stackoom
  简体   繁体   中英

How to implement Java soap client when server uses ADFS authentication?

 原文  2017-04-18 08:30:23       java/ soap/ cxf/ soapui/ adfs

Question

We are implementing a soap client in Java (using cxf wsdl2java). In previous projects the authentication has been based on either WS-Security or Basic HTTP Authentication. These are both easy to test in SoapUI and implement in java.

This time however, the server uses a Web Application Proxy which works as a reverse proxy, and ADFS (Active Directory Federation Services) for authentication purpose. I don't know the details of what this means, but what happens when opening the wsdl endpoint URL in a browser is that we get redirected to a login page similar to the office login page https://login.microsoftonline.com/ where you have manually click on the account type before entering credentials.

When logging in manually, we get redirected back to the wsdl endpoint with an appended ?authToken=xxx at the end and I think the token lasts for 1 hour. We have tried to ask the provider to use a more standard authentication, but for now this is the only thing we have. How do we approach this?

When trying to do a test request from SoapUI, we just get the complete html code of the login page in response. I see there is a Form Based Authentication option in SoapUI but it won't work since the login page has multiple account types and multiple username/password fields. The workaround for testing is just to login manually and use the authToken. But how can we automate this in the Java cxf client?

When connecting to the endpoint url in a browser, this is how the url looks after redirected to the login page:

[url to adfs seriver]/adfs/ls?version=1.0&action=signin&realm=urn%3AAppProxy%3Acom&appRealm=a10037ed-ca1e-e711-9436-00215a9b01ac&returnUrl=[wsdl endpoint url]&client-request-id=13A5B5A6-B574-0000-6FBA-A51374B5D201

1 answers

solution1
 1 ACCPTED  2017-04-18 19:43:02

You can't use SOAP to authenticate with ADFS via a login screen. This is because ADFS only supports WS-Fed or SAML-P or OpenID Connect (ADFS 4.0).

What you can do is use WS-Tust to do this.

WS-Fed supports two profile viz. passive (browser login screen) or active (web service / WCF). You need to use the latter.

There are a number of active profile endpoints that are available in ADFS. Not all are enabled by default so you may need to enable them.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to implement client authentication when using java code and Apache CXF as SOAP client? How to implement authentication with Apache Directory Server and Client Java API Java webservice client with ADFS SAML authentication how to write java client and server applications that uses mutual ssl authentication between them? Issue with wsimport authentication when generating SOAP Java client How to implement Grpc username/password authentication. Python client, Java server SOAP Server in JAVA <-> SOAP Client in C# Java client for SOAP web service with NTLM authentication Basic Authentication Java SOAP WebService Client Java SOAP Client with SSL authentication : bad certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM