In our developement System we have set up 2 Trading Network Systems (Buyer Seller) with Rosettanet. When I send an Message from the sellersystem to the buyersystem via http it work without problems. When I send the message via https then I’ve go the following ERROR java.io.IOException: java.io.IOException: 403 Forbidden.
On both Integration Servers are https - ports defined. Each server has his own certificate and is installed on both servers. The settings for sign, encryption, decryption and verify are made. The profiles are set up with http and https. the prefered is https. The certificate of the servers are defined in the security tab of the Integration Servers.
Does somebody know what I mad wrong?
403 is a protocol error for HTTP. Your problem may be related to the Inetgration Server, but I think the issue is more closely tied to permissions or target service.
What is the URL that you are trying to post to? Is it a service or a directory? For example, the URL should resemble the following:
For each company profile you need a user in webMethods (typically a DUNS number) and make sure this user is in the TNPartners group. Each server needs to have the SSL ports set to ‘require certs’ then you map the cert on each side to the user associated with each profile.
Make sure the wm.ip.rn:receive method is added to the ports as an allowed service (or set the ports Access Mode to Global - allow by default). Check connectivity between servers in each direction using a remote server alias for example (without the rosettanet complexity for starters).
does somebody know if only Port 443 is alowed to be used as https - Port. When I use this Port in one way i can start a connection and it works. Why not at other ports?
Can’t answer all the question because I’m not sure of your environment. But Definately you can use other ports than 443 for https. One project we do use port 4443 for https due to fact in unix systems you need to have root access in order to manage port 443.
You can use any port for HTTPS but sometimes network people like to use 443 for the outside world - so they have to translate incoming requests from 443 to your webMethods port (5556 for example). webMethods suggests using ports above 1024 so that you don’t have to run the server as the ‘root’ user.
That’s the only difference (other than the root issue which is OS specific).
403 is always a permissions issue. If you send me screen shots of the port config screen on the receiving end and the TN profile protocol and security tabs on the sending end, I’ll try to help you get this thing debugged.
I thought a 403 was returned on any error. If the invoked service pukes (exit and signal failure, or uncaught Java exception, etc.) then the http return code is 403. Am I incorrect?
from a flow or java service on IS - is it possible to control the value of the http return code (statusCode) and message (statusMessage) - or is it beyond user’s control as suggested by Rob Eamon (always 403 when service fails) ?
from a flow or java service on IS - is there any way to pass information back to a calling http client - at http level ( not as an XML document using output template ) ?
I think by using java service you can control/set a different code for your HTTP Status code other than 403.
In a flow service you can call pub.flow:setResponse service which sets the HTTP response with any message (xml/non-xml) you want to send. Also don’t forget to set the content-Type.