BinarySecurityToken in sender axis adapter
Hi all,
Need pointers for implementing "BinarySecurityToken" in sender axis adapter?
Any references/blogs would be of great help
Thanks in advance.
Hi Tilak,
From your reply, I am not sure if I understand what you want to do with BinarySecurityToken.
If you mean you want to send your certificate using BinarySecurityToken with the signed message, the answer to the question "Can I include the sender's certificate in the signed message using WS-Security?" in the FAQ Note is exactly what you are looking for.
>Can I include the sender's certificate in the signed message using WS-Security?
>Yes. The default setting uses the issuer-serial method and the signed message only includes the name and the serial number of the certificate. To use the direct-reference method, which includes the certificate in the message, the handler parameter signatureKeyIdentifier of com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender must be set to DirectReference. The default value for this parameter is IssuerSerial. See the detailed description of this parameter.
More concretely, the default settting IsssuerSerial generates the x509 certificate serial information within the SecurityTokenReference element. In contrast, the setting DirectReference generates the Reference element within the SecurityTokenRefererence that points to the BinarySecurityToken element that contains your certificate.
Best regards,
Yza
Similar Messages
-
Issue with Sender AXIS Adapter while XML Signing
Hi all,
We are working on a scenario, an external application pushes message to Sender AXIS Adapter in PI. However while testing XML signing we are getting below error:
<faultcode>soapenv:Server.generalException</faultcode>
<faultstring>WSDoAllReceiver: security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: The signature or decryption was invalid</faultstring>
<detail>
Could you please provide your valuable inputs on this?
Thanks,
JayaHi Jaya,
Have you checked if your message is valid? Have you tested it against another server?
Which version of wss4j are you using and which PI version?
How does your module/handler configuration looks?
If the message is valid and the handler is configured correctly, you can set the trace level of org.apache to debug and see what it says.
Best regards, Yza -
Error in Sender AXIS adapter with UsernameToken
Hello,
I'm trying to implement a web service with UsernameToken authentication (legacy >PO>ECC), after research in this forum, some blogs and notes, I've found this approach: Axis Adapter Sender Comm Channel with usernameToken .
I did all steps, but everytime I try to consume the web service, it doesn't work and I get the following error in default trace:
No application classloader can load login module class: com.sap.engine.services.security.server.jaas.DigestLoginModule. Probably application that deployed the login module is stopped and cannot be started.
My system is PO 7.4 SP5.
Do you have any idea?Hi,
May be below links will help you
1. /people/michal.krawczyk2/blog/2005/12/18/xi-sender-mail-adapter--payloadswapbean--step-by-step
2. Have you used method of ConnectionFactory also??
3. 804102
xi 3.0 mail adapter with pop3 user authentication problem
4. 810238
XI 3.0 Mail Adapter for POP3 may not report some errors
Thanks
Swarup -
JMS protocol with AXIS Adapter
Hi,
I need to configure the sender AXIS adapter to access SonicMQ JMS queues via Open LDAP. I looked at the AXIS Adapter documentation and no examples are provided to access SonicMQ via OpenLdap.
I do see the documentation to access the JMS providers directly by specifying the URL as "jms://ABCD"
but what i am looking for is to access the JMS objects via LDAP. The standard SAP JMS Adapter has the functionality to access JMS via LDAP. but i need to use AXIS adapter for WS-Security
Any help is greatly appreciated
Thanks
ChandraHi Chandra,
As far as I know, this is not directly supported via SOAP Axis Adapter. But one question which I would like to ask is are you trying to configure WS Security using Axis Handlers or you are trying to use the WS Security provided by SAP PI i.e. configuring Security Profile in the Sender Channel?
If you are trying to do it with Axis Handlers may be you can try using the Adapter modules specified in this link which can be used tto call Axis Handlers. <http://help.sap.com/saphelp_nwpi71/helpdata/EN/45/a4f8bbdfdc0d36e10000000a114a6b/content.htm>. Although documentation says that this is supported for SOAP adapter but you can still try as the message returned is still a valid AF message.
