nchiluku Absent Member.
Absent Member.
534 views

Kerberos authentication to a Web service from HPOO

I need to invoke and access a web service from HPOO that allows only kerberos authentication.  I configured the parameters on the HTTP Client Post Raw action to invoke the webservice. 

 

Here is the sample parameters

 

url:  http://xxxxxxxx/TestServices/TestService.svc

PostDocument: SOAP Envelope

Username:  XXXX

Password: XXXX

authType: kerberos

kerberosConfFile: C:\Authentication\krb5.conf

 

After executing the flow in the debug mode on HPOO studio, following error is thrown. "Please provide a valid path for the kerberos configuration file."

 

 

{errorMessage=;returnCode=-4;Result=-4;status=;urls=;responseTimeInMs=0;exception=java.lang.Exception: Please provide a valid path for the kerberos configuration file!
at com.hp.oo.content.commons.util.http.OOHttpClientBuilder.addKerberosAuth(OOHttpClientBuilder.java:439)
at com.hp.oo.content.commons.util.http.OOHttpClientBuilder.configureAuthentication(OOHttpClientBuilder.java:141)
at com.hp.oo.content.commons.util.http.OOHttpClientBuilder.configure(OOHttpClientBuilder.java:112)
at com.hp.oo.content.commons.util.http.OOHttpClientRequestExecutor.executeRequest(OOHttpClientRequestExecutor.java:65)
at com.iconclude.content.actions.httpclient.HttpClientBase.executeBase(HttpClientBase.java:86)
at com.iconclude.content.actions.httpclient.HttpClientBase.execute(HttpClientBase.java:66)
at com.iconclude.content.actions.httpclient.HttpClientPostRaw.execute(HttpClientPostRaw.java:16)
at com.iconclude.webservices.ras.classLoadedIaction.execute(JavaExtensionService.java:578)
at com.iconclude.webservices.ras.JavaExtensionService.executeFromThisDelegator(JavaExtensionService.java:260)
at com.iconclude.webservices.ras.ExtensionServiceDelegator.execute(ExtensionServiceDelegator.java:58)
at com.iconclude.webservices.ras.RCAgentServiceSoapBindingImpl.execute(RCAgentServiceSoapBindingImpl.java:48)
at com.iconclude.webservices.ras.RCAgentServiceSoapBindingSkeleton.execute(RCAgentServiceSoapBindingSkeleton.java:238)
at sun.reflect.GeneratedMethodAccessor14.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:502)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1124)
at org.acegisecurity.securechannel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:138)
at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
at com.iconclude.dharma.commons.util.http.DharmaFilterToBeanProxy.doFilter(DharmaFilterToBeanProxy.java:72)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:879)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:741)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:207)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:403)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:522)
;responseHeaders=;document=;httpResult=;sessionId=iconclude-5147452817520944989;pageLoadTimeInMs=0;resultText=GENERAL_ERROR;URL=;}

 

 

I also tried one other approach after having the above failure.  

 

1. Copied the krb5.conf file tothe C:\Program Files\Hewlett-Packard\Operations Orchestration\Studio\conf folder. 

 

2. Changed the studio.properties file with the following in the kerberos section.  krb5.conf=%ICONCLUDE_HOME%/conf/krb5.conf

 

It also returned the same error.

 

 

Any ideas on how to configure the kerberos on HTTP Client POST RAW action to invoke a web service that is secured with kerberos.

 

Thanks.

 

 

Labels (1)
0 Likes
1 Reply
Mihai_David Absent Member.
Absent Member.

Re: Kerberos authentication to a Web service from HPOO

Hi,

The error is most probably because the account running RSJRAS service does not have access to the C:\Authentication folder. (Other reason could be that you mispelled the folder name).

 

After you get passed this error note that the operation will create a file at "c:\Program Files\Hewlett-Packard\Operations Orchestration\jetty\bin\kerberosLogin.conf"  or use it if it exists. So you can modify this after the first run. (it is needed by the JAAS framework - more info here:  https://docs.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html)

 

The Http Client operations (from OO9) will ignore your username and password inputs for authType=kerberos.

Debug information abut the kerberos login can be found in "c:\Program Files\Hewlett-Packard\Operations Orchestration\RAS\Java\Default\webapp\logs\wrapper.log" 

You are working on OO9 but note that in OO 10, for the upcoming Base 1.3.0 content pack we have rewriten the kerberos autentication for the "Http Client v2.0" operations. You should also find more documentation there (check folder description).

Mihai David

(OO Content Developer)

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.