Salesforce

Does the OpenEdge client support SSL client authentication for consuming SOAP Web Services ?

Printable View
« Go Back

Information

 
TitleDoes the OpenEdge client support SSL client authentication for consuming SOAP Web Services ?
URL NameP100618
Article Number000151504
EnvironmentProduct: OpenEdge
Version: All supported versions
OS: All supported platforms
Question/Problem Description
Does the OpenEdge client support SSL client authentication for consuming SOAP Web Services ?
Does Progress support client-side digital certificates with SSL when consuming SOAP Web Services ?
Does OpenEdge supports two-way SSL when consuming SOAP Web Services ?
Is ABL capable of using SSL client-side digital certificates when consuming SOAP Web Services ?
Does the OpenEdge ABL client support mutual authentication when consuming SOAP Web Services ?
Steps to Reproduce
Clarifying Information
Error Message
Defect Number
Enhancement Number
Cause
Resolution
Client authentication has been implemented in the OpenEdge 11.4 ABL client for consuming SOAP Web Services. This also includes the WSDL Analyzer (bprowsdldoc) command-line utility.

The ABL CONNECT() method for Web Services has  been enhanced with the following parameters (case-sensitive):
 
-WSDLAuth Authentication-type
Specifies if access to a WSDL file requires SSL client authentication. Set this to ssl to enable client authentication for WSDL access. If you set this to basic, the connect method ignores client authentication for WSDL access.
 
-WSDLKeyFile filename | target-database
The location of the client certificate in PEM format. If you do not specify an absolute path of the client certificate file, the connection operation searches the $DLC/keys folder for the client-certificate-file-name.pem file. This option must be set only if -WSDLAuth parameter is set to ssl.
 
-WSDLKeyPwd password
The SSL client certificate password in clear text or encoded format.
 
-sslAuth Authentication-type
Specifies if access to a SOAP service requires SSL client authentication. Set this to ssl to enable client authentication for SOAP access. If you set this to basic, the connect method ignores client authentication for SOAP access.
 
-sslKeyFile filename | target-database
The location of the client certificate. If you do not specify an absolute path of the client certificate file, the connection operation searches the $DLC/keys folder for the client-certificate-file-name.pem file. This option must be set only if -sslAuth parameter is set to ssl.
 
-sslKeyPwd password
The SSL client certificate password in clear text or encoded format.


The WSDL Analyzer has been enhanced with the following parameters:
 
-WSDLAuth Authentication-type
Specifies if the access to a WSDL file requires SSL client authentication. Set this to ssl to enable SSL client authentication for WSDL access. If you set this to Basic, the connect method ignores client authentication for WSDL access.
 
-WSDLKeyFile filename | target-database
Specifies the location of the client certificate. If you do not specify an absolute path of the client certificate file, the connection operation searches the $DLC/keys folder for the client-certificate-file-name.pem file. This option must be updated only if -WSDLAuth parameter is set to ssl.
 
-WSDLKeyPwd password
Specifies, in clear text or encoded format, the password of the client certificate. This option must be updated only if -WSDLAuth parameter is set to ssl.


For previous OpenEdge versions please use the workaround below.
Workaround
Use one of these options as a possible workaround:

- Use  STunnel (www.stunnel.org) as a proxy between the Web Sevice and the OpenEdge client. This is a 3rd-party tool, so it is outside the scope of Progress Technical Support. 

- Use the .NET or Java OpenClient to communicate with the Web Service by using a .NET or Java front-end and the OpenEdge AppServer as the back-end. 

- Generate a .NET client-side proxy using a .NET development environment and then use that proxy with ABL for .NET programming to call the Web Service. Please note that non-UI objects are only supported since OpenEdge 10.2B02.

- Use Sonic to call the Web Service in combination with the OpenEdge SonicMQ Adapter.
Notes
The encoded format of the password can be generated using the 'genpassword' command-line utility, for example:

genpassword -password mypass
3d2b3f262136

The encoded password then needs to be prefixed with oech1:: , so in this example the value for the -WSDLKeyPwd or -ssKeyPwd parameter would become oech1::3d2b3f262136 .


Progress Article(s):
"Using SSL parameters to make a secure WebServices call fails with error 301"

 
Keyword Phrase
Last Modified Date11/20/2020 7:27 AM
Powered by