Client Certification for Sender SOAP Adapter

I am trying to configure an incoming SOAP call to allow client certification for autentication and not ask for username/pwd. I already tried changing the configuration of the SOAP adater in visual admin to have the client certification module with no luck.
Please let me know if anyone has already done this before.

Hi,
Check the link for Client Certificate authentication...
[http://www.i-barile.it/SDN/EnablingSSL&ClientCertificatesOnTheSAPJ2EEEngine.pdf]
Regards,
Prakasu.M

Similar Messages

  • Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

    Hello All,
    We are currently building up a HTTPS message exchange with an external client.
    Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
    The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
    Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
    Now we have to configure the addtional Client Authentication.
    At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
    But what are the next steps to get this scenario successfully in place?
    Many thanks in advance!
    Jochen

    Hi Colleagues,
    following Steps still have to be done:
    - Mapping public key to technical user at Java Stack
      As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
    - Be sure CA root certivicate at Database under STRUSTSSO2
    - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
    - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
    Many thanks to all for support!
    Regards,
    Jochen

  • Alias for Sender SOAP Adapter URL

    When I create a web service for an o/b interface using the wizard, I need to give the URL of the pattern
    http://<host:<port>/XISOAPAdapter/MessageServlet?channel=<party>:<service>:<channel>
    Looking at the URL, I think there is servlet that is processing the incoming SOAP messages based on the parameter (channel) and adding the SOAP Header for Sender Service, Sender Interface from that channel before sending it to IE.
    Is there anyway to create aliases for these URLs so that I can have distinct URL for each interface eg. http://<host:<port>/DeliveryConfirmation, http://<host:<port>/InvoiceCheck etc?
    I need to publish web services in custom-built UDDI tool which expects the URLs to be unique. (This uniqueness should not based on the parameter 'channel'). UDDI tool expects the part of the URL before '?' to be unique, which is not in my case. So, I'm thinking of aliases.
    Did anyone create Alias for sender SOAP adapter URL?
    I appreciate your inputs on this.
    thx
    praveen

    Stefan,
    Creating an alias like (http://<host:<port>/DeliveryConfirmation) for each web service makes the end Point URL (http://<host:<port>/DeliveryConfirmation?channel=<party>:<service>:<channel>) unique and my custom-built UDDI server would allow it.
    In this case, all the aliases would be for the same context path '/XISOAPAdapter/MessageServlet', right?
    I see the following on the help page.
    Prerequisites
    You must first have the J2EE Web applications deployed so that their aliases are added to the list of available application aliases. Then you can decide which one to remove from it.
    Do I need to deploy any J2EE Web Application here?
    I'm thinking that since 'XISOAPAdapter/MessageServlet' is already deployed, I just have to create a various aliases for it.
    I highly appreciate your inputs.
    thx
    praveen

  • Failed in Message Mapping for Sender SOAP Adapter

    I am using a synchronous Sender SOAP adapter for sending SOAP messages using HTTP security protocol. I am trying to send SOAP messages to XI and then to RFC-R/3. And Responses back from RFC to XI and then to SOAP. I am getting an error for failed in message mapping in SXMB_MONI for converting SOAP messages to RFC. When I debug it in Message Mapping in Integration Repository, it works fine.
    Any help is appreciated.
    Thanks in advance!
    Mrudula

    Hi,
    try to do a full cache refresh
    regards,
    Jakub

  • SOAP message size limitation for sender soap adapter

    Hi All,
    We are facing critical production issue in case of sender SOAP Adapter,
    If the sender soap message is having 114359 Bytes than the Third party is getting exception and SOAP request is not reaching XI.
    If the message size is less then 100kbytes then no exception will come.
    Is this a limitation that SOAP message size should not exceed 100kbyte?
    Thnaks in advance
    Best Regards,
    Harleen Kaur Chadha

    Hi ,
    Thanks for your inputs,Could you please tell me which hardware configurations are you talking about?
    Are you people talking about harware configurations for XI?
    Best Regards,
    Harleen Kaur Chadha

