Hi Unifacers,
we succesfully called in the past many webservices both using UHTTP/SEND and SOAP 2.0
now we are facing an authentication issue on a customer where Uniface seem to try to use certificates while not necessary/present in this installation, as a basic user and password authentication is needed here. steps done and tryed:
1) imported WSDL
2) cheched the endpoint
3) checked SOP U2.0 in [DRIVER_SETTING]
4) added basc auth in [SERVICES_EXEC] details for our webservice like: SERVICENAME $SOP:SERVICENAME scheme=B euser=the_username epass=the_password
5) tryed to add ign switch in previous step so ign=HP
6) downloaded ca-bundle.crt from curl - Extract CA Certs from Mozilla and placed both in working directory and common\\usys folder
7) duplicated that file in personal.crt
still get this error:
MESSAGE=HTTP transport error·!·;DETAIL=Request::handleRequest HTTPTransportException:Client attempted to use SSL functions without the proper prerequisites - Verifying SSL certicate for: blablabla.hana.ondemand.com failed: unable to use client certificate (no key found or wrong pass phrase?)"
first question is why uniface tryes anyway to use certificate where there's not
second question if there is a limit for length username/password as they are very long and also contain weird characters like =!| that maybe placed in .ASN could do some problem
third question if username and password need to be encrypted (base64?) or not
we can succesfully call this webservice from the same laptop using SOAPUI+basic authentication
thank you
Simone
------------------------------
Simone Pecchenino
Labinf Sistemi Srl
IT
------------------------------
Page 1 / 1
Hi Unifacers,
we succesfully called in the past many webservices both using UHTTP/SEND and SOAP 2.0
now we are facing an authentication issue on a customer where Uniface seem to try to use certificates while not necessary/present in this installation, as a basic user and password authentication is needed here. steps done and tryed:
1) imported WSDL
2) cheched the endpoint
3) checked SOP U2.0 in [DRIVER_SETTING]
4) added basc auth in [SERVICES_EXEC] details for our webservice like: SERVICENAME $SOP:SERVICENAME scheme=B euser=the_username epass=the_password
5) tryed to add ign switch in previous step so ign=HP
6) downloaded ca-bundle.crt from curl - Extract CA Certs from Mozilla and placed both in working directory and common\\usys folder
7) duplicated that file in personal.crt
still get this error:
MESSAGE=HTTP transport error·!·;DETAIL=Request::handleRequest HTTPTransportException:Client attempted to use SSL functions without the proper prerequisites - Verifying SSL certicate for: blablabla.hana.ondemand.com failed: unable to use client certificate (no key found or wrong pass phrase?)"
first question is why uniface tryes anyway to use certificate where there's not
second question if there is a limit for length username/password as they are very long and also contain weird characters like =!| that maybe placed in .ASN could do some problem
third question if username and password need to be encrypted (base64?) or not
we can succesfully call this webservice from the same laptop using SOAPUI+basic authentication
thank you
Simone
------------------------------
Simone Pecchenino
Labinf Sistemi Srl
IT
------------------------------
we succesfully called in the past many webservices both using UHTTP/SEND and SOAP 2.0
now we are facing an authentication issue on a customer where Uniface seem to try to use certificates while not necessary/present in this installation, as a basic user and password authentication is needed here. steps done and tryed:
1) imported WSDL
2) cheched the endpoint
3) checked SOP U2.0 in [DRIVER_SETTING]
4) added basc auth in [SERVICES_EXEC] details for our webservice like: SERVICENAME $SOP:SERVICENAME scheme=B euser=the_username epass=the_password
5) tryed to add ign switch in previous step so ign=HP
6) downloaded ca-bundle.crt from curl - Extract CA Certs from Mozilla and placed both in working directory and common\\usys folder
7) duplicated that file in personal.crt
still get this error:
MESSAGE=HTTP transport error·!·;DETAIL=Request::handleRequest HTTPTransportException:Client attempted to use SSL functions without the proper prerequisites - Verifying SSL certicate for: blablabla.hana.ondemand.com failed: unable to use client certificate (no key found or wrong pass phrase?)"
first question is why uniface tryes anyway to use certificate where there's not
second question if there is a limit for length username/password as they are very long and also contain weird characters like =!| that maybe placed in .ASN could do some problem
third question if username and password need to be encrypted (base64?) or not
we can succesfully call this webservice from the same laptop using SOAPUI+basic authentication
thank you
Simone
------------------------------
Simone Pecchenino
Labinf Sistemi Srl
IT
------------------------------
The mentioned error ("unable to use client certificate (no key found or wrong pass phrase?)") should only occur when you are specifying a personal.crt file that does not include any valid client certificate with the required key or pass phrase. If, however, the connector option ign = P or ign = HP is specified then the check should not be done (and the error should not occur). For some reason the SOAP connector does not use the ign option. Are you sure that it has been correctly specified.
Anyway, the SOAP connector currently has a problem with passwords that include an equal sign ("="). In that case the specified password is truncated, and the server should return the HTTP 401 Unauthorized error (e.g. "The requested URL returned error: 401 (401)"). This issue has been recognized by the lab and is currently still open. Does the SOAP request, however, work when you change the password and make sure that it does not include an equal sign?
I hope this helps.
------------------------------
Daniel Iseli
Principal Technical Support Engineer
Uniface Services
Rocket Software, Switzerland
------------------------------
Hi Simone,
The mentioned error ("unable to use client certificate (no key found or wrong pass phrase?)") should only occur when you are specifying a personal.crt file that does not include any valid client certificate with the required key or pass phrase. If, however, the connector option ign = P or ign = HP is specified then the check should not be done (and the error should not occur). For some reason the SOAP connector does not use the ign option. Are you sure that it has been correctly specified.
