HTTP call to service with Execute ACL as anonymous


I am using IS6.5 on AIX server. SAP is calling an IS service via http without providing any authorization. The service has Execute ACL as anonymous and Enforce Execute ACL as Always. Although there is no authorization set up in SAP for calling this service, the HTTP header has something like this coming “Authorization: Basic Og==”. Due to this IS is trying to authenticate the call even though service is set to receive anonymous calls. Getting following error message:

Access denied for user on port 8080 -> ‘invoke/SAP_Services.listener:getTestXML’ from 10.x.x.x.
HTTP/1.0 401 [ISS.0084.9001] Invalid credentials
WWW-Authenticate: Basic realm=“webMethods”
Connection: Close

Appreciate any help


IS will always authenticate the connection with a valid user before it calls any services. The minimum authentication is username/password. So, your SAP system will need to pass in a valid username/password so that IS can authenticate the connection made by your SAP system before calling the flow services.

Were you able to solve this problem? We are having the same problem with a partner using SAP after we upgraded from IS 6.1 to 6.5. They say they can’t populate a username/password when sending a Purchase Order.

Hello cathy,
if you face this problem when you deploy the package to other system (Q or P) then you can try resetting the execute ACL to something else -> Save -> set back ACL to ‘Anonymous’ -> Save. (I observed this strange behaviour in wm 6.5 on our systems).