  • SEcurity settings for sender SOAP adapter

    Hey guys
    i m implemeting some security features in sender SOAP adapter by taking help frm www.help.sap.com,i have checked the message security box in sender Communication channel but in sender agreement i dont see any options for Decryt or Validate,i only see Keystore,Issuer and subject.
    i m on SP9 and XI 3.0
    where can i find these options of Decrypt etc?
    thanx
    ahmad

    Hi,
    Please see below links
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f0650f56-7587-2910-7c99-e1b6ffbe4d50
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/BTS06CoreDocs/html/a3229d73-170d-42b7-bab9-12ae5f2d0fa7.asp
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/BTS06CoreDocs/html/f869bd82-df93-45e1-b747-b538820253fb.asp
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/121b053d-0401-0010-539f-f9295efb7bad
    Document security option in webservices
    And also check,
    Launch Visual administrator and navigate to Server->Services->Security Provider. In 'Policy Configurations' tab page, select the component 'sap.com/com.sap.aii.af.soapadapter*XISOAPAdapter'. Then click on the tab page 'Security Roles' and select 'xi_adapter_soap_message'. You will find the groups (equivalent to roles in PFCG) to which this security role (xi_adapter_soap_message) is assigned to. Make sure you assign the PFCG role listed here to the user.
    regards
    Chilla..

  • Error in accesing the URL for Sender SOAP Adapter

    Hi Experts,
    I am wrkiing on SOAP-XI-Proxy Scenario. i have completed IR, ID and WSDL generation process.
    While Generating the WSDL File I used following URL. (No Party in my case)
    http://domain name:Port no/XISOAPAdapter/MessageServlet?channel=:SYS_BS1:CC_SOAPSender_Test1
    When i run this same URL on the browser, it asks me the username/password.
    After entering the username/password i am gettnig the Following Error.
    Message Servlet is in Status OK
    Status information:
    Servlet com.sap.aii.adapter.soap.web.MessageServlet (Version $Id: //tc/xpi.adapters/NW07_06_REL/src/_soap_application_web_module/webm/api/com/sap/aii/adapter/soap/web/MessageServlet.java#4 $) bound to /MessageServlet
    Classname ModuleProcessor: null
    Lookupname for localModuleProcessorLookupName: localejbs/ModuleProcessorBean
    Lookupname for remoteModuleProcessorLookupName: null
    ModuleProcessorClass not instantiated
    ModuleProcessorLocal is Instance of $Proxy123_10000
    ModuleProcessorRemote not instantiated
    I have confimed that SOAP sender channel is active and configuration object is also tested in ID.
    I have searched the similar threads but not found proper solution.
    Please suggest.
    Regards
    Jagesh

    Hi Prateek,
    I am trying to access the Web service through the following URL and giving the same Error as mentioned above.
    http://Domain Name:Port No/XISOAPAdapter/MessageServlet?channel=:SYS_BS1:CC_SOAPSender_Test1
    I have also confirmed that my login id consist of all the roles of PIAPPLUSER.
    Is there any further settings required or WSDL file needs to be published first???
    Please suggest.
    Thanks & Regards

  • Configure Client Authentication for Receiver SOAP Adapter

    Hi,
    Can you please tell me what i should give in receiver soap channel for KeyStoreEntry and KeyStoreView after checking Configure Client Authentication checkbox,as I have got certificate from third party.
    Thanks in advance
    Best Regards,
    Harleen Kaur Chadha

    Hi,
    Keystore Entry:
    Login to Visual Admin --> Server --> Services --> KeyStorage --> TrustedCAs --> Load --> Select the location where you have stored the certificate on your local system
    Load function is used as you have already got the certificate....
    Once this is done you will find an entry for your certificate in the Entries tab of your TrustedCAs section.
    This is your Keystore Entry...in other words it the name of your certificate.
    Keystore View:
    http://help.sap.com/saphelp_webas630/helpdata/en/16/c0503e1dac5b46e10000000a114084/content.htm
    Are you going to consume Logon tickets of the Third party system (which is other than SAP J2ee engine of your XI)? If yes, then you may also need to do some more settings in the J2ee Engine.
    Regards,
    Abhishek.

  • Sender SOAP Adapter Modules!