Best Regards,
Pratik -
Configuring the Sender Axis SOAP Adapter
Hello,
I am trying to configure Sender Axis SOAP Adapter using PI 7.0
The regular inbound address for SOAP messages is: http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel
But the inbound address for AXIS SOAP messages is:
http://host:port/XIAxisAdapter/MessageServlet?parameters
parameters ::= token ( u2018&u2019 token )*
token ::= name u2018=u2019 value
name ::= fieldname
value ::= fieldvalue
fileldname ::= u2018senderPartyu2019 | u2018senderServiceu2019 | u2018receiverPartyu2019 | u2018receiverServiceu2019 |
u2018interfaceu2019 | u2018interfaceNamespaceu2019 | u2018messageIdu2019 | u2018queueNameu2019
fieldvalue ::= urlencoded value
See this link: http://help.sap.com/saphelp_nw70/helpdata/en/45/a4f8bbdfdc0d36e10000000a114a6b/frameset.htm
Can someone give me an example of such URL?
Regards,
Gigi.Hi,
Re: SOAP (Axis) Adapter
Thanks
Vikranth -
My PI Sender Axis SOAP Adapter is giving me the following error when I try and use an EOIO quality of service:
The XI SequenceId must be uppercase and 1-16 characters long.; nested exception is:
com.sap.engine.interfaces.messaging.api.exception.InvalidParamException: The XI SequenceId must be uppercase and 1-16 characters long.
If I use EO then the adapter works fine. Does anyone know if EOIO is supported in the Sender Axis SOAP Adapter? I did notice when I select EOIO there is no text box for the Queue Name.Hi Krishneel,
ExactlyOnceInOrder means that the constructed XI message has its QualityOfService value ExactlyOnceInOrder and it is processed synchronously to the persistence layer of the adapter engine and asynchronously to the target service in the order of persistence.
To guarantee the exactly once delivery of a message, the client must supply a unique message ID for the message.
More on this can be found in the SAP Note 1039369 (FAQ XI Axis Adapter)
Also refer this link on basic info on Sender Axis SOAP Adapter.
http://help.sap.com/saphelp_nw04/helpdata/en/69/a6fb3fea9df028e10000000a1550b0/frameset.htm
rgds
Ven -
Hello Experts,
my scenario is to pick the data from web service and pass it to ECC side.
as i need to pick XML file from web service i used SOAP Axis adapter. configured as given in michal's blog.
the channel in running no errors in RWB, still its not picking the data.
Michal's PI tips: Exchange Rates from an XML file on a web page - REST, AXIS
your inputs on this...
regards,
chinnaHi ,
I have confifured the same folw, it's working for me. please provide if you are getting any error.
Regards
srinivas -
PI 7.11 Receiver SOAP (Axis) Adapter with MTOM (Attachments)
Hello,
Iu2019m trying to configure the Receiver SOAP (Axis) adapter for sending SOAP attachments via MTOM to a third-party webservice, but I'm not getting that PI transform the binary encode64 data in an payload element into a MTOM attachment (xop:include).
The configuration looks like this:
Transport Protocol: HTTP (Axis)
SOAP Version: 1.2
Encapsulation Format: MTOM
Keep Attchments: enabled
Payload Extraction: SOAP Body Child
First of all, could you confirm if this is supported?
Or Axis only supports MTOM for the transport protocol 'File (Axis)' like it seems refered in [Configuring the Receiver Axis SOAP Adapter|http://help.sap.com/saphelp_nwpi711/helpdata/en/45/a3c48c87cd0039e10000000a11466f/frameset.htm]
Can you please provide me some guidance here?
Thanks in advance!
Kind Regards,
AlexandreHello,
I am facing the exact same issue.
I can't seem to set the cookie in the http header after following the guide.
Cookie: WSL-credential=MyOwnCookie
I managed to set the SOAPAction though.
Anyone has any ideas? -
Error while passing URL Dynamically in SOAP AXIS adapter..!!
Hi ,
Idoc> XI>SOAP-AXIS
I am doing a scenario where I need to pass the URL dynamically in SOAP-AXIS adapter by taking the RCVPRN of Idoc.
If
RCVPRN = 100 , message has to go to http://10.190.25.16:8210/file/receiver
RCVPRN = 200 , message has to go to http://10.190.25.16:8210/file/receiver2
RCVPRN = 300 , message has to go to http://10.190.25.16:8210/file/receiver3
I used the below UDF and it is working correctly and generating the URL dynamically .
DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
DynamicConfigurationKey keyHeader1 = DynamicConfigurationKey.create( "http://sap.com/xi/XI/System/SOAP", "TServerLocation");
conf.put(keyHeader1, a);
return "";
The value is coming in SOAP document as expected like below.
<sap:DynamicConfiguration xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
<sap:Record namespace="http://sap.com/xi/XI/System/SOAP" name="TServerLocation">http://10.190.25.16:8210/file/receiver3</sap:Record>
</sap:DynamicConfiguration>
I used the below Configuration modules in receiver SOAP-AXIS adapter as suggested in Note 1028961.
