Hi all We are using Apache OpenCMIS to connect to our FileNet P8 Repository. It works well, but there is an unclarity regarding the authentication mechanism used.
We have seen when we analysed the tcp traffic that both HTTP Basic Authentication and ws-security UserToken Profile are used in the same soap call: POST /fncmis/RepositoryService HTTP/1.1 Content-type: multipart/related;start="<rootpart*5f4ecd63-252f-4c00-a30f-7472e69f9...@example.jaxws.sun.com>";type="application/xop +xml";boundary="uuid:5f4ecd63-252f-4c00-a30f-7472e69f9b2b";start-info="text/xml" X-cmis-client: Apache Chemistry OpenCMIS/0.8.0 Authorization: Basic "Not shown here" Soapaction: "" Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 User-Agent: JAX-WS RI 2.1.7-b01- Host: b0d01042.rz.ch.zurich.com:22281 Connection: keep-alive Content-Length: 1277 --uuid:5f4ecd63-252f-4c00-a30f-7472e69f9b2b Content-Id: <rootpart*5f4ecd63-252f-4c00-a30f-7472e69f9...@example.jaxws.sun.com> Content-Type: application/xop+xml;charset=utf-8;type="text/xml" Content-Transfer-Encoding: binary <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/";><S:Header><Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><Created>2013-06-18T12:46:11Z</Created><Expires>2013-06-19T12:46:11Z</Expires></Timestamp><UsernameToken><Username>XXXXX</Username><Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>XXXXX</Password><Created xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2013-06-18T12:46:11Z</Created></UsernameToken></Security></S:Header><S:Body><ns2:getRepositoryInfo xmlns="http://docs.oasis-open.org/ns/cmis/core/200908/"; xmlns:ns2="http://docs.oasis-open.org/ns/cmis/messaging/200908/";><ns2:repositoryId>GI_CH_DOC01</ns2:repositoryId></ns2:getRepositoryInfo></S:Body></S:Envelope> Is there any way to configure that only one method is used to authenticate? Thank you Regards __________________________________________ Michel Riondel Solution Architect ECM GITS Zurich Insurance Company Austrasse 46 CH-8045 Zürich Schweiz / Switzerland ++41 (0)44 628 94 88 (direkt) ++41 (0)78 946 80 27 (mobil) michel.rion...@zurich.com ******************* BITTE BEACHTEN ******************* Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