    Hi Can anyone guide me how to write a Sender SOAP adapter module ?

    Hi Pooja, thanks for the reply I have seen that.
    Please look at the below forum.
    SOAP Adapter and plain HTTP
    It  says "When you write a module for sender SOAP adapter, you have to deal with the incoming message, as the SOAP adapter first calls the customer module, then creates the XI message."

  • Sender SOAP Adapter issue with webservices for authorization.

    Hi All
    Issue:
    As we are developing a Web Service to fetch account balance from SAP(upon receiving the account no from client) and have given the wsdl file to J2EE application  to call or make use of the service.  But as a part of that service they expect userid/password to be entered manually from client  pop-up.  At this point of time, we don't want to enter userid/password manually but  we want this to be hardcoded/embedded in Webservice so that  there is no need of manual intervention upon calling this service.
    Actual Requirement:
    From Webservices to R/3-ECC6.0-IS-Banking-RFC (Synchronous Interface)
    Sender: SOAP Adapter synchronous
    Receiver: RFC Adapter synchronous
    Note: Requesting a account number and getting response from RFC is account Balance and Date to webservice
    Regards
    Kiran kumar.s

    Hi praveen,
    Thanks for ur  reply.What you said is exactly right but for time being i have to make the client not get the authorization(password--Username and password(pop-up)) when he invokes the WSDL into webservice for that u told that to write some hardcode in J2EE application,but i don't know that where to write and what to write.so, if possible can u give me the code and procedure.
    This is the URL:
    http://hcl3sap:50000/XISOAPAdapter/MessageServlet?channel=:BS_WEBSERVICE:CC_SOAPSENDER
    Regards,
    kiran kumar.

  • IOException: invalid content type for SOAP: TEXT/ using Sender SOAP adapter

    Hi all,
    When I am using Sender SOAP adapter, i am getting (MessagingException: Could not parse XMBMessage. Reason: java.io.IOException: invalid content type for SOAP: TEXT/HTML using connection SOAP_http://sap.com/xi/XI/System) exception.
    From my RWB I can see:
    2009-05-25 16:18:39 Information The message was successfully retrieved from the call queue.
    2009-05-25 16:18:39 Information The message status was set to DLNG.
    2009-05-25 16:18:39 Error Failed to parse the XI system response.
    2009-05-25 16:18:39 Error The message was successfully transmitted to endpoint com.sap.engine.interfaces.messaging.api.exception.MessagingException: XIMessage creation failed (inbound). Reason: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Could not parse XMBMessage. Reason: java.io.IOException: invalid content type for SOAP: TEXT/HTML using connection SOAP_http://sap.com/xi/XI/System.
    2009-05-25 16:18:39 Error The message status was set to FAIL.
    2009-05-25 16:18:39 Error Returning to application. Exception: com.sap.engine.interfaces.messaging.api.exception.MessagingException: XIMessage creation failed (inbound). Reason: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Could not parse XMBMessage. Reason: java.io.IOException: invalid content type for SOAP: TEXT/HTML
    Please help if possible! Thanks!
    Mayank

    Hi,
    Check in SLD your integration engine business system have the following
    pipeline url : http://server:httpport/sap/xi/engine?type=entry
    check Http port also
    After that go to TCODE - SXMB_ADM - integrationn engine configuration and check if your server is configured as HUB with the same url or not.
    Thanks
    Kasturika Phukan

  • How to use Basis Authentication in Sender SOAP Adapter

    We implemented one Sender SOAP Adapter and we had to implement the modified WEB.XML method to remove the security specification.  We have now asked the developer to correct this situation so we can remove this modification.  The Interface developer would like to use Basic Authentication. If you have an automated interface sending in a SOAP Message, how do you do Basic Authentication? 
    I've tried using:
    http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
    When I do this, I still get the Authentication Pop-Up Window.
    How does the Sending Interface either supply the ID and Password on the incoming SOAP Message or respond to the Authentication Pop-Up?
    Thanks,
    Anne

