Solved

HTTPCaller and kerberos

  • 19 November 2018
  • 2 replies
  • 5 views

I am trying to use the HTTPCaller transform to access an internal web application ( mvc5) hosted on IIS8. It always returns an error 500 , regardless of the authentication method used - I suspect ho it passes the account information is the issue as if I disable authentication I get the 401.

The FME desktop is on a dedicated machine with a dedicated account and this account can access the url using IE/Edge without any issues.

I was wondering if the transformer supports Kerberos authentication, and if not, can someone please suggest another method I can use to read a specific web page on our authenticated web application.

Note: We use 2017.1 desktop only and our network is pure Windows with no internal proxy for routing.

Any suggestions at this point would be greatly appreciated, as this is driving me crazy.

icon

Best answer by virtualcitymatt 20 November 2018, 16:18

View original

2 replies

Userlevel 4
Badge +26

Does the web application you have have any kind of REST API? If so there should be some kind of documentation on how to make requests/calls. I'm not sure that the HTTPCaller does support Kerberos as its not listed, although I would just expect this to 'work'.

 

Is there perhaps another method of authenticating? With FME Server the WebUI can be set up to support SSO (Kerberos), however, the REST service does not yet support this and another authentication type is needed with the same credentials (https://knowledge.safe.com/idea/23531/add-support-for-integrated-windows-authentication.html).

 

You could try turning on debug logging to see if there is anymore information/logs coming back, you could also try and get access to the access logs on the web server itself to see if there is more Information about your incoming request.

 

Also it's worth testing your requests with postman (https://www.getpostman.com/). This should be a pretty good test. If you can get a proper response with Postman and not the HTTPCaller then FME is the problem.

Does the web application you have have any kind of REST API? If so there should be some kind of documentation on how to make requests/calls. I'm not sure that the HTTPCaller does support Kerberos as its not listed, although I would just expect this to 'work'.

 

Is there perhaps another method of authenticating? With FME Server the WebUI can be set up to support SSO (Kerberos), however, the REST service does not yet support this and another authentication type is needed with the same credentials (https://knowledge.safe.com/idea/23531/add-support-for-integrated-windows-authentication.html).

 

You could try turning on debug logging to see if there is anymore information/logs coming back, you could also try and get access to the access logs on the web server itself to see if there is more Information about your incoming request.

 

Also it's worth testing your requests with postman (https://www.getpostman.com/). This should be a pretty good test. If you can get a proper response with Postman and not the HTTPCaller then FME is the problem.

Many Thanks.

As suspected , it is a limitation of FME Desktop. It supports login to the web/ restful api, however the session based AD details are lost post initial connection ( under Kerberos this is not the case as the token remains in-play ). The service will always return an error 500 as the restful api call checks the role of the authenticated person before performing the service/functions.

I will recode the restful api to support a different authentication method.

Reply