Configuration of http adapter to reach https-URL

Similar Messages

• How to configure the Http sender adapter

  Now i have look through the sap lib about the http sender adapter
  and i know the url is
  http://hostname:port/path?namespace=<...>
  &interface=<...>&service=<...>&cmd=T&loaderXML=< message object >&end=yes
  My questions are:
  1)the path in the URL is "/sap/xi/adapter_plain", if not, what is it?
  2)the message payload is right?
  any reply is appreciated
  Thank you very much

  Hi Leo,
  For a HHTP Scenario:
  DESIGN:
  1. Create DataTypes for source and Destinations. Create elements for all the text fields of your HTTP Client so that they can all be mapped into the destination file
  2. Create MessageTypes for the two datatypes.
  3. Create Message Interfaces. The One for HTTP is the sender, Asynchronous ( as no response is expected) and one for File is receiver, asynchronous.
  4. Do the mapping. It will be mostly a one to one mapping of the fields.
  5. Create the Interface Mapping.
  Configuration:
  1. Import your Business System under your Configuration Scenario.
  2. Create 2 communication channels. One for Http as a sender and one for your receiver say IDoc.
  Check these links for the configuration part.
  http://help.sap.com/saphelp_nw04/helpdata/en/43/64db4daf9f30b4e10000000a11466f/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/bc/bb79d6061007419a081e58cbeaaf28/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/44/79973cc73af456e10000000a114084/content.htm
  3. Do the Receiver Agreement for Idoc. HTTP doesn’t need a sender agreement.
  4. DO the Receiver Determination and Interface Determination.
  Weblog which talk about the same scenario:-
  /people/sriram.vasudevan3/blog/2005/01/11/demonstrating-use-of-synchronous-asynchronous-bridge-to-integrate-synchronous-and-asynchronous-systems-using-ccbpm-in-sap-xi - although this weblog is
  aimed at explaining the sync-async bridge.. Sriram has taken http-to-file scenario as the example
  (use case) and explained it...
  Check this SDN tv demo, it has detail of HTTP adapter setup.
  https://media.sdn.sap.com/SDNTV/main.asp?mediaId=107
  Refer to this link for adapter settings.
  http://help.sap.com/saphelp_nw04/helpdata/en/0d/5ab43b274a960de10000000a114084/frameset.htm
  You should also have a HTTP client to send message to XI. In the connecting parameters to XI u have to use the URL in the pattern mentioned . U have to give all the configuration details in the URL.
  If you give me your mail id or if you can mail me at [email protected], i can send you a HTTP CLIENT.....In which you need to view the source code and change the username and password to send message to XI.
  Regards,
  Abhy

• Post an XML on HTTPS URL using XI

  Hi All,
  My scenario is SAP SRM - XI - HTTP, where I am posting an XML message from XI to HTTPS URL using HTTP receiver adapter.
  Can you tell me what all step needs to be done to configure HTTP receiver adapter in this case. Also, since I have to post an XML message on HTTPS URL (Which is outside the domain), do I need to apply SSL certificates as well?
  Appreciate your help!!!
  Thanks & Regards,
  Amit

  Hi Amit
  regarding HTTP URl  just check these
  You can use the HTTP adapter. Refer to following SDN TV demo of the HHTP adapter for details steps involved into it.
  https://media.sdn.sap.com/SDNTV/main.asp?mediaId=107
  HTTPS using XMLSPY
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  The HTTPS configuration data of the Adapter Engines has to be configured in the SLD.
  More Information in the "SAP Security Guide XI"
  http://help.sap.com/saphelp_nw04/helpdata/de/f7/c2953fc405330ee10000000a114084/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/43/64db4daf9f30b4e10000000a11466f/content.htm
  Under Security Check for Inbound Messages, you can specify which HTTP Security Level is to be assumed for incoming messages. You can choose from the following security levels:
  &#9675; HTTP (default value)
  &#9675; HTTPS without client authentication
  &#9675; HTTPS with client authentication
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/d23cbe11-0d01-0010-5287-873a22024f79
  http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
  <b>Pls reward if useful </b>

• Configuring Sender HTTPS Connection -- Server/Client Authentification

  Hello together,
  I need to configure an HTTPS Sender Connection with client and server authentication. I have already check the documentation however I am still not sure about the particular steps. My questions are as follows:
  - Do I configure the HTTPS connection on the ABAP or JAVA stack?
  - Is it necessary to setup an HTTP sender communication channel
  - How does the URL look like (compared to HTTP connection)?
  I have provided XI certificates to the client and the client has provided the certificates to me already. So I guess I have to import them somehow on XI.
  Any help is appreciated!
  Thank you very much.

