SOAP over HTTP and Basic Authentication
Posted: Wed Mar 09, 2016 3:39 pm
The ISD application has a service with: Requires Authentication checked, binding is SOAP over HTTP with Authentication Support: HTTP Basic.
On version 8.7, it works as expected. From a soapUI test, you can force a failure by giving a bad user/password in the request properties, and the response is an error 401. Give good credentials and get a good, expected XML response back. You also see a session via the Web Console, Administration, Session list.
On version 11.3.1.2 with all the same ISD settings, we get a proper XML response back regardless of the user/password provided, cannot force an error 401, and do not see any session listed in the Web Console.
Has anyone else run into this basic authentication option not having any effect? Is there any new trick to enable authentication? It sounds like a new defect, but all searches to date have come up empty.
On version 8.7, it works as expected. From a soapUI test, you can force a failure by giving a bad user/password in the request properties, and the response is an error 401. Give good credentials and get a good, expected XML response back. You also see a session via the Web Console, Administration, Session list.
On version 11.3.1.2 with all the same ISD settings, we get a proper XML response back regardless of the user/password provided, cannot force an error 401, and do not see any session listed in the Web Console.
Has anyone else run into this basic authentication option not having any effect? Is there any new trick to enable authentication? It sounds like a new defect, but all searches to date have come up empty.