Non-Preemptive Authentication in WsConsumer

Situation: When using SOAP UI, there is a HTTP authentication property entitled "Authenticate Preemptively"



Authenticate Preemptively

Send Authentication headers with each request without first receiving an authentication challenge. This is a potential security hazard but will improve performance since only one request will be required for authenticated endpoints instead of two


If this property is unchecked then a property SMCHALLENGE=YES  is set in the HTTP header cookie otherwise it is equal to NO .



The situation occurs when the client service doesn’t require Preemptive Authentication (which means it requires SMCHALLENGE=YES in the cookie header), because Adeptia enforces Preemptive Authentication by default . Therefore you may receive a 403 Forbidden error (In other words, the server can be reached, but the server declined to allow access to the page) .


1. Attach the security policy with Authentication credentials in WsConsumer activity
2. Turn on the Maintain Session property of the WsConsumer .


3. Create a custom plugin activity with following line of code :

import java.util.ArrayList;

ArrayList cookieList=new ArrayList ();



 Place this custom plugin (Consume stream=false , Generate stream=false) as the first activity in the process flow .

Have more questions? Submit a request


Article is closed for comments.