  Hi
  Please follow below steps for HTTPS configuration as sender
  You need to use either SOAP adapter or XI Adapter for HTTPS connectivity.
  Here configure the Security Check for Inbound Messages.
  Refer below links
  http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/4f/0a1640a991c742e10000000a1550b0/frameset.htm
  XI3.0: Soap Sender with HTTPS
  SAP Security Guide XI, HTTP and SSL
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/97/818a4286031253e10000000a155106/frameset.htm
  No configuration is required in the adapter-specific sender channel configuration (inbound) of the Integration Directory.
  The authentication/authorization is performed by the J2EE Engine and therefore needs to be configured with the Visual Administrator. This configuration is described in the J2EE Engine Administration Manual and is outlined in the following section.
  When a message is to be sent to the Adapter Engine (and ultimately to the Integration Server), the J2EE Engine serves as the SSL Server and presents its server certificate to the client as part of the SSL handshake procedure.
  Client-Side Configuration (Required)
  The public certificate of the trusted authority (CA) that signed the public certificate of the SSL server needs to be imported to the list of trusted certificates of the SSL client. This allows the SSL client to accept the certificate of the server in the SSL handshake.
  Server-Side Configuration (Optional)
  If basic authentication is used, no additional configuration is required on server side.
  If client certificate authentication is requested or required by selection of the corresponding option in the SSL service and configuration of the ClientCertLoginModule in the SecurityProvider service (using the J2EE Administration Tool), additional configuration steps are required.
  If the server certificate check on the client side is successful, the client sends its public certificate to the server as part of the SSL handshake (when requested). The server needs to map the certificate to a user for authentication and will then check the authorization based on the security roles of the user.
  Perform the following steps to allow the J2EE engine to map the client certificate to a user:
         1.      Import the CA cert of the client certificate to the list of trusted certificates (TrustedCAs keystore view in the keystore service) and import the client cert to an arbitrary keystore view.
         2.      Map the client certificate to an existing user with role SAP_XI_APPL_SERV_USER by using the Visual Administrator, SecurityProvider service, UserManagement tab page.
  Refer below link
  Here u go
  http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm

• How to do Handshake with tired party(bank) HTTPS URL from SAP PI server

  Dear Expert,
  I have developed bunch of scenarios, all are synchronous ABAP proxy to HTTP_AAE with bank on PI 7.4(dual stack). Bank web server is HTTPS enabled server. Our ABAP developments are still in progress also we have few issue in connection from ECC to PI.but that is not the focus of discussion here.
  we want to do the handshake to check the connectivity with bank on their HTTPS URL from PI. Bank has provided the privet key for SSL from their server and corresponding public key they have maintained on their server. I have imported the private key under NWA -> Certificates -> Key Storage -> TrustedCA->Import Entry->Entry Type->PKCS#12->select the SSL.p12 file->import , also I have selected the option to "Use SSL" in HTTP_AAE receiver communication channel and selected the corresponding entryin  "keystore view" and "keystore entry". All these I have done in our DEV system, and we are trying to connect our PI dev to bank Dev server.
  Questions
  Is there any specific steps to do the handshake with third party HTTPS(bank in my case) server? if not, how can we just test the HTTPS connectivity by using the SSL private installed on our PI server, without running the complete scenarios. Our PI has been installed on UNIX, and "telnet https url 443" is working, as network team has opened the HTTPS port.
  We have not enabled the SSL technically on our PI server, and we have not installed any generated certificate from our PI server. Moreover, we have not made our PI url as "https:hostname:port" as we just need to communicate with bank by using their private key. Do you guys think we should enable the SSL? if yes, please explain why.
  What is the best practice to test the connection with third party having HTTPS URL? how can I just assure HTTPS communication is working fine, before testing my actual scenarios.
  Thanks for helping always.
  Regards,
  Farhan

  Hi Farhan,
  Some part of the blog is applicable for sending HTTPS request to partners/third party (Receiver SOAP Adapter).
  If banks certificates are already in trustedCA, then,  can you check if it also imported under user PIISuser under Identity management in NWA. If above 2 steps are done then i think your are good to go. But be careful when you install certificate, it should be in proper order.
  As you already mentioned, connectivity is already established and you are able to PIng/telnet from pi server, connectivity looks ok.
  While sending request, if you are getting 401 unauthorized, below might be the reason -
  1. Certificate not installed correctly or some missing steps
  2. Partner or TP is not ready to receive it, some certificate issue in there side.
  other than 401 means you are ok (As per certificate and Connectivity) - 403 and 500 errors are next stops.
  403 - error because of encoding method.
  500 - data issue.
  Regards
  Aashish Sinha

