There is no authentication on server side so authentication should not be issue.
URL format: PUT
https://localhost/api/v1/protections?integrationKey=111&userKey=1111&group=111&category=foo
Payload:
{"action":"BLOCK"}
This is working fine in Postman.
In SOAP UI , I am giving input as under:
EndPoint: https://localhost
Resource: /api/v1/protections
Parameters:?integrationKey=111&userKey=1111&group=111&category=foo
in Media type, I am selecting "application/json"
and entering {"action": "BLOCK"} but getting "Wed Jan 20 16:25:27 PST 2016:DEBUG:Receiving response: HTTP/1.1 403 Forbidden
"
Is there any suggestion to get the output in SOAP UI.
Depending on the server where the rest is exposed service generates an HTTP 403, you should verify that server is and thus find the fastest response.
Also try making a GET request from the browser to see if you can answer correctly because problem lock your machine to the server.
As is https, it may be that you lack some certificate set SOAPUI. possibly Postman you use already has configured. Try to check this setting.
In my case, I missed the Header "User-Agent" and "accept". I put in Soap UI and Works.
In Postman, this headers it put automatically.
Related
I have created an app (backend and frontend) that is mainly used on a Windows intranet. I'm using Kerberos authentication to do SSO so that anyone logged in to Windows domain is automatically authenticated to the server. To do this I set up Kerberos SPN for server and configured browsers etc and is all working fine in the normal scenario. My problem is that I need to continue if the user is not authenticated (ie connects from outside the Windows domain or does not have their browser configured correctly).
In summary there are two scenarios:
if authenticated OK continue with authorization granted for their ID [currently works]
if not authenticated continue with no (public) authorization [does not work]
In the first case the HTTP requests/responses are:
a. frontend: initial HTTP request
b. backend: no auth found so return 401 unauthorized with WWW-Authenticate:Negotiate header
c. frontend: re-sends request with Authorization header -> decoded to get the login ID
In the 2nd case:
a. frontend: initial HTTP request
b. backend: no auth found so return 401 with WWW-Authenticate:Negotiate (and error text in the body)
c. frontend: browser stops (displaying the body of the response as text to the user)
This is the crux of the problem I need to somehow avoid the browser just completely bombing (as at step c above).
Solutions I have tried:
display a message to the user about how to adjust browser settings to allow SSO to work in the body of the 401 response message. This is pretty ugly looking and does not work for connections from outisde the domain
Tried a 301 redirect in stead of 401 unauthorized response, but the browser does not like this.
Tried a redirect using javascript in the 401 response body, but it is not executed.
Have the backend send 401 but with WWW-Authenticate:Negotiate,Basic. But this display an unneeded login/password dialog and still fails if they don't login.
What I really need is an None option, ie: WWW-Authenticate:Negotiate,None then continue with no auth if the subsequent frontend request indicate "None" was used.
Of course, there isn't a "None" option. :(
It seems that this should be a fairly typical scenario but I have been researching this to no avail for 3 days now. Any advice would be greatly appreciated.
If the browser is connecting from outside the intranet then just continue. That is do not send the 401 response at all (no auth). You should be able to tell from the IP address where they connect from.
Another option is to redirect using JS in a page in the 401 body. As mentioned above I think you need to include Content-type: text/html or Content-type: text/javascript.
I think I tried all the possible combinations of headers and body for my POST request in JMeter but is giving me 400 Bad Request saying that the languagePairID parameter from the body is invalid even tho it is exactly same as in Postman.
My headers:
And the request:
Meanwhile in Postman in works perfectly fine:
I tried checking and unchecking the multipart/form-data and browser-compatible headers, but nothing seems to help. I read that using Wireshark might be useful in such cases but I think for this one is not possible as it is HTTPS. I will be very grateful for any advice.
Uncheck "Use mutipart/form-data"
Remove everything from the "Body Data" tab
Switch to "Parameters" tab and put your parameters there:
Going forward be informed that you can easily convert your Postman script into JMeter:
Start JMeter's HTTP(S) Test Script Recorder
Import JMeter's certificate to Postman
Configure Postman to use JMeter as the proxy
Run your request in Postman
JMeter will capture the request and generate relevant HTTP Request sampler and HTTP Header Manager
More information: How to Convert Your Postman API Tests to JMeter for Scaling
When calling the /{realm}/logout-all endpoint, the request always results in a "500 - Internal Server Error" and "error": "unknown_error" in the body. All other endpoints work as they should.
