Exploring web service through WSDL that require authentication - eclipse

I'm working with SOAP based web services that require authentication. I usually use the Eclipse Web Service explorer to explore the offered services but for the services requiring authentication, there does not seem to be an authentication option and I keep getting the 401 response.
I tried online clients as well. There is one at http://soapclient.com/soaptest.html but it also exhibits the same behavior.
When I try to access the web services through the browser I get the username/password prompt and it works.
I have also tried using https://username:password#webserviceURL. Again, this works in the browser but not in Eclipse or the online SoapClient utility.
Any ideas how I can get do this ?

It was pretty trivial in SoapUI.
I also found an online client that works with the http://username:password#webserviceURL pattern. Its at : http://tools.pointbeing.net/wsdlviewer

Related

Show traffic between web service and client

I have simple Jersey based web service running on TomCat 9. I do development in Eclipse IDE. Server and IDE are on the same windows machine. I'm using Postman utility to generate test requests.
I would like somehow to see all request/response traffic between service and postman. What is the best way to do that?
Postman will show you everything sent and received in the request (url, headers and content), but you can use a tool like Fiddler to view intercepted HTTP requests.
https://www.telerik.com/fiddler
The best way is to use Tomcat's Request Dumper Filter. It's the best in the sense you don't need anything more than what you already have.
If you do not insist on a eclipse integration you could use burp( https://portswigger.net/burp ).
In proxymode you can play "man in the middle" at your localhost and get every content.
You have just to setup burp as your proxy and you are done. You are also able to stop traffic etc. etc. This works for all kind of network traffic.
The tool is also available in a community edition.

Restful Webservice SAP testing

Is there any way to test rest Webservices in SAP?
I know it's possible to test SOAP Webservices with eCATT but to do that a WSDL file is needed.
The Problem with rest Webservices is, there is no such WSDL file.
Thanks in advance.
I'm assuming from your question that you'd like to test the service from within your SAP system rather than by using an external tool.
If you have access to a system that has the Gateway components deployed, you can use the Gateway client (transaction code /IWFND/GW_CLIENT). It provides a very similar set of functionality to Postman, Paw, et al.
You can use some rest clients available on the browsers:
Postman -> Chrome
RESTClient -> Firefox
Futhermore, if you need a more robust client, you can use SoapUI. See this link.
You may use Fiddler.
Here is detailed instructions on how to test a web service (I know the instructions are for asp.net web services but the Fiddler part should work for any web services).

IdentityServer3 MVC App with Windows Authentication

I'm working on creating an MVC Web application backed by an API which uses IdentityServer3 and is compatible with Windows Authentication, but I'm losing my custom claims in the process.
To this end, I've deployed this project: https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/MVC%20Authentication
When I deploy it to IIS7 I cannot access either of two pages which display claims information until I turn on Windows Authentication. When I do this, I have access to the secure Web Page that shows claims and the API that shows claims. This is promising, but these displayed claims are SidGroups, and Default claims, respectively. I lose my custom claims.
Monitoring traffic in Fiddler, I notice that when hitting the protected claims page, there are two failed attempts which 401 followed by the successful attempt but which displays the wrong claims.
Has anyone encountered this? Does any one know the location of a working example of a Windows Auth compatible IdentityServer? I've looked over several tutorials which imply it's possible but I don't think they are compatible with IdentityServer3.

How to secure a Rest web service with OpenAM as OAuth2 provider

I developed a Rest web service with Play! Framework. I aim to secure access to this WS. I'm discovering OAuth2 and it seems to be a good solution in my case. However, instead of using an external OAuth2 provider, I prefer to manage this part myself. So, I installed the last snapshot of OpenAM (12.0.0), which can do this. I have an instance of Active Directory on which the authentication should be based.
I have access to the documentation but I don't know how proceed. I would like to have some tracks.
Thanks for your help.

Authentication with CAS for rest service call

In our current setup we have about a dozen web applications that deploy to a single Tomcat server. One of these applications is CAS which is used for all authorization.
This works pretty well and in our jRuby web application we use the rubycas-client gem, point to CAS and we're done.
Now we have a requirements where, in a Java component, we need to be able to call out to another web application via a rest service that resides on the same server. My first thought was to use CAS proxy tickets but the web application we have to hit currently doesn't have this enabled and, due to the nature of the environment, this cannot be changed.
So as far as I can tell we're left trying to impersonate the user by using an iframe in our web application that points to the other one (we're all on the same domain and server) and scrape its sessionid for impersonation and pass it down to the Java layer. But I really, really don't want to do this.
Am I missing anything? Is there any better ways of doing this? Is there a way to get the sessionid without an iframe maybe?
Thanks!
If you want to call a web service from a web application using CAS identity, you certainly should use the CAS proxy feature.
If you can't cassify your web service, there is another option for you : you could use the Apache module for CAS : https://wiki.jasig.org/display/CASC/mod_auth_cas.