• Hitting a HTTPS url from SAP PI

  Dear All,
  Please let me know how to hit a HTTPS url using plain HTTP adapter in SAP PI. I was just provided with a url and user credentials.
  Regards
  Koti Reddy

  Hi Koti,
  Please perform the HTTPS settings mentioned in the below link before you start the using.
  http://scn.sap.com/docs/DOC-26145
  Regards,
  Naveen

• Name of .crl and .crt file missing from HTTP URL in certificate details

  Hello Everyone,
  I am in the process of building a 2-tier Windows Server 2012 R2 PKI. The CA name of both the offline standalone root CA and enterprise subordinate CA have spaces in it (we'll call the CA name, 'Test Lab Root CA' for point of reference).
  When I submitted the certificate request for the subordinate CA to the root CA and viewed the attributes/extensions of the pending request, I noticed the HTTP URL is missing the name of the .crt and .crl file.
  The AIA extension reads URL=http://test.domainname.com/pki/.crt
  in the issued certificate details.
  The CDP extension reads URL=http://test.domainname.com/pki/.crl
  in the issued certificate details.
  The AIA and CDP location HTTP URLs are configured as http://test.domainname.com/pki/<CertificateName>.crt and  http://test.domainname.com/pki/<CRLNameSuffix><DeltaCRLAllowed>.crl, respectively on the
  root CA. 
  The LDAP URL shows the .crt and .crl file name (with %20 replacing the spaces) perfectly fine. The LDAP URL is configured using variables as well. It's just the HTTP URL that is missing the name of the file altogether. 
  I have read about the issue where spaces are not being replaced with %20 in the URL on Windows Server 2012 and a hotfix is available for that issue. But this issue seems to be slightly different and I'm running Windows Server 2012 R2. I tried installing
  the hotfix to see if it would help, but the hotfix can't install because it doesn't apply to Server 2012 R2.
  I've been trying to find a technet discussion or blog article for a week to see if anyone has seen this and what the fix is, but I'm coming up empty. I only find talks about %20 not replacing the space in the name.
  Does anyone have any insight to my particular issue? I don't want to issue the subordinate CA certificate until I know the HTTP URL populates the CRL and CRT file name correctly. I can get around this by typing out the name of the file (with spaces and not
  %20... e.g. http://test.domainname.com/pki/Test Lab Root CA.crl) in the URL via the registry and the URL displays the name of the file (with %20 in the name) when I do another certificate request and check the attributes/extensions in the
  pending request. However, I prefer to avoid manually typing out the name of the file in the registry. I'd like to use the variables if at all possible. 
  Any help/guidance would be greatly appreciated.
  Thank you.

  On Fri, 27 Mar 2015 03:42:28 +0000, Brian Komar [MVP] wrote:
  You have totally messed up the URLs.
  If you run certutil -getreg ca\CRLPublicationURLs and certutil -getreg ca\CACertPublicationURLs, you will see that you do not have correct use of variables when compared to the settings that follow:
  The URLs should be set to the following for an offline CA:
  certutil -setreg CA\CRLPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n2:http://test.domainname.com/pki/%%3%%8%%9.crl"
  *certutil -setreg CA\CACertPublicationURLs  "1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://*test.domainname.com*/pki/%%1_%%3%%4.crt"*
  For an issuing CA, they should be set to:
  The URLs should be set to the following for an offline CA:*certutil -setreg CA\CRLPublicationURLs "65:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n6:http://test.domainname.com/pki/%%3%%8%%9.crl"*
  *certutil -setreg CA\CACertPublicationURLs  "1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://**test.domainname.com**/pki/%%1_%%3%%4.crt"*
  Just a clarification here, if you're running the above certutil commands at
  the command prompt you only need single % characters in the command line.
  The double % characters are only required if the commands are being run in
  a batch file.
  Paul Adare - FIM CM MVP

• How to encrypt UserID and Password in HTTP url

  Hello experts,
       We want to encrypt UserID and Password which has used in http URL in SAP PI 7.1.
  As we have used SOAP adapter with Transport Protocol HTTP for sender server.
  Kindly help us on it.
  Regards,
  Poonam.

