Integrations and APIs for Service

Get Involved. Join the Conversation.

Topic

    Ramy NATOUR
    [BPEL][RightNowAdapter]Username is not specified in...Answered
    Topic posted March 11, 2015 by Ramy NATOURSilver Medal: 2,000+ Points, last edited March 19, 2015 
    327 Views, 3 Comments
    Title:
    [BPEL][RightNowAdapter]Username is not specified in UsernameToken
    Content:

    Hello everyone,

    I’ve followed the BPEL - RightNowAdapter tutorial and I’m currently having some issues with the final testing part.

    The first error I got was the "JCA binding error ... Unable to create cloud operation" that I corrected by changing the "targetWSDLURL" attribute by RightNow's WSDL absolute URL.

    Now, the error message I'm facing is : "CA Binding execute of Reference operation 'QueryObjects' failed due to: Le client a reçu une erreur SOAP du serveur : Username is not specified in UsernameToken".

    As I tried to debug this error, I found out that the Adapter wasn't injecting the credentials in the security header.

    This behaviour is not normal since:

    • I imported RightNow's certificate in WebLogic
    • I created the CSF-key in Enterprise Manager that I use in the Adapter's wizard
    • A simple ROQL request test works during design time

    Does anyone have a clue of why the credentials are not injected since the prefix tasks have been done ?

    Where would you advice me to debug/search a solution ?

    Thanks in advance

    Version:
    November 2014 Release
    Code Snippet:

    Best Comment

    Ramy NATOUR

    Up, Issue fixed.

    The problem i faced:

    The credentials were not injected in the Soap Request even if they all the configuration steps were validated (SOA map, CSF key created, certificate imported). In other words, the CSF Key wasn't found and that was the only way to retrieve the credentials injected in the request.

    The fixing trick:

    The adapter's syntax doesn't allow to have both the CSF-Key property combined with the username + password ones. Making validation errors occur when I tried to add both those nodes without suppressing the CSF-Key.

    To force the credentials injection, you have to edit the ${adapter_file_name}.jca by:

    • Suppressing the "CSF-key" property
    • Adding a "username" and "password" property with the appropriate values

    Dirty and unsecure trick, least bad practices:

    Hard writting credentials in a configuration file is BAD in terms of security practices, it should be avoided as much as you can.

    If you ever have to do the same fix as I did, you can at least try to:

    • Inject the credentials in the .jca file using a configuration plan on deployment time, don't leave it hard written in the adapter's file
    • Create an ant rule which will read from a .properties file and update the configuration plan itself. Call it before joining the configuration plan to the deployment
    • [Optionnal] Create a custom script that uses symetric encryption algorithm(s) that will generate the .properties file stated above from a file containing the encrypted credentials. This script should be called before the ant rule and the .properties file should be emptied after being runned by ant if you go for this option.

    Those protections obviously are not worth the CSF-Key's one but are better than nothing.

     

    Anyway, sorry for this dirty fix but now it's working at least.

    PS: There may be a patch which would fix this weblogic CSF-Key issue available on Oracle support, I'll try it when i get the access to it and I'll let you know if it fixed the issue.

     

    Comment

     

    • Ramy NATOUR

      Up, Changelogs:

      • Updated the title
      • Updated the problem description
      • Added the RightNowAdapter's Soap XML request
    • Ramy NATOUR

      Up, Issue fixed.

      The problem i faced:

      The credentials were not injected in the Soap Request even if they all the configuration steps were validated (SOA map, CSF key created, certificate imported). In other words, the CSF Key wasn't found and that was the only way to retrieve the credentials injected in the request.

      The fixing trick:

      The adapter's syntax doesn't allow to have both the CSF-Key property combined with the username + password ones. Making validation errors occur when I tried to add both those nodes without suppressing the CSF-Key.

      To force the credentials injection, you have to edit the ${adapter_file_name}.jca by:

      • Suppressing the "CSF-key" property
      • Adding a "username" and "password" property with the appropriate values

      Dirty and unsecure trick, least bad practices:

      Hard writting credentials in a configuration file is BAD in terms of security practices, it should be avoided as much as you can.

      If you ever have to do the same fix as I did, you can at least try to:

      • Inject the credentials in the .jca file using a configuration plan on deployment time, don't leave it hard written in the adapter's file
      • Create an ant rule which will read from a .properties file and update the configuration plan itself. Call it before joining the configuration plan to the deployment
      • [Optionnal] Create a custom script that uses symetric encryption algorithm(s) that will generate the .properties file stated above from a file containing the encrypted credentials. This script should be called before the ant rule and the .properties file should be emptied after being runned by ant if you go for this option.

      Those protections obviously are not worth the CSF-Key's one but are better than nothing.

       

      Anyway, sorry for this dirty fix but now it's working at least.

      PS: There may be a patch which would fix this weblogic CSF-Key issue available on Oracle support, I'll try it when i get the access to it and I'll let you know if it fixed the issue.

       

    • Aditi Bali

      Hi,

      Not sure if the solution can help you. Go to BPEL EM Concole-->Weblogic Domain-->webservices-->policies and select the policy you choose for configuring CSF key inside the BPEL composite adapter.

      Then uncheck the password from the policy signature and take a server restart.