Auth profile
Hi,
Am using a Connector with an Auth Profile (username and password). it is a Basic Authentication. Even after configuring the Auth Profile am getting the below error:
A compatible identity was not found for propagation. One of the following identity types is required: ('username, usernameAndPassword'). Only the following identity types were found: ('').
Is there something am missing here? In the header xml stream there is no tag called username/usernameAndPassword that's why am confused.
V6.3 SP1
Pegasystems Inc.
IN
Hi Mainak, Good morning!
could we think of following points to debug?
- what is the connector rule type?
- does the rule form XML of connector rule holds the Auth profile?
- adding log statement oLog.infoForced("Auth: " + <UID & PSWD>); in private version of connector rule
- enable logger com.pega.pegarules.authentication.Authentication
Thank you!
psahukaru
Updated: 2 Feb 2016 7:08 EST
Coforge DPA
AU
Hey
Thanks for responding!!
It’s a Conenct-Soap and it has Auth Profile. I have traced it and saw those two fields ('username, usernameAndPassword') are required. Nevertheless, I will do the logging and let you know.
Pegasystems Inc.
CA
As Kevin suggested, the error seems to indicate the service expects username as a WS-Security header in the SOAP envelope. If that's the case, what you need to configure is WS-Security profile and not authentication profile. And also make sure you enable WS-Security on the advanced tab of the connector.
Updated: 2 Feb 2016 7:09 EST
Coforge DPA
AU
Hi,
I was using WS-Security only but that was giving Java Runtime error. So I approached the service provider and they specifically said we need Basic Authentication (which is present in Auth Profile in pega). That’s why I built the Auth Profile. So now I am not getting java RunTime Error but the error mentioned below. Anyway thanks for your suggestions. PFA the Logs.
Am confused as to which one is correct. The header that is generated doesn’t have the username/password passed.
Mainak
Pegasystems Inc.
US
If you need the Authorization header to be sent with all requests, including the first, make sure to enable Preemptive Authentication on your Authentication Profile record.
You will get some security warnings, as preemptive authentication has some drawbacks.
Coforge DPA
AU
I did that but it’s not working.am getting the same error. I also cheked the Logs DEBUG: httpclient.wire.header
I don’t see the credentials. Are the encrypted by any chance?
PFB the header from Logs
"Proxy-Authorization: Basic Og==[\r][\n]"
Agent: Jakarta Commons-HttpClient/3.0.1[\r][\n]"
"Host: XYZ.svc.copintra.net[\r][\n]"
"Proxy-Connection: Keep-Alive[\r][\n]"
"[\r][\n]"
"HTTP/1.0 200 Connection established[\r][\n]"
"POST /ws/"[\r][\n]"
"User-Agent: Axis2[\r][\n]"
"Authorization: Basic bWJjZGZzOm1iY2Rmcw==[\r][\n]"
"Host: mbconnect-ws-int.cn.svc.corpintra.net[\r][\n]"
"Content-Length: 1030[\r][\n]"
"[\r][\n]"
"HTTP/1.1 500 Internal Server Error[\r][\n]"
"Server: Apache-Coyote/1.1[\r][\n]"
"Content-Type: text/xml;charset=utf-8[\r][\n]"
"Content-Length: 5528[\r][\n]"
"Date: Thu, 28 Jan 2016 03:07:25 GMT[\r][\n]"
"Connection: close[\r][\n]"
Pegasystems Inc.
CA
I don't understand what your requirement is here. You have configured an auth profile and set the scheme as Basic. In your logs, I see the Authorization header with Basic as the scheme and the credentials in base 64 encoded form.
"Authorization: Basic bWJjZGZzOm1iY2Rmcw==[\r][\n]"
This is the expected behavior. If it still doesn't work, your service provider expects something else and not just Basic authentication. I suggest that you get in touch with your service provider and get exact requirements from them. Ask them if WS-Security is required. Ask them if they expect the credentials in the SOAP envelope as SOAP header elements. That would require different configuration in Pega and auth profile is not relevant in that context.
Coforge DPA
AU
⺠Requirement is very simple. Connect and get data âº. First they said WS- Security, then said Only Basic authentication. So I tried both but nothing is working. Then I asked them that ,“If you are expecting the username/password to be passed in the header, then you have to update the XSD accordingly and then I will consume the WSDL again to generate the new Modified XML Stream rule.” Am still waiting for their response. In the mean time I did all this. I thought I may have missed something while configuring, but after u said this is the expected behavior, am happy ⺠. I somehow guessed < Authorization: Basic bWJjZGZzOm1iY2Rmcw==[\r][\n]"> was the encrypted format but just wanted to be sure from you guys.
Thanks again as always, but I will keep this open for a while until its resolved.
Pegasystems Inc.
CA
If the service needs basic authentication and you have configured authentication details using auth profile, then the username and password are sent in HTTP header called Authorization using the scheme Basic. The username and password are not part of the request SOAP envelope. Check with your service provider how they expect the username and password to be transmitted. Also ask them for probable reasons for your original error:
A compatible identity was not found for propagation. One of the following identity types is required: ('username, usernameAndPassword'). Only the following identity types were found: ('').