  Hi,
  please go through below blog,
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b04408cc-f10e-2c10-b5b7-af11026b2393?QuickLink=index&overridelayout=true
  please go through below threads,
  SOAP Envelope with user id password
  Soap ---to ----file scenario
  regards,
  ganesh.

• Accessing https url EBS R12.1.3 leads to "Internet Explorer cannot display the webpage"

  Hi all,
  DB:11.2.0.3.0
  EBS:12.1.3
  O/S:Solaris SPARC 64 bits
  I.E Browser: 9.0
  Problem Description
  Cloned target database TEST1 from source database TEST2 RMAN full backup. But on accessing https url EBS R12.1.3 leads to "Internet Explorer cannot display the webpage"?
  Autoconfig completes successfully on both DB and Apps Tier and have also ran ojspcompile but still the same issue.
  $ perl ojspCompile.pl --compile --flush -p 2
  logfile set: /t000/test1/inst/apps/TEST1_Hostname/logs/appl/rgf/ojsp/ojsp
  starting...(compiling all)
  using 10i internal ojsp ver: 10
  synchronizing dependency file:
    loading deplist...8095
    enumerating jsps...8095
    updating dependency...0
  initializing compilation:
    eliminating children...6024 (-2071)
  translating and compiling:
    translating jsps...6024/6024 in 7m50s
    compiling jsps...6024/6024 in 35m17s
  Finished!
  Bounced the services there after still the same issue. Could anyone please share the fix if encountered such an issue before.
  Thanks for your time,
  user10088255

  Apache logs have the below entry:
  [Sun Oct 27 02:30:11 2013] [notice]  configured -- resuming normal operations
  [Sun Oct 27 02:30:11 2013] [notice] Accept mutex: fcntl (Default: fcntl)
  [Sun Oct 27 03:03:02 2013] [notice]  configured -- resuming normal operations
  [Sun Oct 27 03:03:02 2013] [notice] Accept mutex: fcntl (Default: fcntl)
  [Sun Oct 27 04:04:59 2013] [notice]  configured -- resuming normal operations
  [Sun Oct 27 04:04:59 2013] [notice] Accept mutex: fcntl (Default: fcntl)
  [Sun Oct 27 04:29:54 2013] [notice]  configured -- resuming normal operations
  [Sun Oct 27 04:29:54 2013] [notice] Accept mutex: fcntl (Default: fcntl)

• To configure a HTTP to RFC scenario

  HI all,
  I am trying to configure a HTTP to RFC scenario.
  I have to get the data from a URL - http://supplierportal.com/.
  I know that the design and configuration part is gonna be the same as any other scenario.
  Can anyone tell me what are the extra configurations that needs to be done for this scenario. I am wondering where do we give the URL from which the data is fetched and how do we get only certain fields from the portal
  Regards
  Arun

  Hi Danus,
  Thank u so much for the informaion.
  The scenario that i am working on is as below.
  There is a customer who raises PO in their own portal. We have been provided a login to their portal for accessing the PO that they raise and we will supply the material to them.Now, we are implementing SAP in our company, our agenda is to get the PO that is created in their portal and create a sales order against that PO and then send them a ASN (anyway this ASN will be separate interface).
  The below are the configuration that i have done...
  Design part:
  1 ) Created the neccessary datatypes and message types for the information that we get from the portal.
  2) Cretaed the message interface :
                        outbound interface - message type (of type with info from portal)
                        inbound interface   - RFC function module.
  3) Done the message mapping and interface mapping.
  Configuration part :
  1) Configured the receiver comm channel.
  2) since there is no need for a sender comm channel and sender agreement (am not sure abt this yet). am stuck with the receiver agreement b'coz we will have to fill the sender details in this part..
  3) As I understand it is the responsibility of the Portal ppl to deliver the PO to the XI link.Right?
  Plz help me to proceed further...
  Thanks and regards
  Arun Kumar
  Message was edited by:
          Arunkumar sukumar

• Configuring Apache HTTP as an RPS

  Longback i configured Apache HTTP as an Reverse proxy to weblogic for singlesignon with OAM.
  that time i downloaded the Apache HTTP server Plugin from the below link
  http://e-docs.bea.com/wls/docs92/plugins/apache.html
  but after oracle aquiring the oracle i can not able to find the link for Apache plugin .
  can any one please upadte the new url to download APACHE HTTP server plugin

  Hi,
  You can download the latest apache plugins from the below link.
  http://www.oracle.com/technology/software/products/ias/htdocs/wls_main.html
  Click on the "see all files" options of the Oracle WebLogic Server 10.3, and you can download the same under the
  Mandatory for 10.3 installers.
  Cheers,
  Raj

