HTTP basic authentication can have two types of authentication handshake methods, one is Reactive another one is Preemptive,
- The client makes a request for a resource which needs authentication;
- The server returns an HTTP 401 Authorization required response (indicating the authentication scheme and realm) with WWW-Authenticate header.
- The client re-submits the request with an Authentication header;
- The server verifies client credentials and returns the resource if authenticated successfully..
The client can preemptively pass the credentials on the first request. The server returns immediately the resource if authenticated successfully.
Not all the authentication server accepts the Preemptive authentication mode, The NTLM authentication will not support the Preemptive handshake method it should be Reactive.
In Oracle SOA 11g the parnerlink binding property oracle.webservices.preemptiveBasicAuth will help us to set the handshake method accordingly.
- oracle.webservices.preemptiveBasicAuth=false - Reactive mode
- oracle.webservices.preemptiveBasicAuth=true - Preemptive mode
While invoking the service with NTLM authentication the value for the property oracle.webservices.preemptiveBasicAuth should be set as false along with the Basic authentication header properties oracle.webservices.auth.username and oracle.webservices.auth.password.