AF_Adapters/axis/AFAdapterBean ---> afreq
AF_Adapters/axis/HandlerBean ---> xireq
AF_Adapters/axis/HandlerBean ---> dc
AF_Adapters/axis/HandlerBean ---> remover
AF_Adapters/axis/HandlerBean ---> trp
AF_Adapters/axis/HandlerBean ---> xires
AF_Adapters/axis/AFAdapterBean ---> afres
xireq -> handler.type-> java:com.sap.aii.axis.xi.XI30OutboundHandler
dc -> handler.type-> javasap.aii.axis.xi.XI30DynamicConfigurationHandler
dc ---> key.1 ---> write http://sap.com/xi/XI/System/SOAP TServerLocation
dc ---> location.1 ---> context
dc ---> value.1 ---> transport.url
remover ---> handler.type ---> java:com.sap.aii.axis.soap.HeaderRemovalHandler
remover ---> namespace ---> http://sap.com/xi/XI/Message/30
trp ---> handler.type ---> java:com.sap.aii.adapter.axis.ra.transport.http.HTTPSender
trp ---> module.pivot ---> true
xires ---> handler.type ---> java:com.sap.aii.axis.xi.XI30OutboundHandler
and I am getting the below error in SOAP-AXIS channel at the point java:com.sap.aii.adapter.axis.ra.transport.http.HTTPSender.
2009-03-02 15:23:44 Success Axis: getting handler trp of java:com.sap.aii.adapter.axis.ra.transport.http.HTTPSender
2009-03-02 15:23:45 Error Axis: error in invocation: (500)internal server error
2009-03-02 15:23:45 Error MP: Exception caught with cause (500)internal server error
2009-03-02 15:23:45 Error Exception caught by adapter framework: (500)internal server error
2009-03-02 15:23:46 Error Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: (500)internal server error: (500)internal server error.
2009-03-02 15:23:46 Error The message status set to NDLV.
Kindly let me know if anyone has any idea what might be wrong?
Note : The given URL is correct one because I cross checked by passing them normally by giving directly in adapter and they are all working and the message is going to receiver.
Thanks
DeepthiHi Stefan,
>> dc -> handler.type-> javasap.aii.axis.xi.XI30DynamicConfigurationHandler
>> dc ---> key.1 ---> write http://sap.com/xi/XI/System/SOAP TServerLocation
>> dc ---> location.1 ---> context
>> dc ---> value.1 ---> transport.url
>> Try read instead of write
When I tried with this, I am getting the below error "Connection refused ".
Success Axis: entering HandlerBean
Success Axis: getting handler trp of java:com.sap.aii.adapter.axis.ra.transport.http.HTTPSender
Error Axis: error in invocation: java.net.ConnectException: Connection refused
Error MP: Exception caught with cause java.net.ConnectException: Connection refused
Error Exception caught by adapter framework: ; nested exception is: java.net.ConnectException: Connection refused
Error Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: ; nested exception is: java.net.ConnectException: Connection refused: java.net.ConnectException: Connection refused.
Success The message status set to WAIT.
It is going successfully when I tried sending directly. Looks like Dynamic Configuration is not working for SOAP-AXIS.
Any Suggestion?
Thanks
Deepthi. -
Exchange rate SAOP-AXIS adapter - SAP PO 7.4
Hi Expert,
My requirement is to fetch exchange xml file from web link : http://www.nationalbanken.dk/DNUK/rates.nsf/rates.xml . I have gone through Michael blog: http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/01/05/michals-pi-tips-exchange-rates-from-an-xml-file-on-a-web-page--rest-axis
And I have done everything same but nothing happening to sender adapter.
It is showing running but no log updated.
I am working SAP PO (Process Orchestration) 7.4 SP3.
I have gone through ......../XIAxisAdapter/MessageServlet and it show below details:
Axis Adapter Message Servlet
Component Versions
Adapter Common Library Version: 1.7.4003.20130911141725.0000, NW731EXT_08_REL (2013-09-11T18:40:12+0000)
Adapter Application Version: 1.7.4003.20130911141725.0000, NW731EXT_08_REL (2013-09-11T18:40:22+0000)
Axis Version: ???