• Configuring Apache HTTP as an RPS to weblogic for SSO on PSFT

  Longback i configured Apache HTTP as an Reverse proxy to weblogic for singlesignon with OAM.
  that time i downloaded the Apache HTTP server Plugin from the below link
  http://e-docs.bea.com/wls/docs92/plugins/apache.html
  but after oracle aquiring the oracle i can not able to find the link for Apache plugin .
  can any one please upadte the new url to download APACHE HTTP server plugin

  It seems the WebLogic Server plug-ins for Apache web server are available for download only through My Oracle Support (MetaLink)
  Check below:
  http://www.oracle.com/technology/deploy/security/wls-security/2793.html
  The page mentions that the web server plug-in is available for download via Doc ID # 7825156.
  You can also have a look at http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
  Hope this helps.

• Problem while creating partner link using https URL

  Hi,
  To create the partnerlink using https URL, I had done the following:
  -Imported the self signed certificate into the OraBPELPM_\jdk\jre\lib\security\cacert
  -Added following entries in OraBPELPM_1\integration\jdev\jdev\bin\jdev.conf
  AddVMOption -Djavax.net.ssl.keyStore=E:\OraBPELPM_1\jdk\jre\lib\security\cacert
  AddVMOption -Djavax.net.ssl.keyStorePassword=esbtest123
  I am not able to create partner link using URL https://localhost/orabpel/default/ErrorHandlerBPEL/1.0/ErrorHandlerBPEL?wsdl .
  Able to create partnerlink using same URL if I replace https with http.
  Did I miss any other configuration that needs to done to create partnerlink using https in JDeveloper BPEL Designer.
  Thanks,
  -Vidya

  Hi,
  I  too have the same issue. Appriciate if you share some knowledge on this issue.
  Thanks
  Aravinda

• WSRP Provider reg not working with https url

  Our portal is configured with https, listening to a virtual host (https://portalpilot:4443)
  In order to consume WSRP / JSR168 java portlets we
  - created a new OC4J container (wsrp_dev)
  - installed the portlet-container ( $MIDTIERHOME/j2ee/wsrp_dev/ java -jar wsrp-install.jar)
  - started the container & deployed the samples
  all OK
  but when trying to register the (tested & OK ) url https://portalpilot:4443/portalapp?WSDL
  in the Provider Registration we got an error (error in provider url)
  changing the url to the non-ssl host (http://gogol:7777) was the (pseudo) solution.
  is this behavior by design? we would like to use SSL throughout

  OOS,
  Did the info in the release notes solve your problem?
  It seems to me that the release notes address a similar but different issue. You want to run under https. The release notes are instructing you to change all references to https to http in the WSDL file. I don't see how this would fix the problem of trying to register a WSRP provider with a WSDL URL that uses https.
  The reason I ask is because I am encountering the same problem.
  Thanks.
  Message was edited by:
  user571987

• The https URL hostname does not match the Common Name (CN) on the server.

  Hi,
  I am getting the following error while trying to use https with our self-signed certificates.
  javax.xml.ws.soap.SOAPFaultException: Marshalling Error: The https URL hostname does not match the Common Name (CN) on the server certificate. To disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
  The above error is the error I get, when I try to use the Web Services using https.
  I have added the following lines in cxf.xml but it still doesn't seem to work correctly.
  <http-conf:conduit name="*.http-conduit">
  <!-- deactivate HTTPS url hostname verification (localhost, etc)
  WARNING ! disableCNcheck=true should NOT be used in production -->
  <http-conf:tlsClientParameters disableCNCheck="true" />
  Kindly let me know on what would be the issue here?.

  I had P2V'd a SQL 2008 server and was having this issue.  I tried everything I could find to get the affinity corrected; setting the Lock Pages security policy, trying the affinity commands in Single User mode, etc.
  Then wrighbar's response got me headed in the right direction, but I ran into an issue where the previous engineer had set the Physical SQL server to have affinity on procs 9-16 of a 16 proc box, I could only set up to 8 procs on my VM.  After searching
  for a while for registry keys or config files that might be editable to change the affinity I couldn't find where SQL got that information from.  Finally it hit me, maybe it's stored in the master or msdb datatbases.  
  SOLUTION: I was able to go back to the original Physical machine, change the affinity settings there, Stop SQL on both boxes, then copied MASTER, MODEL, MSDB, TEMPDB from the original Physical machine to the new virtual machine.  All services started
  OK on the virtual machine now and affinity was set the way I needed it.