Access denied for second IS

za_goenk · October 26, 2010, 1:18pm

Dear all…

I have a few question about the access webservice in IS
In our system we have two IS. The first IS is 7.1.2 act and connected to the internet, so other third party can connect to our system via this IS. The second IS is 6.5 act as the main IS, all the main process was placed here. The first IS is like a bridge from internet to the second IS.

I have a case, that the third party cannot access the wsdl with prompted a user name and password. So I set the execute properties of web service provider on first IS to “anonymous”. I put a debugLog in the first IS and second IS, so I can monitor the incoming task for both IS. The problem is, when the third party try to call the webservice in the first IS, it return access denied to access service on second IS, I already set the username and password for the second IS.

I even try by my self using simple php file to access the web service without provide username and password and get the same result, access denied on second IS. I check the log, it’s success call the service in first IS but failed when called service in second IS.

The strange things is, when I called the webservice in my php file, and provide username and password, it’s work. There’s no error in calling service in the second IS. The username and password in first IS and second IS is different. Anyone have a clue about this? why the username and password for first IS affect the second IS???

– Best regard –

zagoenk

devexpert · October 26, 2010, 9:04pm

Reverse invoke mechanism is changed in 7.x than from 6.5, so i wonder if this configure will work… though will try to see and come back

za_goenk · October 27, 2010, 1:56pm

what’s the different?

Tong_Wang · October 29, 2010, 2:18am

are you using reverse invoke or remote invoke (call service from server one to server 2)?
if you are using remote invoke, and you are using a remote server alias, you need to configure the execute ACL properly on the remote alias settings (use a empty value will solve most of the problems.)

za_goenk · October 29, 2010, 7:44am

using webservice, the second IS provide wsdl file, and the first IS consume that wsdl file…

Amrendra_Dubey · October 29, 2010, 12:03pm

Do you have any load balancers between you both IS?

I faced similar issue when we had a LB in between the IS and Sticky session behavior was enabled on the LB.

za_goenk · October 29, 2010, 12:26pm

no, we don’t have any load balancer…

devexpert · October 30, 2010, 1:21am

hmmm so there is no reverse invoke ports involved

anyways… did you tried to run the consumer WS on IS-1, if you can connect to the WS hosted on IS-2??

what’s execute ACL of the webservice descriptor (provider) on 2nd IS and IS service hosted… the username which you are passing from IS flow service on server-1 must be in the allowed though this ACL…