Security settings in Receiver SOAP adapter

Hey guys
i m trying to incorporate some security features in my receiver SOAP adapter and taking help from help.sap.com,it mentions some entries in 'Security setting frame' but i cant find it even though i have checked the message security checkbox in my communication channel.
i m on SP9,is it not available in SP9?
my message protocol is XI 3.0
thanx
ahmad

Ahmad,
SOAP adapter supports SSL and Digital Certificates and you need to configure your SSL on the J2EE stack before you can use the same on your SOAP adapter.
Look into this blog to understand what needs to be done.
/people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
Regards
Bhavesh

Similar Messages

Error in applying security settings in Receiver SOAP Adapter

Hi,
I've used Web Services Security (Oasis standard) and the digital signature and encryption certificate in receiver SOAP adapter and the corresponding Sender Agreement, for adding digital signature and encrypting the message. While sending the message we are getting an error in the adapter engine as below. If anyone can throw light on this it'll be highly appreciated :
2008-07-18 17:00:21 Error SOAP: error occured: com.sap.aii.af.ra.ms.api.RecoverableException: java.security.PrivilegedActionException: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityException in Method: ApplyMessageLevelSecurity.run(). AccessControlException. Please check that your Code has the XiSecurityRuntimePermission.Context: com.sap.aii.af.security.impl.exception.MessageSecurityException: Exception in Method: apply( Message, CPALookupObject ). General exception, no further informations. Message: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: SAXException in Method: run().; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: SAXException in Method: run().. To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: SAXException in Method: run().; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: SAXException in Method: run()..
2008-07-18 17:00:21 Error Exception caught by adapter framework: java.security.PrivilegedActionException: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityException in Method: ApplyMessageLevelSecurity.run(). AccessControlException. Please check that your Code has the XiSecurityRuntimePermission.Context: com.sap.aii.af.security.impl.exception.MessageSecurityException: Exception in Method: apply( Message, CPALookupObject ). General exception, no further informations. Message: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: SAXException in Method: run().; To-String: com.sap.aii
2008-07-18 17:00:21 Error Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: java.security.PrivilegedActionException: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityException in Method: ApplyMessageLevelSecurity.run(). AccessControlException. Please check that your Code has the XiSecurityRuntimePermission.Context: com.sap.aii.af.security.impl.exception.MessageSecurityException: Exception in Method: apply( Message, CPALookupObject ). General exception, no further informations. Message: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: SAXExce.
Thanks,
Dipankar

hi dipanker,
check the note 856597
its usefull
regards
kummari

SEcurity settings for sender SOAP adapter

Hey guys
i m implemeting some security features in sender SOAP adapter by taking help frm www.help.sap.com,i have checked the message security box in sender Communication channel but in sender agreement i dont see any options for Decryt or Validate,i only see Keystore,Issuer and subject.
i m on SP9 and XI 3.0
where can i find these options of Decrypt etc?
thanx
ahmad

Hi,
Please see below links
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f0650f56-7587-2910-7c99-e1b6ffbe4d50
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/BTS06CoreDocs/html/a3229d73-170d-42b7-bab9-12ae5f2d0fa7.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/BTS06CoreDocs/html/f869bd82-df93-45e1-b747-b538820253fb.asp
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/121b053d-0401-0010-539f-f9295efb7bad
Document security option in webservices
And also check,
Launch Visual administrator and navigate to Server->Services->Security Provider. In 'Policy Configurations' tab page, select the component 'sap.com/com.sap.aii.af.soapadapter*XISOAPAdapter'. Then click on the tab page 'Security Roles' and select 'xi_adapter_soap_message'. You will find the groups (equivalent to roles in PFCG) to which this security role (xi_adapter_soap_message) is assigned to. Make sure you assign the PFCG role listed here to the user.
regards
Chilla..

Security in Receiver SOAP Adapter (Axis Framework)

Hi Experts,
I have one requirement regarding Security in Receiver SOAP adapter
My client wants UserNameToken security while sending synchrononus messages from SAP system to third party.
Is anyone knows how to achieve this in AXIS framework(Receiver SOAP adapter) of PI 7.0 ?
Thanks in advance.
Regards
Anku

