I have a very tricky problem with IBM WebSeal which is used as some kind of proxy which authenticates users against a LDAP server and then forwards the URL to the IS 6.0.1 SP2.
When connecting to the IS with the follwing HTTP Get request:
GET URL…
via: HTTP/1.1 server:80
host: server.test.com
user-agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
authorization: Basic WDgzOTg0OnNlY3JldA==
cache-control: no-cache
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, /
accept-language: fr-be
accept-encoding: gzip, deflate
connection: close
Cookie: …
I get the error:
HTTP/1.0 401 Unauthorized
When I send the same request with an UPPERCASE A in authorization, it is working properly. Since the WebSeal only creates the lower case variant, my question is whether this behaviour can be changes on the IS. I can’t believe that the “Authorization” line has to be Uppercase for the A.
If I understood you correctly, you’re saying this works with IS 6:
‘Authorization: Basic WDgzOTg0OnNlY3JldA==’
But this does NOT work:
‘authorization: Basic WDgzOTg0OnNlY3JldA==’
…right?
From what I recall, HTTP headers are case-insensitive (Here’s the relevant RFC section: [url=“HTTP/1.1: HTTP Message”]HTTP/1.1: HTTP Message . It says: “Each header field consists of a name followed by a colon (”:“) and the field value. Field names are case-insensitive.”
So ‘authorization’ should have worked.
> my question is whether this behaviour can be changes on the IS.
Hmm. I think you need to file a bug report. There’s probably some code somewhere in IS doing a string-compare to “Authorization”
you got it right. I was checking the RFC as well and it seems to be a bug in the HTTP implementation inside IS 6.0.1. I will send a bug report to the webMethods support to get this fixed…
I have a posting tool created using java code. I tried using “Authorization” as well as “authorization” in my java code to set the credentials and I both of them worked when posting to WM 6.0.1.
I think the problem is with your proxy and not WM. In fact, when I try to set the wrong username/password combo the error that webMethods gives is :
HTTP/1.0 401 [ISS.0084.9001] Invalid credentials
and not
HTTP/1.0 401 Unauthorized
as you got. So your error must be coming from the proxy.
I receive the error message “HTTP/1.0 401 Unauthorized” not through the proxy server, but by opening the port on the IS with a telnet and then pasting the HTTP header into the open session. Therefore this error is not directly related to the proxy, which is IBMs WebSEAL.
On the other hand I have tested this on another IS 6.0.1 server without the SP2 and there it seems to work properly with the lower case A. Very confusing. I will have to do some more checks tommorrow…
We’ve had IS service packs break something before Joerg - so I won’t be surprising if the culprit is the SP.
BTW, do you mind posting your telnet session in which you spoofed basic authentication? I was trying to do one yesterday, but couldn’t get IS to accept it:
bash-2.05b$ telnet b2bdev1 5555
Trying 172.111.111.111…
Connected to b2bdev1.
Escape character is ‘^]’.
GET / HTTP/1.0
authorization: Basic cookoo2hesgdzvbdf9sfd97==
