cancel
Showing results for 
Search instead for 
Did you mean: 

Application Integrator with Basic Authentication Web Application.

Former Member
0 Kudos
115

Hi,

I am trying to integrate web application that has basic

authentication using application integrator. I have two

questions about:

1. When "at" (@) sign is part of mapped username or password

- how it can be passed? This sign is part of

UserMappingTemplate too and it doesn't work when url

looks like http://user:pass@word@site.com/

2. If external application has same username and password

like the portal's ones - how it can be used instead of

user mapping?

Thank you,

Yuri

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

I have the exact same problem...

Anybody got through or around this ? How do you do user mapping to a standard basic authentication site ?

0 Kudos

Hi,

for the 1. part of your question i have no answer. Sorry.

For the 2. part i use the "User Mapping Type" in the system definition with the value admin. Then go to the UserMapping and define a mapping for the system.

Stephan

Former Member
0 Kudos

Hi,

I tried to integrate my BASIC authenticated web app with the app integratior.

When I call the page with the iview I see (through a tool) that the browser requests the correct page like https://user:pw@server.com.

But the page cannot displayed since Microsoft has shipped a patch for the IE and you cannot call a Basic Authentication through a URL directly. Is there an other way to call a Basic Auth. Web app? A solution where you don't have to change code at the target app? Not like the one described in 'Enabling SSO from EP to Non-SAP-Apps'?

Regards Ralph

Former Member
0 Kudos

Ralph,

basically there is a way of logging on to a basic secured side other than using the "@"-approach. HTTP basic credentials are transferred in the HTTP headers of a client's request. Thus, by creating appropiate headers on your own you could log on.

But: This would require you to proxy all HTTP requests to the target application and include the authentication header (HTTP authentication is not only sent for the first request but also for all subsequent requests to this page) . This is a feature, EP does not support. So, if you need a solution that runs with the portal's included mechanisms , the answer is "no" (sad as it is).

Alternatively, the changed bahaviour that came with the IE's security patch can be switched off resp. reversed to the earlier befault behaviour by the use of a registry key. A google search should bring you to the correct key.

Regards,

Dominik

Former Member
0 Kudos

Dominik,

thanx a lot for your answer. But as we plan our portal for about 10.000 users, the security admins won't be really amused if we try to change the registry

But your suggestion for the HTTP authentication sounds interesting. Does that mean there is a servlet which

gets all the requests for the BASIC auth. web app and enriches the http header with the user / password?

The user / password should then be read from the user mapping.

Is the solution sth. like:

http://www.unix.org.ua/orelly/java-ent/servlet/ch08_01.htm

Or do you have a working example?

Thanks in advance

Regards

Ralph

Former Member
0 Kudos

Ralph,

Yes, basically the idea is shown at the URL you provided. If you intend to code your own solution, you would additionally need to be aware of these issues:

- user ID and password required for HTTP basic authentication will need to be retrieved from the use mapping (there is a portal API for this...)

- You will have to add the HTTP basic header to all requests that go to the target application (think of js files, images etc. that are included in an HTML page). Essentially you will have to build up a real proxy server as an iview. This will definitely be no trivial task.

So if you need a solution very soon, I would suggest to get in touch again with your security guys and discuss this registry thing. If you are using active directy in your windows landscape, a simple group policy should be sufficient for changing the reg value to its earlier default behaviour. Alternatively, you might take a look around what proxy servers with the option to integrate HTTP basic are there on the market.

Lastly, if the application to be integrated had been developed in-house, you might want to talk with these guys about other authentication variants. Maybe they can include SAP Logon Ticket support or form based authentication (instead of basic this approach will only need to pass a user's credentials on its first request per session)?

Regards,

Dominik

Former Member
0 Kudos

Hi Dominik,

thanks a lot.

As all the webapps are developed in-house it seems to be the most uncomplicated way to develop a new form based login page. (Or develop a login library like it is described in the article 'Enabling SSO ...')

All the other solutions (maybe except the commercial HTTP Proxy Servers) seems to lead in errors and long night debugging sessions.

Thnanks and

Regards

Ralph

Former Member
0 Kudos

Ralph,

good to hear this. Most probably you will have less trouble with a form-based login.

As it looks as if your question is answered, would you mind marking it likewise. Ah, and you might also consider to find out what is hidden behind that yellow star symbol

Former Member
0 Kudos

Hi Dominik,

I probably would, but as I am not the author of the initial question I can't give you any points and I can not mark this question as answered.

Sorry for that

Regards

Ralph