This is described in SAP Note 1039369 FAQ XI 3.0/7.0 Axis Adapter

Error when setting dynamically the target URL in receiver SOAP Adapter

Hi,
I'm setting dynamically (from the mapping) the target URL in the receiver SOAP adapter:
String url = "http://mosxd30:50000/XISOAPAdapter/MessageServlet?senderParty=&senderService=DUM&receiverParty=&receiverService=&interface=SI_OA_CustomInvoiceData&interfaceNamespace=urn:repsol.com:laboratory:firma";
DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP", "TServerLocation");
conf.put(key, url);
The receiver adapter fails with:
"invalid content type for SOAP: TEXT/HTML; HTTP 401 Unauthorized"
Reading weblogs, etc, the most probable cause for this is a wrong target URL, but then what I did was to set it as a fixed URL in the C.Channel, and it worked, so the URL is fine.
In the communication channel, I'm using "Configure user authentication", with a user and password, and what I think it's happening is that if I use another different URL dynamically, the channel is ignoring the user authentication settings.
Any ideas?
Thanks

I forgot to say that I've checked the SAP note "FAQ Soap adapter", and it says:
Q: I get an authorization error "401 Unauthorized" from the adapter's servlet. What went wrong?
           A: The adapter's servlet is protected by default. You must use one of the user names assigned in security role xi_adapter_soap_message for component XISOAPAdapter. Please consult the documentation for Visual Administrator to view and change the security setting.
           The user authentication of the SOAP adapter is not part of the SOAP adapter but of the web container of the J2EE engine. The default authentication setting is defined in the web.xml descriptor file of the SOAP dapter web application. This setting may be modified from Visual Administrator with some restriction. Please refer to the security documentation for the J2EE engine.
           Please note that 710 onwards there is no Visual Administrator instead the Netweaver Administrator is to be used to assign the roles to the user to access the SOAP adater servlet.The user must be assigned one of the following roles SAP_XI_IS_SERV_USER, SAP_XI_APPL_SERV_USER, SAP_XI_DEVELOPER_J2EE, SAP_XI_ADMINISTRATOR_J2EE.
The target URL is a sender soap adapter (the result of one interface is sent to another one via soap adapter), and it's this one which is complaining because of the authentication I think. But I don't know why it's ignoring the user authentication flag I'm using.

PI 7.1 receiver SOAP adapter using https

Hi all,
In PI 7.1 receiver SOAP adapter using https, what are the configurations necessary in PI box?
Certification, and key store values, security etc etc
-Michael.

>
Michael Johnson wrote:
> I did n't find anything related to 7.1 version
Some leads are provided by help: http://help.sap.com/saphelp_nwpi71/helpdata/EN/56/992d4142badb2be10000000a1550b0/frameset.htm
Regards,
Abhishek.

Receiver SOAP adapter SSL error - client certificate required?

Hi all,
Problem configuring SSL in XI 3.0 NW04 SP17....
I have followed the config steps from Rahul's excellent weblog at <a href="/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter">How to use Client Authentication with SOAP Adapter</a> (my Basis team have done the Visual Admin steps) and am going through his example as it closely matches my requirement. So, I have a test receiver SOAP adapter sending messages to a web service URL defined for a sender SOAP adapter. My test scenario is:
Sender File -> Receiver SOAP -> Sender SOAP -> IDoc Receiver -> IDocs in R/3
The problem components are in italic and underlined above. My Receiver SOAP Adapter has the web service URL, Certificate Keystore Entry and View entered. If, in the Sender SOAP Adapter, I have an HTTP Security Level of HTTPS Without Client Authentication, the interface works fine (note that Rahul suggests you untick the User Authentication in the Receiver but with this Security Level, it seems to work with or without it).
The problem is when I set HTTPS With Client Authentication in the Sender. I then get the following error in the message monitor:
SOAP: response message contains an error XIServer/UNKNOWN/ModuleUnknownException - com.sap.aii.af.mp.module.ModuleException: java.security.AccessControlException: client certificate required caused by: java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:1111) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl3.process(ModuleLocalLocalObjectImpl3.java:103) at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:250) at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0.process(ModuleProcessorLocalLocalObjectImpl0.java:103) at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:166) at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:421) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.Client.handle(Client.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java(Compiled Code)) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java(Compiled Code)) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java(Compiled Code)) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java(Compiled Code)) at java.security.AccessController.doPrivileged1(Native Method) at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java(Compiled Code)) Caused by: java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:843) ... 22 more
Has anyone got any idea what this could be caused by?
Many thanks,
Stuart Richards

Have you configured the https port with that keystore entry?
Check out these links:
http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/5c/15f73dd0408e5be10000000a114084/frameset.htm
Regards,
Henrique.

