z*OBSOLETE: Microsoft Windows Server 2003
Microsoft Windows Server 2003
Product Release: V7 (Professional)
Version: 7.7.2  FRA
Database: Microsoft SQL Server 2000 SP3
Application Server OS: Microsoft Windows 2003 Server
Database Server OS: Microsoft Windows 2003 Server
This document was previously published as Siebel SR 38-1708113901.
SymptomsFollowing error was being reported when invoking a Siebel inbound web service :-
SBL-EAI-04501: Cannot reauthenticate operation SiebelAccountQueryById.
CauseThis was due to the WebService definition been partially configured to use WS-Security by setting the Authentication Type to â€œUserName/Password - ClearText".
However, for the "Service Port" definition the Address which contains the URL had the username/password specified.
SolutionSiebel version 7.7 and above has Web Services Security Support.
See Bookshelf reference:
Integration Platform Technologies: Siebel eBusiness Application Integration Volume ll > Web Services > About Web Services Security Support
So to have implemented WS- Security, in addition to setting the Authentication Type to "UserName/Password - ClearText" :-
- Change the Address so the URL did not contain the username and password in the URL
- The URL should have â€œSecureWebServiceâ€ instead of â€œWebServiceâ€ named subsystem (Impersonate=True is defined)
The URL amended to use the eai_anon_enu object manager as in the eapp.cfg this has UseAnonPool is set to TRUE
After that regenerate the WSDL and restart the relevant Object Manager and reconsume the WSDL on the soap client
On the Soap Client side, the Security Header information needed to be sent .
For example :
Please note that it is a manual process to add the security information to the Soap
Request as it is not contained in the WSDL.
Please see following Bookshelf references for more information:
Integration Platform Technologies: Siebel eBusiness Application Integration Volume ll > Web Services > About the WS-Security UserName Token Profile Support
Integration Platform Technologies: Siebel eBusiness Application Integration Volume ll > Web Services > About the WS-Security UserName Token Profile Support > About Support for the UserName Token Mechanism
Integration Platform Technologies: Siebel eBusiness Application Integration Volume ll > Web Services > About the WS-Security UserName Token Profile Support > About Using the UserName Token for Inbound Web Services
In this case, it was decided to not implement WS-Security, so the Authentication Type was set to "None", and WSDL regenerated, object manager restarted and WSDL re-consumed by the Soap Client. After this the Soap Request worked.
Applies to: Siebel Field Service - Version: 220.127.116.11 and later [Release: V8 and later ]
Information in this document applies to any platform.
***Checked for relevance on 10-NOV-2010***
When sending requests to Siebel EAIObjMgr_enu using WS-Security and Totally Anonymous authentication types it fails with an error intermittently.
A similar error as follows appears:
WebSvcInbound WSInboundTrace 3 000024fa4cc02338:0 2010-10-22 02:31:20 Envelope Processing
WebSvcInbound WSInboundTrace 3 000024fa4cc02338:0 2010-10-22 02:31:20 Impersonate
ObjMgrLog Error 1 000024fa4cc02338:0 2010-10-22 02:31:20 (wsfilter.cpp (696)) SBL-EAI-04501: Cannot reauthenticate operation TestQueryByExample.
From the logs it can be observed that some requests are processed successfully for both types but some of them fails intermittently.
CauseIf both types of authentication WS-Security and Totally Anonymous are sent to the same object manager they will share the same task and same anonymous pool.
WS-Security uses the property Impersonate as True and Totally Anonymous requests uses Impersonate as False.
This can cause intermittent failures for inbound requests with the error "SBL-EAI-04501: Cannot reauthenticate".
In order to avoid this issue the recommendation would be creating separated object managers to handle these two types of requests i.e. one object manager would handle WS-Security web services and another one would handle Totally Anonymous web services.
Note that it will be necessary to create different entries in eapps.cfg and web server virtual directory that will point to the new object manager created.
For more information about these types of Web Services and how to configure Siebel components please refer to the following documents:
Bookshelf -> Integration Platform Technologies: Siebel Enterprise Application Integration ->Configuring the Siebel Application to Use the WS-Security Specification
Note 601681.1 How to create a totally anonymous web service in Siebel?
Siebel > Customer Relationship Management > CRM - Enterprise Edition > Siebel Field Service
INTERMITTENT; EAIOBJMGR_ENU; AUTHENTICATION FAILED; WS-SECURITY; INBOUND WEB SERVICE