Cloud Pak for Business Automation

 View Only
  • 1.  CWXSD1028 - Response Code 401 Unauthorized

    Posted Tue January 17, 2023 09:59 AM
    Hi guys,
    I am having a problem connecting an API (hosted on API Connect).
    I have created an *External service (For a Rest api) and a Server (Rest Server) in BAW,
    When testing using a ServiceFlow it gives me the error 401 Unauthorized,
    although I have everything configured ( hostname, port, and i´m binding the client id and client secret as well), is there any way to solve or bypass this? meanwhile its works on Postman after disabiling the SSL configuration.
    any tips?
    Thanks

    ------------------------------
    Joel Neto
    ------------------------------


  • 2.  RE: CWXSD1028 - Response Code 401 Unauthorized

    Posted Wed January 18, 2023 02:17 AM

    Hi Joel,

    can you elaborate what you mean by "binding the client id and client secret as well"?

    I don't think there is a feature in BAW to use a client_id and client_secret to obtain an access_token and in turn use it for calling a REST API. You may have provided these client credentials for basic auth, which is not expected to work.

    Also, can you see the exact HTTP request sent by Postman in your browser's network view? Is there a request header "Authorization"? Does it start with Basic or Bearer?



    ------------------------------
    Jens Engelke
    ------------------------------



  • 3.  RE: CWXSD1028 - Response Code 401 Unauthorized

    Posted Thu January 19, 2023 05:08 AM
    Edited by Joel Neto Thu January 19, 2023 05:09 AM
    Thanks for the feedback and help Jens,
    I will elaborate more, if you need any additional information after this please let me know.

    Yes,
    I have an API (which is published in the product catalog on IBM API Connect), in this API the client secret and the client ID were configured, and the plan to be able to use the API.

    I have it configured in postman for testing, where in the Header I have the following parameters:

    1. key: accept - value: application/json
    2. key: Client-id - value: xxxxxxxxxxxxxxx
    3. key: client-secret - value: yyyyyyyyyyy

    Note: To be able to test through postman, it was necessary to disable SSL certificate validation
    (Enable SSL certificate verification - Verify SSL certificates when sending a request. Verification failures will result in the request being aborted - OFF).

    In BAW, I created an external service (using .yaml API, downloaded from API Connect) by following these steps:
    1. Service-> New External Service -> "Java, Rest or Web Service"
    2. Rest service from a local file -> Select The Operation name
    3. Create a new Server
    4. In the new Server i have this configurations
    5. Hostname: *****, Port: ****, Secured Server (checked)

    To test i have created a service Flow, with a service task in flow implementing operations a want to test (SearchId)
    I get this error when I test (debug ou running the service flow):

    CWTBG0019E: Unexpected exception during execution. Exception information:
    'com.lombardisoftware.component.common.workflow.WorkflowProcessItemException: An exception occurred in activity "Script Task" of "Service ... javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException:
    unable to find valid certification path to requested target"

    So i proceed with External service configurations:

    6. In the External Server i have this configurations (Details tab, Binding tab, Source tab)
    7. In the Binding tab, i have:
    a. Binding type: rest
    b. Server: my server created at point 3 and 4
    c. Authentication through 'Cient Secret' - (here i pass the client secret value)
    d. Authentication through 'Cient id' - (here i pass the client id value)

    Repeating the test i have this error:
    CWTBG0019E: Unexpected exception during execution. Exception information:
    Service Flow" with name "Search for Document Id Number". Task instance id "Task.25659". Details: "CWXSD102SE: The operation
    'searchld' with HTTP method 'GET' returned an unexpected response status code '401 with response message 'Cnauthorized"'

    Any ideia or workAround?
    Thanks


    ------------------------------
    Joel Neto
    ------------------------------



  • 4.  RE: CWXSD1028 - Response Code 401 Unauthorized

    Posted Thu January 19, 2023 06:55 AM

    Hi Joel,

    what you provide in your REST server configuration in BAW for authentication as username and password will be used in HTTP basic authentication. That is, username and password will be concatenated (separated by colon) and base64 encoded. The final HTTP request header is

    Authorization: Basic ahjadhflja= 

    From your earlier description, it appears you need to send a dedicated HTTP request header for client_id and another for client_secret.

    Ideally, these two required "parameters" are defined in the OpenAPI file as header parameters. That way, you should see them "mapable" for your input message.
    If they are not part of the OpenAPI spec of your API, you can either add them before discovering the service or you use JavaScript APIs to inject additional headers when invoking the External Service.

    HTH
    Jens



    ------------------------------
    Jens Engelke
    ------------------------------



  • 5.  RE: CWXSD1028 - Response Code 401 Unauthorized

    Posted Mon January 23, 2023 03:03 AM
    Thanks Jens,
    using/making a call via custom Js gave us more details about the error,
    there was a need to create new credentials in the Api Connect for this application,
    with these new credentials the error was solved
    Thanks.

    ------------------------------
    Joel Neto
    ------------------------------