Receiver SOAP adapter - User authentication question

XI experts,
Here is the scenario - IDOC > XI > SOAP - Ansynchronous call..
I need your all help to understand the user authentication on the "Receiver SOAP Adapter"... We are using "HTTP" transport protocol.
I believe, the userid which we entered in the communication channel needs to have proper security on the web server. The Web server URL starts with "http://lsme
01.xyz.com/...." .
Question : Is this usrid and password will be encrypted when XI calls this web service?
If an answer is "NO" then is there anyway we can encrypt it?
Thanks in advance!
Points will be given..
MP

XI experts,
I need an answer to the following question....
The Web server URL starts with "http://lsme01.xyz.com/...." .
Question : Is this usrid and password will be encrypted when XI calls this web service?
If an answer is "NO" then is there anyway we can encrypt it?
Thanks in advance!
Points will be given..
MP

Receiver SOAP adapter - SPML message

Hi All,
Could you advice how to construct the request spml message in receiver interface and adapter settings(communication channel) to generate the following sample SPML message:
<spml:addRequest targetID=Sleek executionMode=synchronous requestID=1234 xmlns:spml=urn:oasis:names:tc:SPML:2:0>
<spml:psoID ID=11111/>
<spml:data>
<cardholder id=11111 divisionID=Packaging startDate=26-Aug-2006 08:00:00 endDate=30-Aug-2006 11:59:59>
<Cdfs>
<Cdf id=Last Name>ravijeet</Cdf>
<Cdf id=Email>[email protected]</Cdf>
<Cdf id=Registration>ABC-123</Cdf>
</Cdfs>
</cardholder>
</spml:data>
</spml:addRequest>
I can define the data type and message type as per xsd in <spml:data>...</spml:data>
How do I construct the following header:
<spml:addRequest targetID=Sleek executionMode=synchronous requestID=1234 xmlns:spml=urn:oasis:names:tc:SPML:2:0>
<spml:psoID ID=11111/>
</spml:addRequest>
Thanks and regards,
Ravijeet

Hi Shaji,
I need to create the following spml request in my receiver SOAP adapter:
<spml:addRequest targetID=Sleek executionMode=synchronous requestID=1234 xmlns:spml=urn:oasis:names:tc:SPML:2:0>
<spml:psoID ID=11111/>
<spml:data>
<cardholder id=11111 divisionID=Packaging startDate=26-Aug-2006 08:00:00 endDate=30-Aug-2006 11:59:59>
<Cdfs>
<Cdf id=Last Name>ravijeet</Cdf>
<Cdf id=Email>[email protected]</Cdf>
<Cdf id=Registration>ABC-123</Cdf>
</Cdfs>
</cardholder>
</spml:data>
</spml:addRequest>
How do I create the data types for the above message.? How do I create the tag element <spml:addRequest targetID=Sleek executionMode=synchronous requestID=1234 xmlns:spml=urn:oasis:names:tc:SPML:2:0> while I am creating the data type?
My service provisioning system is webservice built on WAF(Windows Application Framework).
The sample request xsd for calling the webservice is :
<xsd:schema xmlns="urn:schemas-XXX" xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
<xsd:element name="cardholder">
<xsd:complexType>
<xsd:attribute name="id" type="xsd:string"/>
<xsd:attribute name="divisionID" type="xsd:string"/>
<xsd:attribute name="startDate" type="xsd:date"/>
<xsd:attribute name="endDate" type="xsd:date"/>
<xsd:sequence>
<xsd:element name="Cdf" minOccurs="0" maxOccurs="unbounded">
<xsd:complexType>
<xsd:attribute name="ID" type="xsd:string"/>
</xsd:element>
</xsd:element>
</xsd:schema>
Thanks in advance
Ravijeet

Receiver SOAP Adapter error

Hi All,
 I am getting this response error message in my receiver SOAP Adapter while invoking a synchronous webservice.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- 
- <ProcessMessageResponse xmlns="http://Sleek.Integrator.Messaging" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ProcessMessageResult>Value cannot be null. Parameter name: Request string is a null reference.</ProcessMessageResult>
</ProcessMessageResponse>
Thx in advance
Ravijeet

Hi All,
 I am still getting the same error value is null. I am not able to track what could be the cause of the error. If I am taking the message from SXMB_MONI and using it in a client tool it is successfully calling the webservice.
Do we need to explicitly mention in some configuration that content type is soap/xml. SOAP header is omitting the content type or is not specifying "soap/xml" as the content type.
I am interacting with a WAF websevice, is there any compatibilty issue with Windows Webservice and SAP XI?
Also what should I pick as the SOAP Action from this wsdl file definition
<wsdl:portType name="IMessageProcessor">
 <wsdl:operation name="ProcessMessage">
 <wsdl:input message="tns:IMessageProcessor_ProcessMessage_InputMessage" wsaw:Action="XXX.Messaging/ProcessMessage"/>
 <wsdl:output message="tns:IMessageProcessor_ProcessMessage_OutputMessage" wsaw:Action="XXX.Messaging/ProcessMessageResponse"/>
 </wsdl:operation>
 </wsdl:portType>
 <wsdl:service name="MessageProcessor">
 <wsdl:port name="BasicHttpBinding_IMessageProcessor" binding="i0:BasicHttpBinding_IMessageProcessor">
 <soap:address location="http://XXX.com/cardax/provisioningservice"/>
 </wsdl:port>
Thx in advance
Ravijeet

In what QOS does the receiver SOAP adapter work BE or EO?

