Tridion 2011 Core Service: No se puede conectar en un entorno SSO
https://stackoverflow.com//questions/9625204
-
09-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
Mientras intentas conectarte al servicio central, recibo el siguiente error:
La solicitud HTTP fue prohibida con el esquema de autenticación del cliente 'Anónimo'
El entorno de tridion está configurado con SSO de Siteminder.
Aquí está mi código:
public static ICoreService2010 GetTridionClient() { var binding = new BasicHttpBinding() { Name = "BasicHttpBinding_TridionCoreService", CloseTimeout = new TimeSpan(0, 1, 0), OpenTimeout = new TimeSpan(0, 1, 0), ReceiveTimeout = new TimeSpan(0, 10, 0), SendTimeout = new TimeSpan(0, 1, 0), AllowCookies = false, BypassProxyOnLocal = false, HostNameComparisonMode = HostNameComparisonMode.StrongWildcard, MaxBufferSize = 4194304, // 4MB MaxBufferPoolSize = 4194304, MaxReceivedMessageSize = 4194304, MessageEncoding = WSMessageEncoding.Text, TextEncoding = System.Text.Encoding.UTF8, TransferMode = TransferMode.Buffered, UseDefaultWebProxy = true, ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas() { MaxDepth = 32, MaxStringContentLength = 4194304, // 4MB MaxArrayLength = 4194304, MaxBytesPerRead = 4194304, MaxNameTableCharCount = 16384 }, Security = new BasicHttpSecurity() { Mode = BasicHttpSecurityMode.TransportCredentialOnly, Transport = new HttpTransportSecurity() { ClientCredentialType = HttpClientCredentialType.None, }, Message = new BasicHttpMessageSecurity() { ClientCredentialType = BasicHttpMessageCredentialType.UserName } } }; string hostname = ConfigurationManager.AppSettings["TridionUrl"]; string username = ConfigurationManager.AppSettings["TridionUsername"]; hostname = string.Format("{0}{1}{2}", hostname.StartsWith("http") ? "" : "http://", hostname, hostname.EndsWith("/") ? "" : "/"); var endpoint = new EndpointAddress(hostname + "/webservices/CoreService.svc/basicHttp_2010"); var factory = new ChannelFactory<ICoreService2010>(binding, endpoint); factory.Credentials.UserName.UserName = username; return factory.CreateChannel(); }¿Alguien tiene experiencia de interactuar con el servicio principal con un tipo de autenticación que no sea Windows?
Actualización:
Ahora obtengo el error:
La solicitud HTTP fue prohibida con el esquema de autenticación del cliente 'BASIC'.
¿Qué CLIENTCRENCIALTYPE debe usarse en el /WebServices/Web.config para los enlaces?
Cuando descompuesto el ssoagenthttpmodule en el /webservies/web.config, obtenemos un error de 500 en el servicio web, por lo que SDL nos dijo que dejáramos a esto comentado.
¡Tomo que este módulo es necesario para que el CoreService se autentique con el esquema de autenticación "BASIC"?
Solución
There are 2 problems with your code:
You have set authentiction to anonymous on the server and assumed that same should be set on the client, but it's not the case. You have also enabled LDAP SSO module on the server that kicks in as soon as you turn the anonymous authentication on. On the client side it will look like plain basic authentication, so you client security code should be like this:
Security = new BasicHttpSecurity() { Mode = BasicHttpSecurityMode.TransportCredentialOnly, Transport = new HttpTransportSecurity() { ClientCredentialType = HttpClientCredentialType.Basic, } }You have set username, but not password, so:
factory.Credentials.UserName.UserName = username; factory.Credentials.UserName.Password = password;
Also, keep in mind that you might need to specify User Name Qualifier (SSO by default) when setting user, like SSO\user
This should move you a step closer, if you will still have problems - please update your question with recent exception.
