Non-Preemptive Authentication in WsConsumer

Situation: When using SOAP UI, there is a HTTP authentication property entitled "Authenticate Preemptively"

ws1.png

 

Authenticate Preemptively

Send Authentication headers with each request without first receiving an authentication challenge. This is a potential security hazard but will improve performance since only one request will be required for authenticated endpoints instead of two

 

If this property is unchecked then a property SMCHALLENGE=YES  is set in the HTTP header cookie otherwise it is equal to NO .

ws2.png

 

The situation occurs when the client service doesn’t require Preemptive Authentication (which means it requires SMCHALLENGE=YES in the cookie header), because Adeptia enforces Preemptive Authentication by default . Therefore you may receive a 403 Forbidden error (In other words, the server can be reached, but the server declined to allow access to the page) .

Solution:

1. Attach the security policy with Authentication credentials in WsConsumer activity
2. Turn on the Maintain Session property of the WsConsumer .

ws3.png

3. Create a custom plugin activity with following line of code :

import java.util.ArrayList;

ArrayList cookieList=new ArrayList ();

cookieList.add("SMCHALLENGE=YES");

context.put("Cookie",cookieList);

 Place this custom plugin (Consume stream=false , Generate stream=false) as the first activity in the process flow .

Have more questions? Submit a request

0 Comments

Article is closed for comments.