUth and contact web services directly! I am just stuck wondering which direction should i head towards first?!? Thanks, Gifthia On Thu, Jun 7, 2012 at 8:38 PM, Joe Martin D'Souza wrote: Gifthia Is it Cisco WebAuth? I am currently dealing with web services issues too (not authentication) but am interested in your thread for that reason. I do not know what your problem may be but wish to follow this thread.. If I do get some information related to this I'll share.. Joe -Original Message- From: Gifthia Sent: Thursday, June 07, 2012 5:52 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Web Services and WebAuth Hi Friends! We use ARS 7.1 patch 6, Unix Server! We have published web services to communicate with an Oracle eAM application! The problem is - We use SSO / WebAuth for authentication for all applications used! So, when the external application is trying to call the Web Service, it needs to be WebAuthed first (obviously)! Is there a way, we can make the webservice bypass WebAuth by any means? Or does Web Service support WEBAUTH if i change any settings! I am new to this area and stuck with this?It will be great if someone can help me on this! Thanks, Gifthia ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: Web Services and WebAuth
Gifthia, Being you are building the WebAuth...you should be able to build something that says 1 - Connection attempt is being made 2 - Prompt for validation (whatever method you are using for that validation 2a - If they provide proper validation, pass that validation onto the application and give them what they need (this is what you are already doing) 2b - If they can't/won't provide proper validation ( the scenario you are trying to make work), pass them onto the application as anonymous (this would be just like not having SSO in place) -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Remedy Guy Sent: Friday, June 08, 2012 11:10 AM To: arslist@ARSLIST.ORG Subject: Re: Web Services and WebAuth ** Hi Joe, This is not Cisco WebAuth! But, an internally developed one! Thanks for your help! In a nutshell, my problem is that - the applications are protected by WebAuth! So, before the external application reaches the webservice published from Remedy Application, it should authenticate with WebAuth! So, I need to figure out a way in which the external application can by pass WebAUth and contact web services directly! I am just stuck wondering which direction should i head towards first?!? Thanks, Gifthia On Thu, Jun 7, 2012 at 8:38 PM, Joe Martin D'Souza wrote: Gifthia Is it Cisco WebAuth? I am currently dealing with web services issues too (not authentication) but am interested in your thread for that reason. I do not know what your problem may be but wish to follow this thread.. If I do get some information related to this I'll share.. Joe -Original Message- From: Gifthia Sent: Thursday, June 07, 2012 5:52 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Web Services and WebAuth Hi Friends! We use ARS 7.1 patch 6, Unix Server! We have published web services to communicate with an Oracle eAM application! The problem is - We use SSO / WebAuth for authentication for all applications used! So, when the external application is trying to call the Web Service, it needs to be WebAuthed first (obviously)! Is there a way, we can make the webservice bypass WebAuth by any means? Or does Web Service support WEBAUTH if i change any settings! I am new to this area and stuck with this?It will be great if someone can help me on this! Thanks, Gifthia ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: Web Services and WebAuth
Hi Joe, This is not Cisco WebAuth! But, an internally developed one! Thanks for your help! In a nutshell, my problem is that - the applications are protected by WebAuth! So, before the external application reaches the webservice published from Remedy Application, it should authenticate with WebAuth! So, I need to figure out a way in which the external application can by pass WebAUth and contact web services directly! I am just stuck wondering which direction should i head towards first?!? Thanks, Gifthia On Thu, Jun 7, 2012 at 8:38 PM, Joe Martin D'Souza wrote: > Gifthia > > Is it Cisco WebAuth? > > I am currently dealing with web services issues too (not authentication) > but am interested in your thread for that reason. I do not know what your > problem may be but wish to follow this thread.. If I do get some > information related to this I'll share.. > > Joe > > -Original Message- From: Gifthia > Sent: Thursday, June 07, 2012 5:52 PM Newsgroups: > public.remedy.arsystem.general > To: arslist@ARSLIST.ORG > Subject: Web Services and WebAuth > > Hi Friends! > > We use ARS 7.1 patch 6, Unix Server! > > We have published web services to communicate with an Oracle eAM > application! > > The problem is - We use SSO / WebAuth for authentication for all > applications used! > So, when the external application is trying to call the Web Service, it > needs to be WebAuthed first (obviously)! > > Is there a way, we can make the webservice bypass WebAuth by any means? Or > does Web Service support WEBAUTH if i change any settings! > > I am new to this area and stuck with this?It will be great if someone can > help me on this! > > Thanks, > Gifthia > __**__** > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: Web Services and WebAuth
Gifthia Is it Cisco WebAuth? I am currently dealing with web services issues too (not authentication) but am interested in your thread for that reason. I do not know what your problem may be but wish to follow this thread.. If I do get some information related to this I'll share.. Joe -Original Message- From: Gifthia Sent: Thursday, June 07, 2012 5:52 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Web Services and WebAuth Hi Friends! We use ARS 7.1 patch 6, Unix Server! We have published web services to communicate with an Oracle eAM application! The problem is - We use SSO / WebAuth for authentication for all applications used! So, when the external application is trying to call the Web Service, it needs to be WebAuthed first (obviously)! Is there a way, we can make the webservice bypass WebAuth by any means? Or does Web Service support WEBAUTH if i change any settings! I am new to this area and stuck with this?It will be great if someone can help me on this! Thanks, Gifthia ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"