Required Components
Apache-Axis
Error: required component missing --- looking for org.apache.axis.AxisEngine in com.sap.aii.af.axisproviderlib/axis.jar; see http://ws.apache.org/axis/
Jakarta-Commons Discovery
Error: required component missing --- looking for org.apache.commons.discovery.Resource in com.sap.aii.af.axisproviderlib/commons-discovery.jar; see http://jakarta.apache.org/commons/discovery/
Jakarta-Commons Logging
Error: required component missing --- looking for org.apache.commons.logging.Log in com.sap.aii.af.axisproviderlib/commons-logging.jar; see http://jakarta.apache.org/commons/logging/
Optional Components
Thanks in advance!
KumarHI Amit,
I see status as error:
Required Components
Apache-Axis
Error: required component missing --- looking for org.apache.axis.AxisEngine in com.sap.aii.af.axisproviderlib/axis.jar; see http://ws.apache.org/axis/
Jakarta-Commons Discovery
Error: required component missing --- looking for org.apache.commons.discovery.Resource in com.sap.aii.af.axisproviderlib/commons-discovery.jar; see http://jakarta.apache.org/commons/discovery/
Jakarta-Commons Logging
Error: required component missing --- looking for org.apache.commons.logging.Log in com.sap.aii.af.axisproviderlib/commons-logging.jar; see http://jakarta.apache.org/commons/logging/
Number of Missing Components: 3
Status: Error
Thanks,
Kumar -
SOAP Action missing in Axis adapter
Hi,
I am not able to send data to a Web Service using Axis Adapter (SOAP 1.2) and getting an error of "SOAP Action is missing". Can see that SOAP action is missing in the SOAP message sent to Web Service. Communication channel is configured with SOAP Action.
Am on PI 7.10 SP6.
Any help is appreciated!!
Thanks
KiranHello,
I tink you are using receiver SOAP Communication channel... Ask your client to provide the same... because.... your message will be processed at receiver side by using SOAP Action at receiver side...
SOAP action is mandatory for SOAP Receiver communication channels...
Thnx
Subbu -
Hi,
My interface is RFC to Webservier synchronous here i am iusnig SOAP Axis adapter for NTLM authentication.
I am getting the below error in my receiver SOAP Axis adapter
Information MP: processing local module localejbs/AF_Adapters/axis/HandlerBean
12.01.2012 08:12:39.287
Error MP: exception caught with cause org.xml.sax.SAXException: Bad envelope tag: html
Thank you
SrinivasHi Srinivas,
Try having a look at this [OSS Note 1039369 - FAQ XI Axis Adapter|https://websmp130.sap-ag.de/sap(bD1wbCZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1039369]. You will find an FAQ for Axis Adapter there. Also, see a similar thread here: Error in SOAP Sender Communication Channel.
Hope this helps,
Grzegorz -
SSL / X.509 In SOAP Sender/Receiver Adapter
Hi Friends,
We have few third party Java based systems which need to integrate with SAP PI7.1
For this we are using
SOAP Sender from Third PartyTo PI
SOAP Receiver From Pi To Third Party Systems
The Customer Wants to implement SSL.X>509 certificates for encryption and decryption. as one of the option.
we are Facing few issues like.
I am assuming each of the source system webservice calls will have
to use a username/password to authenticate with the PI system
a. Will this use 'basic authentication', ie., credentials sent over as
part of the HTTP header field ?
i.
Assuming we use SSL for transport level security - this is still not secure as the credentials are not encrypted
ii. Is there a way to send in encrypted credentials and for the PI layer to decrypt the same, validate and process the request ?
b. Should we consider using a single sign-on mechanism ?
c Should we consider using X.509 digital certificates ?
i. This would require that the X.509 certs are maintained in the Source & PI webserver Java key stores
d. Should we also consider digitally signing the payload ?
i. This requires using an appropriate hashing algorithm such as SHA-1 or MD5
SOAP Sender /receievr Adapter has few properties not specific to them.How to Acheive this.
Regards
Chandra DasariHi Chandra,
You may try to implement this using the AXIS framework of the SOAP adapter. This provides functionality for handling of X.509 encryption and decryption.
You can generate/get the digital certificate and use it for both transport level as well as message level security. You would not require any additional encoding apart from this.
Coming to your queries:
Q - I am assuming each of the source system web service calls will have to use a username/password to authenticate with the PI system
A - If you are using a certificate, then they can call XI using this certificate. You can share your public certificate with each of the parties.
Q. Will this use 'basic authentication', ie., credentials sent over as part of the HTTP header field?
A - Depends...if you are using basic authentication, then it will not be via X.509. It will be the normal process. These two are two different things.
