Hi,

I'm using cmdbuild 2.0 and we built a new interface over cmdbuild which calls SOAP API.

Now, I'm trying to integrate our interface with our internal SSO. So I need to call cmdbuild API with a user already authenticated by our SSO. I'm trying to use HeaderAuthentication in cmdbuild.

In my auth.conf when I use auth.methods=HeaderAuthenticator and header.attribute.name=username, but the SOAP API gives:

"An error was discovered processing the <wsse:Security> header"

Can you help me?

Thanks,
Pedro

Hi,

I'm using cmdbuild 2.0 and we built a new interface over cmdbuild which calls SOAP API.

Now, I'm trying to integrate our interface with our internal SSO. So I need to call cmdbuild API with a user already authenticated by our SSO. I'm trying to use HeaderAuthentication in cmdbuild.

In my auth.conf when I use auth.methods=HeaderAuthenticator and header.attribute.name=username, but the SOAP API gives:

"An error was discovered processing the <wsse:Security> header"

Can you help me?

 

Thanks,
Pedro

CMDBuild's header authentication is intended to be used to "by-pass" default (username/password) authentication of web user interface and it's not usable for accessing SOAP methods.

 

Best regards.

 

--

Davide Pavan

 

Previously Pedro wrote:

Hi,

I'm using cmdbuild 2.0 and we built a new interface over cmdbuild which calls SOAP API.

Now, I'm trying to integrate our interface with our internal SSO. So I need to call cmdbuild API with a user already authenticated by our SSO. I'm trying to use HeaderAuthentication in cmdbuild.

In my auth.conf when I use auth.methods=HeaderAuthenticator and header.attribute.name=username, but the SOAP API gives:

"An error was discovered processing the <wsse:Security> header"

Can you help me?

 

Thanks,
Pedro

 

I thinnk that could make sense having a by-pass to SOAP methods, anyway, when I'm using HeaderAuthentication only, my SOAP API gives:

"The security token could not be authenticated or authorized"

 

If I put DBAuthenticator as second method I get:

"Fault occurred while processing."

 

So I can't use HeaderAuthentication to authenticate in web ui and DBAuthenticator for SOAP API?

 

Thanks,

Pedro

 

Previously Tecnoteca wrote:

CMDBuild's header authentication is intended to be used to "by-pass" default (username/password) authentication of web user interface and it's not usable for accessing SOAP methods.

 

Best regards.

 

--

Davide Pavan

 

Previously Pedro wrote:

Hi,

I'm using cmdbuild 2.0 and we built a new interface over cmdbuild which calls SOAP API.

Now, I'm trying to integrate our interface with our internal SSO. So I need to call cmdbuild API with a user already authenticated by our SSO. I'm trying to use HeaderAuthentication in cmdbuild.

In my auth.conf when I use auth.methods=HeaderAuthenticator and header.attribute.name=username, but the SOAP API gives:

"An error was discovered processing the <wsse:Security> header"

Can you help me?

 

Thanks,
Pedro

 

 

Dear Pedro,

 

as you probably read in the official documentation, login management is different between web UI and SOAP:

* web UI

   - supports database authentication (default), header authentication, cas authentication, ldap authentication

   - chainable

   - configurable

* SOAP

   - not configurable

   - database authentication only

 

For web UI authentication, setting properly auth.conf file, you can set, for example, header first then ldap and database for last. For SOAP, you can only perform database authentication. So, answering to your last question: yes, you can have header authentication (and not only) for ui and database authentication (only) for soap.

 

At the moment the extension of SOAP authentication is not planned, take a look here if it could be interesting: http://www.tecnoteca.com/en/cmdbuild/estensioni-funzionali.

 

Best regards.

 

--

Davide Pavan

 

Previously Pedro wrote:

I thinnk that could make sense having a by-pass to SOAP methods, anyway, when I'm using HeaderAuthentication only, my SOAP API gives:

"The security token could not be authenticated or authorized"

 

If I put DBAuthenticator as second method I get:

"Fault occurred while processing."

 

So I can't use HeaderAuthentication to authenticate in web ui and DBAuthenticator for SOAP API?

 

Thanks,

Pedro

 

Previously Tecnoteca wrote:

CMDBuild's header authentication is intended to be used to "by-pass" default (username/password) authentication of web user interface and it's not usable for accessing SOAP methods.

 

Best regards.

 

--

Davide Pavan

 

Previously Pedro wrote:

Hi,

I'm using cmdbuild 2.0 and we built a new interface over cmdbuild which calls SOAP API.

Now, I'm trying to integrate our interface with our internal SSO. So I need to call cmdbuild API with a user already authenticated by our SSO. I'm trying to use HeaderAuthentication in cmdbuild.

In my auth.conf when I use auth.methods=HeaderAuthenticator and header.attribute.name=username, but the SOAP API gives:

"An error was discovered processing the <wsse:Security> header"

Can you help me?

 

Thanks,
Pedro

 

 

 

Ok, I can solve my problem with available mechanisms. However, I get an error when I try to call a SOAP Method:

"Fault occurred while processing."

 

Thanks,

Pedro

 

Previously Tecnoteca wrote:

Dear Pedro,

 

as you probably read in the official documentation, login management is different between web UI and SOAP:

* web UI

   - supports database authentication (default), header authentication, cas authentication, ldap authentication

   - chainable

   - configurable

* SOAP

   - not configurable

   - database authentication only

 

For web UI authentication, setting properly auth.conf file, you can set, for example, header first then ldap and database for last. For SOAP, you can only perform database authentication. So, answering to your last question: yes, you can have header authentication (and not only) for ui and database authentication (only) for soap.

 

At the moment the extension of SOAP authentication is not planned, take a look here if it could be interesting: http://www.tecnoteca.com/en/cmdbuild/estensioni-funzionali.

 

Best regards.

 

--

Davide Pavan

 

Previously Pedro wrote:

I thinnk that could make sense having a by-pass to SOAP methods, anyway, when I'm using HeaderAuthentication only, my SOAP API gives:

"The security token could not be authenticated or authorized"

 

If I put DBAuthenticator as second method I get:

"Fault occurred while processing."

 

So I can't use HeaderAuthentication to authenticate in web ui and DBAuthenticator for SOAP API?

 

Thanks,

Pedro

 

Previously Tecnoteca wrote:

CMDBuild's header authentication is intended to be used to "by-pass" default (username/password) authentication of web user interface and it's not usable for accessing SOAP methods.

 

Best regards.

 

--

Davide Pavan

 

Previously Pedro wrote:

Hi,

I'm using cmdbuild 2.0 and we built a new interface over cmdbuild which calls SOAP API.

Now, I'm trying to integrate our interface with our internal SSO. So I need to call cmdbuild API with a user already authenticated by our SSO. I'm trying to use HeaderAuthentication in cmdbuild.

In my auth.conf when I use auth.methods=HeaderAuthenticator and header.attribute.name=username, but the SOAP API gives:

"An error was discovered processing the <wsse:Security> header"

Can you help me?

 

Thanks,
Pedro