GAM - How to debug errors when using External Web Service Authentication Type

Unofficial Content

When an application uses GAM and External Web Services Authentication Type with GAM is configured, if there are any problems with the Authentication Type configuration in GAM, a generic error may occur when a user tries to log in:

Error in webservice response, the service is not responding, please contact the application's administrator. (GAM40)

Below is a guide to identify the cause of this problem and find a solution.

Note that the web service has to send and receive a default structure so that the GAM can use it as an authentication service. The details can be found in this document: External Web Services Authentication Type.

First, make sure that the service responds correctly before trying to authenticate using GAM. One way to check this is to run the URL of the service's WSDL in the browser. Once that is confirmed, check the Authentication Type settings on the GAM Backend. To do so, run the GAM back end (gamhome object), go to "Authentication Types," and in the authentication type already defined click on "update" to confirm the following:

1. Private Encryption Key

The Private Encryption Key specified must be the correct one. This parameter is used to encrypt the user name and password, using GeneXus’ encrypt64 function. The web service must use this key to decrypt using the decrypt64 function. It is not mandatory to specify a key.

2.  Server name

The server name (you can also configure the IP) must be accessible from the application server where the application that uses the GAM is running.

3. Port

The port where the service listens must be specified.

4. Base URL

The base URL consists of the entire content of the URL without the servername:port and service name. For example, if the service URL is as follows:

Specify BASE URL: gxlogin

Another example for the following service URL:

Specify BASE URL: gxlogin/servlet

5. Secure protocol

If the web service listens on HTTPS, as in the previous examples, specify:

Secure protocol= Yes; otherwise, if it listens on HTTP specify Secure protocol= No.

6. Web service name

The web service name must not include the extension.

Here is an example if you have the following service URL:


web service name = agamwslogin
web service extension = aspx

Another example:

web service name = agamwslogin
web service extension = <empty>

How to find out more about the cause of a problem with external web service authentication

If the service is running on HTTP (not HTTPS), you can use a tool such as tcptrace to intercept the communication between client and server in order to better understand the cause of a connection problem.
Tcptrace listens to the communication between client and server. It must be configured so that GAM redirects to the listen port of tcptrace and, in turn, it redirects to the web service.

To do so, follow the steps below:

1. Run the GAM back end and update the external web service authentication type by specifying:

  • server name: localhost (or the server name or IP of the machine where tcptrace is running).
  • server port: 88 (any free port)

As shown in the figure below:

Figure 1.

2. Run tcptrace and set:

  • Listen on port: 88 (the port specified in figure 1).
  • Destination server : <server name where the web service is run>
  • Destination port: <port where the web service listens>

Figure 2.

When the user tries to log in to the system using the defined external web service authentication type, the POST to the service and its HTTP response will be displayed in the tcptrace console, which often helps find the possible causes of errors.