Salesforce

Calling a Web Service Protected by Windows Integrated Authentication (Magic xpa 3.x)

« Go Back

Information

 
Created ByKnowledge Migration User
Approval Process StatusPublished
Objective
Description

Calling a Web Service Protected by Windows Integrated Authentication (Magic xpa 3.x)

Objective

This Technical Note explains how to configure your environment to enable the consumption of Web services that require Integrated Windows Authentication (IWA).

Solution

Setup Steps

  1. Java Installations:

JRE 1.6 or 1.7 - As of version 3.2, JDK 7.0 is installed by default, so instead of this step, you can use the installed JRE 7.0.

The installer of JRE can be downloaded and installed for free. After the installation, your registry is expected to hold a key under:

HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.6 (or 1.7) that points to an additional JAVA_HOME value (unlike the environment variable).

  1. Create a text file named jaasconfig.conf that holds the following content:

KrbCredentials {

com.sun.security.auth.module.Krb5LoginModule required debug=true

doNotPrompt=false

useTicketCache=true;

};

  1. Add the following three entries to your magic.ini file in the [MAGIC_SPECIALS] section:

a. OverrideSoapSpyForIntegratedAuthentication=Y

b. Java1.6Home = c:\Program Files\Java\jre6

Please note that the path should point to the new JRE 1.6 installation as mentioned in the registry.

c. IntegratedAuthenticationJvmArgs= -Djava.security.auth.login.config=c:\temp\jaasconfig.conf -Dsun.security.jgss.debug=true -Dsun.security.krb5.debug=true

Please note that the path for the configuration file (in bold) should match the location of the file on your machine.

Remarks

  • When you invoke a Web service after this setup, the Windows log-in credentials of the current Windows user is added to each call (which is also Kerberos encoded).

  • The calling party and the provider must use the same active directory; otherwise, the authentication is expected to fail.

  • Working with Integrated Windows Authentication is only possible when using the Invoke WS command. It is not supported for HTTPPost function calls.

Debugging

To enable a trace on the Java proxy server making the calls, change the 3rd special flag as follows:

[MAGIC_SPECIALS]

IntegratedAuthenticationJvmArgs=-Djava.security.auth.login.config=C:\temp\jaasconfig.conf -Dsun.security.jgss.debug=true -Dsun.security.krb5.debug=true -Dcom.magicsoftware.ssj.integratedauth.debug=true

The WS calls will now generate a log file named WsInteAuthXXXXXX .log in your %TEMP% folder.

Working with a Proxy Server on the LAN

To enable communication via a proxy server, one of the SPECIAL flags needs to be changed as follows:

[MAGIC_SPECIALS]

IntegratedAuthenticationJvmArgs=-Dhttp.proxyHost=Proxy server IP -Dhttp.proxyPort=Proxy Server port -Djava.security.auth.login.config=jaasconfig.conf -Dsun.security.jgss.debug=true -Dsun.security.krb5.debug=true

Reference
Attachment 
Attachment