Mashups, SOAP WebServices and SAML

Many years ago I created a little Mashup that called a MWS SOAP WebService to return invoices for a supplier on a specific day. More recently IFL updated to 13.4, and as part of the 13.4 upgrade we moved to SAML based authentication. Moving to SAML meant that our userbase needed to provide our AD domain name aswell as their username to log in. Not a big issue.

However, requiring the domain means that the authentication of the Mashup SOAP call to MWS now fails. There were some other gotchyas which were I believe unavoidable at the version of Smart Office we were on originally, but I could now address properly.

The running Mashup looked like this

The user keys in the suppler, and then the date and finally clicks on Lookup.

Part of the XAML of my Mashup looked like this:

We can see that the addresses were hardcoded, we also had a double up on the CredentialSource which oddly did create some issues when testing.

Now many years have passed since I built this and I’m now aware of the ability to use ApplicationServices.SystemProfile.GetGridApplicationUrl(“MWS”, “MWS”, GridUrlType.WebService) to retrieve our MWS base URL. I wanted to do something similar with the Mashup.

On the Smart Office blog Rickard had posted this gem

which talked about retrieving the grid application URLs.

From there I was able to determine that {mashup:GridUrl ApplicationType=MWS, Module=MWS, UrlType=WebService} would retrieve my MWS URL and then I could append “services/SupplierInvoices?wsdl”. However, as Karin explains in her post we can’t just change my line of

<mashup:DataParameter Key=”WS.Wsdl” Value=”; />


<mashup:Parameter TargetKey=”BaseUri” SourceKey=”BaseUri” Value=”{mashup:GridUrl ApplicationType=MWS, Module=MWS, UrlType=WebService}/services/SupplierInvoices?wsdl ” />

What I ended up doing was on the Click event of the Lookup Button I will set the WS.Wsdl and WS.Address values on the dpInvoices object

And commented out the values in my dpInvoices object like so

So that done I expected everything to be fine and dandy. However when attempting to do the lookup I would get an error similar to

“http request is unauthorized with the client authentication scheme ‘Basic'”

My suspicion was that it was related to the username lacking the domain, something that I confirmed with the Mashup Designers testing function where I could toggle the “Include the domain for the user” on and off.

However, I couldn’t find a source of information on how to resolve this particular issue.

I ended up examining the code in the Mango.Core assembly – specifically the Mango.Core.DynamicWs.WSDataService in that we have the following snippet

I was curious about the runtime value of WSDataService.KeyCredentialSourceCurrentDomain so I wrote a little script to check

Earlier in the Mango.Core code we have the following line which retrieves the CredentialSource value and stores it in stringValue

We now know that if our DataRequest has a value of CurrentDomain it will call RequestCredentials with the option of ‘true’ to retrieve the domain name.

So, I changed the WS.CredentialSource from Current to CurrentDomain as we see here

And now the Mashup runs correctly and hopefully won’t need to be touched for a long time 🙂

This entry was posted in Development, M3 / MoveX, Mashups, Webservices. Bookmark the permalink.

3 Responses to Mashups, SOAP WebServices and SAML

  1. Venkatesh says:

    Hi Scott,

    We are trying to install M3 13.4 in test environment and facing authentication issues while logging in UI Adapter. I have seen your detailed post with relevant screenshots for version 13.2 installation. Just wondering if there is a post related to 13.4 installation, kindly let me know if there is one.

    Thanks in advance,

  2. Rohan Saxena says:

    great and helpful blog to everyone.. thanks a lot for sharing

  3. Bhumika Lekurwale says:

    This blog really helped me:) thanks a lot for sharing…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s