App Connect

App Connect

Join this online user group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.


#Applicationintegration
#App Connect
#AppConnect
 View Only

  • 1.  Multiple levels of authorization for SOAPRequest node

    Posted Fri August 28, 2020 09:16 AM
    So we are running IBM ACE 11.0.0.9 on CP4I on OpenShift, and we are having a challenge with one of our integrations.

    Here's the scenario:
    We're using a SOAPRequest node which requires two levels of authorization. So the first level is the Authorization header which I can set with the SOAPRequest node's securityProfileName property combined with the mqsisetdbparms command.

    The second level of authorization is also in the SOAP header, but is in a different format, with another username and password, each in separate elements.

    So the complete SOAP header element will look something like this:
    <soapenv:Header> <Authorization>Basic dXNlcmFiYzpwYXNzMTIz</Authorization> <ServiceUsername>user123</ServiceUsername> <ServicePassword>pass123</ServicePassword> </soapenv:Header>​

    Both of the authorization levels must be secret (stored so that only authorized personell may see it). The first level is handled by securityProfileName and mqsisetdbparms, but I don't know how to handle the second level.

    Does anyone here know how I can handle this?

    ------------------------------
    Andreas Bradahl
    ------------------------------


  • 2.  RE: Multiple levels of authorization for SOAPRequest node

    Posted Fri August 28, 2020 10:26 AM
    Edited by Martin Citron Fri August 28, 2020 10:27 AM
    You can use WS-Security UserName Token Profile with SOAPRequest node or Basic HTTP Authentication when HTTP transport is used.
    For WS-Security you must specify SecurityProfile ("Default_Propagation" when username and password are stored directly in Properties or your own) and then assign PolicySet and PolicySetBinding to corresponding SOAPRequest node. See https://www.ibm.com/support/knowledgecenter/SSTTDS_11.0.0/com.ibm.etools.mft.doc/ac60160_.html#ac60160_05
    https://www.ibm.com/support/knowledgecenter/SSTTDS_11.0.0/com.ibm.etools.mft.doc/ac60110_.html
    https://www.ibm.com/support/knowledgecenter/SSTTDS_11.0.0/com.ibm.etools.mft.doc/ac56090_.html

    For basic HTTP authentication you have to specify username and password ("Default_Propagation" when username and password are stored directly in Properties or your own) see https://www.ibm.com/support/knowledgecenter/SSTTDS_11.0.0/com.ibm.etools.mft.doc/bp19260_.html

    Custom security headers must be implemented by ESQL, JCN or mapping node. 

    From your example it seems like you probably want to use HTTP Basic Auth and then some custom security header. Is it so?

    ------------------------------
    Martin Citron
    Prague
    ------------------------------

    Original Message


  • 3.  RE: Multiple levels of authorization for SOAPRequest node

    Posted Mon August 31, 2020 06:56 AM
    Hi Andreas,
    as indicated by Martin I would suggest you create the SOAP yourself and use HTTPRequest node.
    This article might help
    https://www.ibm.com/support/knowledgecenter/SSTTDS_11.0.0/com.ibm.etools.mft.doc/bc28211_.html

    ------------------------------
    Matthias Jungbauer
    ------------------------------

    Original Message


  • 4.  RE: Multiple levels of authorization for SOAPRequest node

    Posted Tue September 01, 2020 02:46 AM
    Edited by Andreas Bradahl Tue September 01, 2020 07:00 AM
    Thank you for your thorough answer, Martin. It seems as if the service itself is having some issues, so I haven't been able to test this yet, but I'll let you know if I can get this to work.

    ------------------------------
    Andreas Bradahl
    ------------------------------

    Original Message


Related Content