Update definition and request failed (NTLM/NEGOTIATE)
Hey all,
I try to test a SOAP WebService. Doing so, I created a new SOAP Project and added a remote WSDL file (for the test environment). Now I am trying to update the definitions and endpoints to setup the production environment. However, SoapUI is not able to login to the production webservice and request the proper WSDL.
My guess is that the error belongs to the fact that the test environment uses NTLM authentication (which works as expected), but the prodution envinronment uses NEGOTIATE authentication.
The error log shows the following:
Mon Apr 11 09:57:00 CEST 2016:ERROR:com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlInterfaceDefinition.load(WsdlInterfaceDefinition.java:53) at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlContext.loadDefinition(WsdlContext.java:62) at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlContext.loadDefinition(WsdlContext.java:34) at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionContext.cacheDefinition(AbstractDefinitionContext.java:246) at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionContext.access$400(AbstractDefinitionContext.java:48) at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionContext$Loader.construct(AbstractDefinitionContext.java:219) at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46) at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:131) at java.lang.Thread.run(Unknown Source) Mon Apr 11 09:57:48 CEST 2016:ERROR:com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlInterfaceDefinition.load(WsdlInterfaceDefinition.java:53) at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlContext.loadDefinition(WsdlContext.java:62) at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlContext.loadDefinition(WsdlContext.java:34) at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionContext.cacheDefinition(AbstractDefinitionContext.java:246) at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionContext.access$400(AbstractDefinitionContext.java:48) at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionContext$Loader.construct(AbstractDefinitionContext.java:219) at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46) at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:131) at java.lang.Thread.run(Unknown Source)
The http log (for the production web service) shows the following:
Mon Apr 11 09:55:51 CEST 2016: DEBUG : >> "GET /Services/ServiceUno/ServiceUno.svc?wsdl HTTP/1.1[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : >> "Host: prod.company.com\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : >> "Connection: Keep-Alive[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : >> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : >> "[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : << "HTTP/1.1 401 Unauthorized[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : << "Content-Type: text/html[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : << "Server: Microsoft-IIS/7.5[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : << "WWW-Authenticate: NTLM[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : << "WWW-Authenticate: Negotiate[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : << "X-Powered-By: ASP.NET[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : << "Date: Mon, 11 Apr 2016 07:56:06 GMT[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : << "Content-Length: 1293[\r][\n]"
Mon Apr 11 09:55:51 CEST 2016: DEBUG : << "[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<html xmlns="http://www.w3.org/1999/xhtml">[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<head>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<style type="text/css">[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<!--[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "fieldset{padding:0 15px 10px 15px;} [\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "h1{font-size:2.4em;margin:0;color:#FFF;}[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "h2{font-size:1.7em;margin:0;color:#CC0000;} [\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} [\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "background-color:#555555;}[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "#content{margin:0 0 0 2%;position:relative;}[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "-->[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "</style>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "</head>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<body>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<div id="header"><h1>Server Error</h1></div>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "<div id="content">[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << " <div class="content-container"><fieldset>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << " <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << " <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << " </fieldset></div>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "</div>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "</body>[\r][\n]"
Mon Apr 11 09:55:59 CEST 2016: DEBUG : << "</html>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : >> "GET /Services/ServiceUno/ServiceUno.svc?wsdl HTTP/1.1[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : >> "Host: prod.company.com[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : >> "Connection: Keep-Alive[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : >> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : >> "[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "HTTP/1.1 401 Unauthorized[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "Content-Type: text/html[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "Server: Microsoft-IIS/7.5[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "WWW-Authenticate: NTLM[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "WWW-Authenticate: Negotiate[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "X-Powered-By: ASP.NET[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "Date: Mon, 11 Apr 2016 07:56:16 GMT[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "Content-Length: 1293[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<html xmlns="http://www.w3.org/1999/xhtml">[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<head>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<style type="text/css">[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<!--[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "fieldset{padding:0 15px 10px 15px;} [\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "h1{font-size:2.4em;margin:0;color:#FFF;}[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "h2{font-size:1.7em;margin:0;color:#CC0000;} [\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} [\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "background-color:#555555;}[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "#content{margin:0 0 0 2%;position:relative;}[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "-->[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "</style>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "</head>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<body>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<div id="header"><h1>Server Error</h1></div>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "<div id="content">[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << " <div class="content-container"><fieldset>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << " <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << " <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << " </fieldset></div>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "</div>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "</body>[\r][\n]"
Mon Apr 11 09:56:00 CEST 2016: DEBUG : << "</html>[\r][\n]"
I've already tried the following. But nothing helped:
- Add -Djavax.security.auth.useSubjectCredsOnly=false to the vmoptions config file (Source: SoapUI Forum)
- Add -Djava.net.preferIPv4Stack=true to the vmoptions config file
- Disable/Enable proxy in SoapUI
- Add authentication information to outgoing request in HTTP Settings (Source: SoapUI)
If i try to import the webservice via wsimportor if I curl the webservice with the following parameters, it works.
curl https://prod.company.com/Services/ServiceUno/ServiceUno.svc?wsdl --ntlm -u domain\username:#password curl https://prod.company.com/Services/ServiceUno/ServiceUno.svc?wsdl --ntlm --negotiate -u domain\username:#password curl https://prod.company.com/Services/ServiceUno/ServiceUno.svc?wsdl --negotiate -u domain\username:#password
I read about solutions using a proxy (e.g. Fiddler or Burp Suite).
But are there any solutions without using a 3rd-party tool?
Thank you very much.