Hi
I am going to provide a virtual service which just forwards the client request to a native REST service . The native REST service asks for OAuth2 authentication.
I get ever the Mediator error bellow regarding invalid authentication but the token is for sure not expired :
error_description=[ISS.0010.8044] Integration Server rejected the request to access this resource. The access token is either invalid or expired.
Is there a sloluiton or a tutorial for creation of such virtual service with abvoe requireement

Thanks
Peter

Hi Peter ,

Are you passing the access_token from virtual service to native REST service ?

Hi Rakesh
1)I am sending from client side (for example SOAPUI) the request which contains the access_tocken to virtual service.
The virtual service has only to forward my request with the tocken to the server with the native service. The native service is running on a apache web server.

2. My virtual service does not contain any configuration for OAuth authentication

In the virtual service configuration

Do not include the “Require HTTP Basic Authentication” action in a virtual service’s run-time policy if you selected the OAuth2 option in the virtual service’s Routing Protocol step.

I have not at all configuration regarding authentication in my virtual service!!!
Shall I configure it with that policy?

Hi Peter ,

Can you please attach the screenshot for the Request Processing and Routing Protocols from the Processing Steps tab of the virtual service.

Atttached two screenshots

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/c44a918b34dd9d3b8fa0debf63480a888dabe052_2_1035x328.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/c44a918b34dd9d3b8fa0debf63480a888dabe052_2_1380x438.png 2x" data-dominant-color="F9F9F9">

F1.png1576×501 32.4 KB

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/5dcedf7584a0fd3133ddaa4531d505e6a70685b7_2_1035x337.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/5dcedf7584a0fd3133ddaa4531d505e6a70685b7_2_1380x450.png 2x" data-dominant-color="F7F8F9">

F2.png1475×482 38.2 KB

In the Straight through Routing , you need to set HTTP Authentication to use OAuth2 and leave the default option Use credentials from incoming request.

You can refer to the documentation 9-12_Run_Time_Governance_with_CentraSite.pdf – chapter 5 Virtualized Services in CentraSite → section The “Straight Through” Routing Protocol Step (REST/XML).

Unfortunatelly does not work.Your suggestion seems refer to old CS UI where everything was in one tab (see image “1” attached now)
The only configuration I can find and match your suggestion is the one you can see in attached (see image “2” attached now)
Regarding documetaion , can you atttached it ?

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/84510060dbd48fb0c76f15195a5bd884da2a4bf4_2_1035x387.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/84510060dbd48fb0c76f15195a5bd884da2a4bf4_2_1380x516.png 2x" data-dominant-color="F7F9F9">

F6.png1577×590 43.3 KB

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/53a7395bbd614aeab3b18fc6a150ecb060138838_2_1035x277.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/53a7395bbd614aeab3b18fc6a150ecb060138838_2_1380x370.png 2x" data-dominant-color="F6F7F7">

F4.png1659×445 56.4 KB

I checked the documentation you refer too . This is confusing and wrong ! There is no option in CS new UI (BusinessUI) to selecte
"Use credentials from incoming request !
(attached one screenshot)

[/quote]

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/41fb8b0eff787c4a400ca2be9c9a0f45c0d60100_2_1035x489.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/41fb8b0eff787c4a400ca2be9c9a0f45c0d60100_2_1380x652.png 2x" data-dominant-color="F3F3F3">

F7.png1453×688 139 KB

[/quote]

Yes , the document does not seem to be updated as per the latest version of the Centrasite UI.

Can you please tell which version of Centrasite are you using.

This is the version:
CentraSite Registry/Repository :9.7
Business UI Version: 9.7

Hello,

I too face the same issue. I did not configure any oauth settings in Centrasite 9.8, it’s just a proxy setup on Centrasite where we are passing the request AS-IS which is coming from the source to the target server. And we are getting the below error when tested with SOAP UI.

[ISS.0010.8044] Integration Server rejected the request to access this resource. The access token is either invalid or expired.

Has anyone faced this issue? Please advice if you have any solution.

Regards
Prabhu

Hi,

we’re also facing the same problem on Centrasite 9.7.

We have created a Virtual Rest Service that passes through to a target Rest Service that is protected by OAuth2.

Then trying to call the Virtual Rest Service from SOAPUI, we have:

• used SOAP UI to retrieve an Access Token
• added the Access Token as an Authorization HTTP Header
• but calling the GET method we get

“error_description=[ISS.0010.8044] Integration Server rejected the request to access this resource. The access token is either invalid or expired.”

The Virtual Rest Service has been configured with OAuth2, no Basic Authn.

This doesn’t sound like an unusual use case - has anyone got this working?

regards
Dennis

Hi Dennis,

You need to add the extended setting watt.server.auth.skipForMediator=true on your mediator IS to get ride of that error. Restart your server for the changes to be affected.

I got this issue resolved for adding this setting but my test is not completely done. I had another issue after that, the Authorization: “Bearer” which I am setting in my headers in soapui was not being passed in the request header hence I get a response back from server saying error : Not Authenticated .

Any inputs from anyone in this case?

Regards
Prabhu

Hi Prabhu,

thanks for responding. We’ve set the watt.server.auth.skipForMediator to true which, if I understand correctly, stops Mediator from trying to authenticate the Access Token in the request.

We are now getting the same error as you, the 401 Unauthorized:

Mon Jun 04 11:21:06 BST 2018: DEBUG:Receiving response: HTTP/1.1 401 Unauthorized
Mon Jun 04 11:21:06 BST 2018: DEBUG:Connection can be kept alive indefinitely
Mon Jun 04 11:21:06 BST 2018: DEBUG:Target requested authentication
Mon Jun 04 11:21:06 BST 2018: WARN:Authentication error: Unable to respond to any of these challenges: {}

regards
Dennis