Q. Assuming we use SSL for transport level security - this is still not secure as the credentials are not encrypted
A - This problem is resolved if you are using digital certificates.
Q. Is there a way to send in encrypted credentials and for the PI layer to decrypt the same, validate and process the request?
A - Yes. It is possible. But then you will have to implement encryption decryption logic at both the ends separately if you are not using certificates.
Q. Should we consider using a single sign-on mechanism?
A - Is your third party part of your landscape? if not then you might want to check and confirm this approach with your security adviser.
Q Should we consider using X.509 digital certificates?
A - Yes...This would resolve most of your problems.
Q. This would require that the X.509 certs are maintained in the Source & PI web server Java key stores
A - Yes.
Q. Should we also consider digitally signing the payload?
A - If you require message level encryption along with transport layer.
Q. This requires using an appropriate hashing algorithm such as SHA-1 or MD5. SOAP Sender /receiver Adapter has few properties not specific to them.How to achieve this.
A - You can provide this option while generating the certificate itself.
Please let me know if this helps.
Cheers,
Sarath. -
How to install SOAP Axis adapter and where is it available ??
Hi,
I heard that SOAP Axis adapter was not initially available for PI 7.0 and was introduced in some later support pack.When I checked the below url I found that some of the components are missing.
http://xi-dev.intranet.com:50000/XIAxisAdapter/MessageServlet
Can anyone please suggest how I can get that pack and where it will be available?
How to install it?
Thanks
Deepthi.Hi Sunil,
Dont mind...one final question, they mentioned in the README file as below..
// Open the SDA archive using some unzip tool and replace the following empty
jar files with the those inclued in Axis 1.4 src package
axis.jar
commons-discovery-0.2.jar
commons-logging-1.0.4.jar
commons-net-1.0.0-dev.jar
wsdl4j-1.5.1.jar
When i checked in the Axis folder, I found so many files.
Do I need to just add this Axis zip file into aii_af_axisprovider.sda Archive file.?
If possible, It would be very helpful if you send the aii_af_axisprovider.sda file which you have deployed into your system?
Thanks
Deepthi -
Problem with Axis Adapter endpoint url in WSDL file.
Dear experts,
We are using PI 7.1 ehp1 with a SOAP to RFC scenarios using the Axis adapter.
We have the XIAxisAdapter as sender Communication Channel and the related Sender Agreement.
When i am looking into the WSDL file of the Sender Agreement than the endpoint contains ...location="host:port/ XISOAPAdapter /MessageServlet"... in stead of ...location="host:port/ XIAxisAdapter /MessageServlet"...
The url with "XISOAPAdapter " will not work. When i export the WSDL file and manually adjust the location to "XIAxisAdapter " everything works fine.
Is it possible to directly generate a correct WSDL with calling the url http://host:50000/dir/wsdl?p=xxxx?
Thanks in advance!
Best regards,
Joost WeghorstHi Sonya,
You can use configuration plan while deploying composite.
The configuration plan enables you to define the URL and property values to use in different environments. During process deployment, the configuration plan is used to search the SOA project for values that must be replaced to adapt the project to the next target environment.
Please refer this doc. for getting introduced to config plan.
http://docs.oracle.com/cd/E29542_01/dev.1111/e10224/sca_lifecycle.htm#SOASE10908
To deploy soa composite with config plan refer this doc:
http://docs.oracle.com/cd/E29542_01/dev.1111/e10224/sca_lifecycle.htm#SOASE85469
Maybe you are looking for
-
Help please! When I try to sync my iPhone it tells me it can't find most of my files for the songs in my iTunes library, although the songs are there!!
-
SMP 3.0: Agentry use of source=INI in JavaBE.ini
Hi Experts. Is it still possible to use the JavaBE.ini for parameter configuration in Agentry 7.0 (on SMP 3.0) ? We will for sure use source=SAP for productions servers, but for local development environments it would be more flexible to use local co
-
Possible to determine who can use Email Encryption?
We are looking to license the Email encryption feature on Ironport. When our reseller asked how many licenses they mentioned that instead of licensing all my users I can license a subset of users, say a department. We would like to only license a su
-
hello all, i want to set up 2 diff pop accounts in mail. they both have diff smtp addresses and im not sure how to do it. thanks wayne
-
Hi Experts, I am creating a database view. I am using this view in my search help(created in se11). Now this view is returning recurring values. I want only the distinct values in my search help. Can anyone please suggest how do I go about it? Regard