Hi All,

One of our customer is sending https post request directly yo wm.tn:receive service. Till reverse proxy the request is https and from proxy the request will hit our http port.

We have created a user for the partner and assigned to TNPartners ACLs. Now we can see the request hitting internal IS. But the user is not getting identified and coming as “local/default” which has no access to invoke the receive service.

Here is the IS log :

2013-04-22 08:35:09 CDT [ISC.0039.0001D] POST /invoke/wm.tn/receive
2013-04-22 08:35:09 CDT [ISC.0038.0002D] ← Reverse-Via: ZQSIUO
2013-04-22 08:35:09 CDT [ISC.0038.0002D] ← Host: deveai.sg.com:9110
2013-04-22 08:35:09 CDT [ISC.0038.0002D] ← Content-Type: application/xml
2013-04-22 08:35:09 CDT [ISC.0038.0002D] ← Authorization: �E�:****
2013-04-22 08:35:09 CDT [ISC.0038.0002D] ← Connection: Keep-Alive
2013-04-22 08:35:09 CDT [ISC.0038.0002D] ← Content-Length: 353
2013-04-22 08:35:09 CDT [ISS.0012.0003T] Client did not provide a session ID. Creating a new session 73cea780ab5111e28decea928742a087.
2013-04-22 08:35:09 CDT [ISC.0038.0002D] → HTTP/1.1 500 String index out of range: -1
2013-04-22 08:35:09 CDT [ISC.0038.0002D] → Set-Cookie: ssnid=73cea780ab5111e28decea928742a087; path=/; HttpOnly
2013-04-22 08:35:09 CDT [ISC.0038.0002D] → Connection: close
2013-04-22 08:35:09 CDT [ISC.0038.0002D] → Content-Length: 0

If I check the Authorization parameter, its encoded. Not sure how to get the correct username and password.

Also the HTTP response is 500 and its saying String index out of range.

Please help me in resolving the issue, its really urgent.

Thanks,
Renuka

Question to you:
Have you already shared the RG/Proxy IS certificate with your TP as they are hitting your HTTP/s port URL?
If you do then the Internal invoke should work no matter the user shows Default and request should come thru with success in the TN.

Also just make sure the user you have created and the ACL belongs to Everybody,TNPartners group from the User Management page.

HTH,
RMG

yes , we have shared Reverse proxy certificate to the partner.

But I have question here, if the user is not getting identified and default user has no permsssions to invoke tn.receive service. Then how can the doucment hit TN.

we have created user and assigned to TN partners ACLs.

I am suspecting in http header, the user and password are coming with encoding and IS is not able to identify the user. Is that be an issue?

← Authorization: ?E?:****

Thanks,
Renuka

It will based on the certificate and the access from RG to your internal server and also can you check the tn:receive Execute ACL show as (TNPartners)? We have the similar setup here and it works as expected for some users we have created shows the name in the Activity Log and who ever doesn’t shows Default and it works fine with no invoke errors.

HTH,
RMG