4

When I send this request using soap envelope over http UA asks for credentials. When I send it over https UA doesn't ask for credentials but returns 401 error. I need user to enter credentials this way.

 var wsUrl = config.identityServerURL + "/services/RemoteUserStoreManagerService.RemoteUserStoreManagerServiceHttpsSoap11Endpoint/";
        namesToEnable.forEach(function (name) {

            var soapRequest = '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://common.mgt.user.carbon.wso2.org/xsd"> ' +
                '<soapenv:Header/> ' +
                '<soapenv:Body> ' +
                '<ser:setUserClaimValues>' +
                '<ser:userName>' + name + '</ser:userName>' +
                '<ser:claims> <!--Optional:--> ' +
                '<xsd:claimURI>http://wso2.org/claims/identity/accountDisabled</xsd:claimURI> <!--Optional:--> ' +
                '<xsd:value>false</xsd:value> </ser:claims> <!--Optional:--> ' +
                '<ser:profileName></ser:profileName> </ser:setUserClaimValues> ' +
                '</soapenv:Body></soapenv:Envelope>';

            var xmlhttp = new XMLHttpRequest();
            xmlhttp.open('POST',
                wsUrl, true);

            var sr = soapRequest;

            xmlhttp.onreadystatechange = function () {
                if (xmlhttp.readyState == 4) {
                    if (xmlhttp.status > 200 < 300) {
                        console.log('DONE');
                        sap.ui.getCore().byId("DialogOnEnableUser").close();
                        sap.m.MessageToast.show("User successfully enabled", {duration: 1000});
                    } else {
                        console.log('ERR soap req');
                    }
                }
            };
            // Send the POST request
            xmlhttp.withCredentials = true;
            xmlhttp.setRequestHeader("SOAPAction", "urn:setUserClaimValues");
            xmlhttp.setRequestHeader('Content-Type', 'text/xml');
            xmlhttp.send(sr);
dtechlearn
  • 363
  • 2
  • 4
  • 21
  • 1
    Which browser/"user agent" are you referring to? Is the request on the same domain, or a different domain? Are you able to created a testable prototype? Generally speaking, setting withCredentials has no effect on same-site requests. You may want to look into CORS setup* and/ or try sending an Authorization header with the request. * https://stackoverflow.com/questions/21850454/how-to-make-xmlhttprequest-cross-domain-withcredentials-http-authorization-cor – Tom Aug 27 '18 at 15:01

1 Answers1

0

Sounds to me like a security restriction due to the ongoing fight on web lack of secure connectivity

https://superuser.com/questions/770897/firefox-does-not-prompt-for-password-for-http-authenticated-sites-how-to-make-i

I would try it with other browsers to discard it first.

Raul Lapeira Herrero
  • 891
  • 5
  • 19