Hi,
In what QOS does the receiver SOAP adapter work BE or EO?
My guess is that it is by default EO, if so how do i make it work like synchronous?
There is no option to set it explicitly.
Thanks]
Shakthi

Siva,
In receiving adapter you can't set the status. The receiving QOS is set in the pipeline by using the Sender Comm.channel QOS.
So for example in SOAP to SOAP scenario, if you set the Sender comm.channel as BE, then through out the Pipeline till it reaches the Receiver Comm.channel the QOS will be considered as BE only( Even though you didn't explicitly said to the Receiver comm.channel).
Hope it helps!
raj.

Error in the Receiver SOAP Adapter

Hello Experts,
I am sending an order number by running a report on the ECC 6.0 server to a web service for publishing the information on the web site. The receiver side is configured as Receiver SOAP Adapter . I am getting the following error in the SXMB_MONI Transaction.
com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: Not enough message parts were received for the operation.
Kindly let me know to overcome this problem.
Thanks
Best Regards
S Joshi

Hi Ramesh,
The message Iam getting in MONI is as follows:
com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: Not enough message parts were received for the operation.
This is the response for the request that i am sending for order creation. I did checked the fields also it is same and the values of the fields too. they all are correct. Over and above this it was working fine till last week , but suddendly this week I am getting this error.
Regards

Error in Adapter engine of receiver soap adapter

Hi All,
There is one production issue i am currently facing in receiver SOAP adapter while interacting with third party web service(Asynchronous call).
Below is the description i am getting in audit logs.
Success SOAP: completed the processing
Error SOAP: response message contains an error XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 401 Invalid Session ID or Session Expired
Success SOAP: sending a delivery error ack ...
Success SOAP: sent a delivery error ack
Error MP: Exception caught with cause com.sap.aii.af.ra.ms.api.RecoverableException: SOAP: response message contains an error XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 401 Invalid Session ID or Session Expired
Error Exception caught by adapter framework: SOAP: response message contains an error XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 401 Invalid Session ID or Session Expired
Error Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: SOAP: response message contains an error XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 401 Invalid Session ID or Session Expired.
Error The message status set to NDLV.
Moreover this is a production issue and interface was running fine till last friday.
Has someone ever faced this issue ?
Please provide your valuable inputs on this.
Thanks
Anku

Hi,
Search in sdn with your error message string,you will find ton of links.
HTTP401 error occurs for many reasons.
still no solution let us know..
Regards,
Raj

More than 10 Authentication Keys in receiver SOAP adapter

Hi
My requirement is that I need more than 10 authorization/authentication keys in the receiver SOAP adapter. Is this possible?
Advanced tab -> Use adapter-specific message attributes -> variable transport binding -> view authorization keys.
Only 10 entries are provided here. Can I extend this somehow?
Thanks!
regards Ole

Yes..
These links will help u in it
Certificate Authentication with SOAP Receiver
Certificate Authentication with SOAP Receiver

Error using SSL on Receiver Soap Adapter

Hi there,
I'm having some problems on connecting to a third-party application running a webservice (meaning, through Receiver Soap Adapter). The third-party appl. demands us to use a SSL connection (its url starts with https), with user authentication through certificate.
We've installed SAP Java Cryptographic toolkit and have a proper certificate configured on the KeyStorage entry, on Visual Administrator.
On Soap Adapter, I've configured HTTP Transport Protocol and have selected the "configure certificate authentication" option and selected the certificate, filled the mandatory fields (target URL and soap action) but I keep getting this error message on SXMB_MONI: "com.sap.aii.af.ra.ms.api.DeliveryException: unable to create a socket".
Is there anything else than installing SAP Java Cryptographic Toolkit to enable SSL on Soap Adapter? Is there another configurations that need to be done?
Thanks in advance,
Henrique.

Hi
can u please tell me, how u r able to resolve the problem
i am also stuck in the same error
basically i am working on SSO b/w three systems.
EP>XI>R/3
i am able to do the SSO between the EP-->XI
but when i try with EP-->XI->R/3 it is giving me error at the receiver side means receiver soap adapter is not accepting the SAP Logon Ticket.
can u please tell me what entries should be given in the certificate authentication fields.
please provide the solution.
Thanks & Regards
Rinku Gangwani

Security settings in Receiver SOAP adapter

Similar Messages

Maybe you are looking for