HPE Content Manager (HPE RM) Forum

TRIM Webservice User Authentication model

Frequent Contributor.

TRIM Webservice User Authentication model

Hi Guys, I don't know much about Windows or TRIM, but just started on a Ruby on Rails project that involves consuming TRIM web service (Version 6.2). Since the official documentation is based on .NET and Visual Studio, I had to spend quite a lot of time to look at the actual WSDL file to find out what exactly required to send a SOAP request, which TRIM WS can accept. The WSDL is kind of making sense now thanks to soapUI, and the Rails app can do all sorts of TRIM record searching properly.

However, the bit that really confusing me is the authentication. In the official doc, the magic line reads "exec.Credentials = System.Net.CredentialCache.DefaultCredentials;" . My guess is that it will grab the current windows logged in user and pass something to web service, so TRIM WS will know who sends the request. But what exactly is this step doing? what and what format of this credential information got passed, will they be part of soap body, or in the HTTP request header?

And then will TRIM WS use this credential to connect to TRIM workgroup server, and only retrieve the records that this windows user can access based on its permissions inside TRIM?

The biggest problem for me now is this frontend app runs on linux, and getting windows credentials is not that easy. The best I can do at the moment, is let user type in windows login/password and do a NTLM authentication when sending the soap request. I might be naive here, but would this actually be sufficient to do what System.Net.CredentialCache.DefaultCredentials does? :)
Erik Willsey
Acclaimed Contributor.

Re: TRIM Webservice User Authentication model


That line of code is telling the client side web service proxy to execute in the context (and with the credentials) of the current user. It sets the security context of the HTTP request.

The credentials will allow you to access the web service, which will then pass those credntials on over to TRIM and execute the request in the context of that account.

When you're using SoapUI you're probably specifying your own username and password in the properties of the envelope. What usually happens is that the person designing the SOAP requests via SoapUI forget that what they are doing may not work in the context of the account a user might pass through, so be sure you embed a lot of error trapping in your java classes.

You're going to have to work through how to pass through windows credentials via your java proxy classes. I've heard in the past that it required the implementation of an SSRS approach when the web service is secured on windows with NTLM, though that was a ways back and things may have changed.

I hope this helps.

Frequent Contributor.

Re: TRIM Webservice User Authentication model

Thanks Erik, that explains a lot. After I used NTLM authentication to send SOAP request, the Web Service honored user's credential and only retrieved the records that user has access to. Although users still have to type username/password in the Rails web app, I can worry about single sign on stuff later :). Cheers.
Respected Contributor.

Re: TRIM Webservice User Authentication model

We've been unable to resolve the error experienced on our Primary Web enabled server.


As a workaround, we've installed a fresh web service and web client on a secondary server.


Should I be concerned if the Web Service and Web Client only load on the workgroup server when using localhost in the URL?

If we replace localhost with the servername, then it won't load.

Using the servername works fine when remotely accessing the web client or service from my own personal desktop PC.