Specifying Authentication Settings for RA Web Service SOAP Agent Connection Objects

Security settings for RA Web Service SOAP Agent Connection objects can be set in the Authentication section

Some .wsdl files require authentication specifications to the end URL. To enter them:

  1. Select an option from the Authentication field.

    2. Unless you select "None" for the authentication, additional authentication-specific fields will be added below the Authentication drop-down list, based on the requirements and options for that authentication.

  2. Respond to the authentication-specific fields. Although not all of these fields are required by the RA Web Service SOAP Agent, they may need values for the authentication mechanism to work.

    3. The settings in the Authentication section differ depending whether the Use Native mode box is unchecked in the Agent definition.

    • When Use Native mode is checked, the following authentications are available.
      • For Uses Field Description
      Basic and Digest HTTP Client Credentials (UsernamePasswordCredentials)

      Username

      The user name.

      Password

      		 The password.
      NTML HTTP Client Credentials (NTCredentials)

      Username

      The user name.

      Password

      		 The password.
      Kerberos* The existing kerberos impl. code. we set the Host if its empty per default the host name from URL Endpoint

      Username

      		 The user name.

      Password

      		 The password.

      Host

      		 The host to connect to. Only required if the endpoint differs from the authentication host.

      URL Endpoint

      		 A read-only URL endpoint

      * Additional configuration settings for Kerberos are set in the krb.ini (.conf) file, see Additional Kerberos Configuration.

      In native mode for authentications, we have rewritten the code and we use CloseableHttpClient + BasicCredentialsProvider.

    • When Use Native mode is not checked, the following authentications are available.
      • For Field Description
      Basic, and NTLM

      Username

      The user name.

      Password

      		 The password.

      Host

      		 The host to connect to. Only required if the endpoint differs from the authentication host.

      Port

      		 The port to use. Only required if the endpoint differs from the authentication host.

      Realm

      The realm. Only required if the endpoint differs from the authentication host. Also, this field is optional when a host is specified.

      Preemptive

      Activates preemptive authentication. Preemptive authentication sends the authentication information without waiting for the server to give an unauthorized response. This reduces some overhead, and may be required in cases where the server does not reply with an unauthorized response. You use preemptive authorization when you trust the endpoint enough to send authentication credentials somewhere without being asked for them.
      Digest

      Username

      The user name.

      Password

      		 The password.

      Host

      		 The host to connect to. Only required if the endpoint differs from the authentication host.

      Port

      		 The port to use. Only required if the endpoint differs from the authentication host.

      Realm

      The realm. Only required if the endpoint differs from the authentication host. Also, this field is optional when a host is specified.
      Kerberos*

      Username

      		 The user name.

      Password

      		 The password.

      * Additional configuration settings for Kerberos are set in the krb.ini (.conf) file, see Additional Kerberos Configuration.

Additional Kerberos Configuration

Additional configuration settings for Kerberos are set in the krb.ini (.conf) file. The Agent itself does not read this file directly, it uses the Kerberos classes of the JRE.

The algorithm to locate the krb5.conf file is the following:

  • If the system property java.security.krb5.conf is set, its value is assumed to specify the path and file name.
  • If that system property value is not set, the configuration file is looked for in the directory:
    • <java-home>\lib\security (Windows)
    • <java-home>/lib/security (Solaris and Linux)

    Here <java-home> refers to the directory where the JRE is installed. For example, if you have J2SE 5.0 installed on Solaris in a directory named /j2sdk1.5, the directory in which the configuration file is looked for is:

    /j2sdk1.5/jre/lib/security

  • If the file is still not found, then an attempt is made to locate it as follows:
    • /etc/krb5/krb5.conf (Solaris)
    • c:\winnt\krb5.ini (Windows)
    • /etc/krb5.conf (Linux)
  • If the file is still not found, and the configuration information being searched for is not the default realm and KDC, then implementation-specific defaults are used. If, on the other hand, the configuration information being searched for is the default realm and KDC because they weren't specified in system properties, and the krb5.conf file is not found either, an exception is thrown.