I made sure to call the endpoint with a new token and the Authorization-key in the header of the request. All calls are made from postman for testing.
Did I miss something?
Edit 1:
Keycloak Version: 12.0.2
The call: (generated the token with the admin-cli client and the admin user, so pribvileges shoudln't be a problem (?))
The log:
For future reference and anyone who has the same problem with Keycloak:
In some of the requests (e.g. logout-all) you have to provide a Accept: application/json header, otherwise Keycloak defaults back to application/octet-stream, for which Keycloak is missing the necessary classes.
I can make a request from postman but when I make the same exact request (I'm talking about even copying the code from postman) I get an error.
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://glacial-stream-35306.herokuapp.com' is therefore not allowed access.
Even with the cors-eveywhere chrome extension and attempting to use jsonp I cannot get it to work. Even though the request goes through every time on postman.
What makes a postman req different from a request from a Heroku app?
I have a situation where I am trying to handle auto discover in an iOS app (GOD I HATE auto discover with a passion). I'm at this point where I have followed through several sequences of redirects and email aliases, and the auto discover is now pointing me to an Office 365 URL (this user has been migrated to Office365).
I'm seeing a HTTP redirect to https://autodiscover-s.outlook.com, and I'm POST-ing the standard POX to https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml with the user's credentials. I'm getting a 401 in return. I'm also getting a 401 when I curl this manually.
My POST is to https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml. This is authenticated using the users email and password (I'm using AFNetworking 2.0, so I'm using the HTTPRequestSerilizer authentication mechanism)
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
<Request>
<EMailAddress>user#Service.domain.com</EMailAddress>
<AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
</Request>
</Autodiscover>
The response that I get is:
Domain=AFNetworkingErrorDomain Code=-1011 "Request failed: unauthorized (401)" UserInfo=0x8be9280 {
NSErrorFailingURLKey=https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml,
AFNetworkingOperationFailingURLResponseErrorKey=
{
URL: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
}
{ status code: 401,
headers {
"Cache-Control" = private;
"Content-Length" = 0;
Date = "Thu, 06 Mar 2014 05:00:49 GMT";
RequestId = "ee723790-60db-4008-b800-7d44d9884498";
Server = "Microsoft-IIS/7.5";
"Www-Authenticate" = "Basic Realm=\"\"";
"X-AspNet-Version" = "2.0.50727";
"X-DiagInfo" = BLUPRD0810CA020;
"X-Powered-By" = "ASP.NET";
} }, NSLocalizedDescription=Request failed: unauthorized (401)}
I get the same error when I try to CURL the same post data with the same user and password.
However, when I go to testexchangeconnectivity.com, I see the following, which I don't receive through the POX APIs:
Test Steps
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml for user user#Service.domain.com.
The Autodiscover XML response was successfully retrieved.
Additional Details
An HTTPS redirect was received in response to the Autodiscover request. The redirect URL is https://pod51008.outlook.com/Autodiscover/Autodiscover.xml.
Is there something wrong that I'm doing? I think the credentials work, because the initial auto discover to the user's on premise domain resolves fine and sends me online. The fact that curl also doesn't work leads me to think that there is some special office365 authentication that I'm not doing properly.
Any ideas?
I discovered the problem. I received an email address change from Autodiscover indicating that I should go from user#domain.com to user#service.domain.com. I then re-built the auto discover urls using user#service.domain.com. However, I was authenticating with user#service.domain.com, not user#domain.com. This is why I received 401.
I hate auto discover. None of this is documented anywhere (http://msdn.microsoft.com/en-us/library/jj900154(v=exchg.150).aspx).
I can't figure out what is going on without seeing every request and response. What is the structure of the Office365 URL?
Did you try an un-authenticated GET request to "http://autodiscover." + domain + "/autodiscover/autodiscover.xml"? In Autodiscover for Exchange, there is a Phase 3 sub section that describes this. This article captures much of the requirements for implementing auto discover for a client.
I think Michael meant to link to Handling Autodiscover error messages. However, it doesn't explicitly note that you should not change your user name in your credentials when you get a redirect to another email address. You only change it in the EMailAddress element. Thanks for the feedback, and sorry for the confusion!