Setup NTLM Authentication in BW 5.4.x through BW 5.9.x .
Article ID: KB0092567
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | - |
| Not Applicable | - |
Description
Description:
BW versions prior to BW 5.10 do not support NTLM of-of-box. Starting from BW 5.10, BW natively supports NTLM authentication. However in BW versions prior to 5.10, NTLM authentication can be implemented using a BW NTLM proxy process that a user can put between a BW SOAP/HTTP client and the actual server that requires NTLM authentication.
BW versions prior to BW 5.10 do not support NTLM of-of-box. Starting from BW 5.10, BW natively supports NTLM authentication. However in BW versions prior to 5.10, NTLM authentication can be implemented using a BW NTLM proxy process that a user can put between a BW SOAP/HTTP client and the actual server that requires NTLM authentication.
Issue/Introduction
Setup NTLM Authentication in BW 5.4.x through BW 5.9.x .
Resolution
Attached is BW NTLM Proxy process (Filename:540_ntlm.zip) that a user can put in between the BW SOAP/HTTP Client and Actual server [requires NTLM authentication]. This proxy will do the authentication given user name / password via Identity resource.
DISCLAIMER: This should be used 'as-is". This is not an out-of-box solution from TIBCO Software, Inc.
Configuration:
Prerequisite: You need to deploy the NTLM BW Proxy process on BW 5.4 and TRA 5.5.0. This process uses the latest HTTP Client library version 3.0 that is shipped with TRA 5.5.
Steps for Proxy Configuration:
1). Open the attached project and create a new EAR file, then deploy it .
2). Before starting the process -- change the following global variables:
*Remote_Host*(string) : The HTTP / SOAP server who is needing NTLM
-default localhost
*Remote_Port(*int) : Port for above server -- default 80
*Proxy_Port*(int) : Port you want BW NTLM Proxy to start on -- default 80
*Proxy_Host*(string) : Host where you are deploying this BW NTLM proxy process .
3) Deploy the process and set a high value for HTTP Max processor and Min processor.
On the Client side, do the following :
1). In the Target URL / Host -- instead of pointing it to the host where the SOAP /HTTP server is running, point to the host that you just set the in GV
/Proxy_Host /-- same for port set it to/ Proxy_Port /.
2). Click on 'Use Basic Authentication' and create/provide and identity the file that is configured with NTLM credentials for the remote host :
Example :
User Name : tsi-pa\pshah [ possible domain separators are '\' , '/' or ':']
Password : the password for above user
If the user does not want to provide, and if the server allows credentials without a domain value, then just provide the user name and no domain name.
Now test the BW SOAP / HTTP Client against the BW NTLM Proxy process. If it fails it will return a SOAP Fault /HTTP Error stating why.
DISCLAIMER: This should be used 'as-is". This is not an out-of-box solution from TIBCO Software, Inc.
Configuration:
Prerequisite: You need to deploy the NTLM BW Proxy process on BW 5.4 and TRA 5.5.0. This process uses the latest HTTP Client library version 3.0 that is shipped with TRA 5.5.
Steps for Proxy Configuration:
1). Open the attached project and create a new EAR file, then deploy it .
2). Before starting the process -- change the following global variables:
*Remote_Host*(string) : The HTTP / SOAP server who is needing NTLM
-default localhost
*Remote_Port(*int) : Port for above server -- default 80
*Proxy_Port*(int) : Port you want BW NTLM Proxy to start on -- default 80
*Proxy_Host*(string) : Host where you are deploying this BW NTLM proxy process .
3) Deploy the process and set a high value for HTTP Max processor and Min processor.
On the Client side, do the following :
1). In the Target URL / Host -- instead of pointing it to the host where the SOAP /HTTP server is running, point to the host that you just set the in GV
/Proxy_Host /-- same for port set it to/ Proxy_Port /.
2). Click on 'Use Basic Authentication' and create/provide and identity the file that is configured with NTLM credentials for the remote host :
Example :
User Name : tsi-pa\pshah [ possible domain separators are '\' , '/' or ':']
Password : the password for above user
If the user does not want to provide, and if the server allows credentials without a domain value, then just provide the user name and no domain name.
Now test the BW SOAP / HTTP Client against the BW NTLM Proxy process. If it fails it will return a SOAP Fault /HTTP Error stating why.
Attachments
Feedback
Yes
No
Powered by
