SOAP over HTTP and Basic Authentication

Dedicated to DataStage and DataStage TX editions featuring IBM<sup>®</sup> Service-Oriented Architectures.

Moderators: chulett, rschirm

Post Reply
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

SOAP over HTTP and Basic Authentication

Post by qt_ky »

The ISD application has a service with: Requires Authentication checked, binding is SOAP over HTTP with Authentication Support: HTTP Basic.

On version 8.7, it works as expected. From a soapUI test, you can force a failure by giving a bad user/password in the request properties, and the response is an error 401. Give good credentials and get a good, expected XML response back. You also see a session via the Web Console, Administration, Session list.

On version 11.3.1.2 with all the same ISD settings, we get a proper XML response back regardless of the user/password provided, cannot force an error 401, and do not see any session listed in the Web Console.

Has anyone else run into this basic authentication option not having any effect? Is there any new trick to enable authentication? It sounds like a new defect, but all searches to date have come up empty.
Choose a job you love, and you will never have to work a day in your life. - Confucius
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

Post by qt_ky »

In case anyone was wondering, this problem can be resolved by applying a patch. We got it fixed last May by downloading the patch through a PMR with IBM Support.

ISD Patch JR55554 - Authentication of SOAP over HTTP ISD services is not enforced
Choose a job you love, and you will never have to work a day in your life. - Confucius
Post Reply