AS2 Connection does not work after second try - Partner receives http 401

Hi all,

We are in the process of migrating AS2 Connections from onPrem TN to wm.io B2B.
Apart from a lot of other issues we currently face this one which we need to solve quickly.

When a Partner (TRANSPOREON) sends a message to us the first message works basically.
Any further message sent results in 401 - „Invalid or expired session identifier“.
We found several very old reports of this error in webMethods Forum and KB - but no real solution actually.

Anyway - in the case of wm.io we do not see any change of changing http configuration using some params or something like that. (e.g. set watt.security.session.forceReauthOnExpiration=false - which might help)

Do we have a chance to see low level http wire data somewhere - to check http headers or things like that in wm.io?
If our partner needs to change configuration we would need to know what his http client does wrongly.

many thanks for your help

Christian

P.S.: Username and Password are 100% correct → first try works

Hi Christian,
When a bad session ID is received, Integration Server fails the request with “401-Invalid or expired session identifier” and Integration Server also returns the WWW authenticate header to instruct the browser to throw away that invalid session ID. Then client is expected to resubmit the request with credentials but without any SessionID (i.e. just like the first request).

If the client does not want to or cannot handle 401 flow, configure Integration Server to not force reauthentication on session expiry (i.e. watt.security.session.forceReauthOnExpiration=false). And, request the client to include the credentials on each request because they cannot know which sessionID they are sending in is invalid.

When watt.security.session.forceReauthOnExpiration=false, Integration Server uses a valid session as it would normally and ignores the invalid session and let the request through if the given credentials are good. If those credentials are bad, an invalid credentials error would be returned. On the other hand, the credentials are good but the user doesn’t have permissions then 403-Access Denied error would be returned. If the client does not send any credentials, Integration Server would assume an anonymous user (i.e. Default user) and try to execute the request and if that fails then 403 Access Denied error is returned.

Hope this helps,
-Senthil

Hi Senthil,

Thanks for the answer! This is very helpful to understand the details :slight_smile:
We are using the Cloud Version of webMethods.io B2B
For me the main question is why the webMethods.io B2B adapter offers a session cookie to the client?
And rejects the Session when it is presented a second after the first try.
Session tracking does not make to much sense in AS2 setting anyway.

We now try to change to the settings of the client not to accept cookies,
But this might not be possible in a short term.

I understand somehow that BasicAuth is requiered in Cloud.
Although nobody really does this currently in AS2 Connections - making migration to Cloud a real pain.
But then the AS2 http connection should be stateless I would say - so we don’t face such issues.
As we are in the Cloud we cannot change any of this settings - this is very frustrating currently :frowning:

Regarding the Params: We are using wm.io B2B in the Cloud - so the Saas Solution.
Is there any possibility to change these setting in the Cloud Instance?
If we cannot change the client side not to send invalid Sessions?

many thanks for any further hints helping us to solve this

Christian

Hi Christian,
Thanks so much for your detailed response and also for highlighting that this issue is frustrating. I can understand the impact it has on your side and your partner. I’m checking with respective colleagues internally but some of them are on holidays so it might take a few days to come back with an answer.

In the meantime, as for your questions, the Cloud instance can be updated if it’s configured as a dedicated tenant and if it’s a shared tenant, we cannot make this change currently.

I want to stay on the case and try to find a solution for this issue. Please open a support incident and let support team know of this thread and I will coordinate with the wm.io B2B team to find a solution soon.

Regards,
-Senthil