Anyway, the SOAP connector currently has a problem with passwords that include an equal sign ("="). In that case the specified password is truncated, and the server should return the HTTP 401 Unauthorized error (e.g. "The requested URL returned error: 401 (401)"). This issue has been recognized by the lab and is currently still open. Does the SOAP request, however, work when you change the password and make sure that it does not include an equal sign?
I hope this helps.
------------------------------
Daniel Iseli
Principal Technical Support Engineer
Uniface Services
Rocket Software, Switzerland
------------------------------
The mentioned error ("unable to use client certificate (no key found or wrong pass phrase?)") should only occur when you are specifying a personal.crt file that does not include any valid client certificate with the required key or pass phrase. If, however, the connector option ign = P or ign = HP is specified then the check should not be done (and the error should not occur). For some reason the SOAP connector does not use the ign option. Are you sure that it has been correctly specified.
Anyway, the SOAP connector currently has a problem with passwords that include an equal sign ("="). In that case the specified password is truncated, and the server should return the HTTP 401 Unauthorized error (e.g. "The requested URL returned error: 401 (401)"). This issue has been recognized by the lab and is currently still open. Does the SOAP request, however, work when you change the password and make sure that it does not include an equal sign?
I hope this helps.
------------------------------
Daniel Iseli
Principal Technical Support Engineer
Uniface Services
Rocket Software, Switzerland
------------------------------
unfortunately we can't change the password as it is auto-generated and it will always contain the "equal" character: it was one of the first thing came into my mind when they give me that credentials, and obviously assignment files use the equal as separator between option and value
so I think I am stuck in that situation as I can obtain the 401 unauthorized playing something via assignment file (but I don't remember the exact combination, meybe playing with IGN)
I assume that the SOAP connector will only be fixed in U10.3+U10+4 and not in U9.7, right? or can be somehow ported back?
thank you
Simone
------------------------------
Simone Pecchenino
Labinf Sistemi Srl
IT
------------------------------
Hi Daniel
unfortunately we can't change the password as it is auto-generated and it will always contain the "equal" character: it was one of the first thing came into my mind when they give me that credentials, and obviously assignment files use the equal as separator between option and value
so I think I am stuck in that situation as I can obtain the 401 unauthorized playing something via assignment file (but I don't remember the exact combination, meybe playing with IGN)
I assume that the SOAP connector will only be fixed in U10.3+U10+4 and not in U9.7, right? or can be somehow ported back?
thank you
Simone
------------------------------
Simone Pecchenino
Labinf Sistemi Srl
IT
------------------------------
unfortunately we can't change the password as it is auto-generated and it will always contain the "equal" character: it was one of the first thing came into my mind when they give me that credentials, and obviously assignment files use the equal as separator between option and value
so I think I am stuck in that situation as I can obtain the 401 unauthorized playing something via assignment file (but I don't remember the exact combination, meybe playing with IGN)
I assume that the SOAP connector will only be fixed in U10.3+U10+4 and not in U9.7, right? or can be somehow ported back?
thank you
Simone
------------------------------
Simone Pecchenino
Labinf Sistemi Srl
IT
------------------------------
Thank you for your reply. And that is unfortunate.
And you assume correctly: this issue will only be fixed in Uniface 10.3 and 10.4; as you might know, version 9.7 is not supported anymore since about 2 years (for details see Uniface Support Lifecycle).
I hope this clarifies this matter.
------------------------------
Daniel Iseli
Principal Technical Support Engineer
Uniface Services
Rocket Software, Switzerland
------------------------------
Hi Simone,
Thank you for your reply. And that is unfortunate.
And you assume correctly: this issue will only be fixed in Uniface 10.3 and 10.4; as you might know, version 9.7 is not supported anymore since about 2 years (for details see Uniface Support Lifecycle).
I hope this clarifies this matter.
------------------------------
Daniel Iseli
Principal Technical Support Engineer
Uniface Services
Rocket Software, Switzerland
------------------------------
Thank you for your reply. And that is unfortunate.
And you assume correctly: this issue will only be fixed in Uniface 10.3 and 10.4; as you might know, version 9.7 is not supported anymore since about 2 years (for details see Uniface Support Lifecycle).
I hope this clarifies this matter.
------------------------------
Daniel Iseli
Principal Technical Support Engineer
Uniface Services
Rocket Software, Switzerland
------------------------------
I just wanted to let you know that the above mentioned issue with the password has been fixed now with the latest patches for Uniface 10.3 and 10.4 (see fix UNI-13091):
I hope this helps.
------------------------------
Daniel Iseli
Principal Technical Support Engineer
Uniface Services
Rocket Software, Switzerland
------------------------------
Hi Simone,
I just wanted to let you know that the above mentioned issue with the password has been fixed now with the latest patches for Uniface 10.3 and 10.4 (see fix UNI-13091):
I hope this helps.
------------------------------
Daniel Iseli
Principal Technical Support Engineer
Uniface Services
Rocket Software, Switzerland
------------------------------
I just wanted to let you know that the above mentioned issue with the password has been fixed now with the latest patches for Uniface 10.3 and 10.4 (see fix UNI-13091):
I hope this helps.
------------------------------
Daniel Iseli
Principal Technical Support Engineer
Uniface Services
Rocket Software, Switzerland
------------------------------
thank you for the update, glad it has been solved
unfortunately that customer is still on U9.7 and there is no plan to upgrade it soon
we will talk to them about this
Simone
------------------------------
Simone Pecchenino
Labinf Sistemi Srl
IT
------------------------------
Sign up
Already have an account? Login
Welcome to the Rocket Forum!
Please log in or register:
Employee Login | Registration Member Login | RegistrationEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.
77 4th Avenue
Waltham, MA 02451 USA