    By Defualt the web service exposed by you will use Basic Authentication mode only.
    But the way you do Basic Authentication in the web client is platfrom dependent.
    This is not the way to do Basic authentication
    http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
    I am providing you a code snippet on how to Basic Authentication in Java when making the Web Service Call.
    If the client is on some other platform just look for the corresponding api.
    Please award points if you find this answer useful.
    Code Snippet
    URL url = new URL(URL);
    URLConnection connection = url.openConnection();
    if( connection instanceof HttpURLConnection )
    ((HttpURLConnection)connection).setRequestMethod("POST");
         //connection.setRequestProperty("Content-Length",Integer.toString(content.length()) );
         connection.setRequestProperty("Content-Type","text/xml");
         connection.setDoOutput(true);
         String password = User + ":" + Password ;
          //Where con is a URLConnection 
         connection.setRequestProperty ("Authorization", "Basic " + encode(User + ":"+ Password));
         connection.connect();
    Encode Method
    public static String encode (String source) {
    BASE64Encoder enc = new sun.misc.BASE64Encoder();
    return(enc.encode(source.getBytes()));

  • Sender SOAP Adapter: zipped Payload or zipped Attachement possible?

    Hi,
    I've a SOAP --> PI --> Proxy Scenario. As the payload of the message can become quite huge (around 10MB), I'd like to zip the message.
    From the documentation it's not clear for me if the Sender SOAP Adapter can be enhanced with the standard PayloadZipBean:
    "You cannot add your own modules to this adapter" --> so is it possible to use modules provided by SAP?
    If it's not possible: is there another way to send the message zipped via SOAP, e.g. as a additional attachement to the SOAP message, and to unzip the attachement / use the content of it as message payload for mapping?
    Please note: usage of SOAP is a must for that scenario.
    Best regards
    Holger

    > File size is a question due to limited network speed between sender and PI. If I can reduce the data package to be transferred, it'd be a big help. Therefore I'd like to zip the message.
    In this case it would be sufficient to use Content-Encoding gzip.
    This is part of the HTTP protocol and will be unzipped automatically by the HTTP framework, so you need not do anything special in SOAP adapter.
    See http://tools.ietf.org/html/rfc2616#section-14.11
    Check if your SOAP client is able to use that.
    Regards
    Stefan
    Edited by: Stefan Grube on Mar 31, 2009 2:11 PM

  • Sender SOAP Adapter, inconsistent behavior

    Hi,
    We are using XI 3.0 SP17. We have noticed some inconsitent behavior with the sender SOAP adapter:
    When sending a valid SOAP message to the adapter, it will reply with:
    <SOAP:Envelope xmlns:SOAP='http://schemas.xmlsoap.org/soap/envelope/'><SOAP:Header/><SOAP:Body/></SOAP:Envelope>
    To me this seems errornous, becuase it is missing "<?xml version='1.0'?>" in the beginning, and thus is not valid XML. This leads to errors on the Client that is sending messages to the Sender SOAP adapter.
    When sending an errornous SOAP message from the client to the XI Sender SOAP adapter, the error message does include the "<?xml version='1.0'?>" + the corresponding error message, so the behavior seems inconsitent and errournous.
    Can someone tell me how the get the Sender SOAP Adapter to include "<?xml version='1.0'?>" in the reply for valid SOAP messages?
    Thanks for any help on this subject!
    -Hans
    PS: Here is an example of an error message from the Sender SOAP adapter, that does include the xml header:
    <?xml version="1.0"?>
    <!-- see the documentation -->
    <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
         <SOAP:Body>
              <SOAP:Fault>
                   <faultcode>SOAP:Server</faultcode>
                   <faultstring>Server Error</faultstring>
                   <detail>
                        <s:SystemError xmlns:s="http://sap.com/xi/WebService/xi2.0">
                             <context>XIAdapter</context>
                             <code>MalformedMessageException</code>
                             <text><![CDATA[Unexpected content in SOAP:Body; nested exception caused by: com.sap.aii.messaging.util.XMLScanException: Unexpected content in SOAP:Body\tat com.sap.aii.messaging.mo.Message.reparseRootDocument(Message.java:1014)\tat com.sap.aii.messaging.net.MIMEInputSource.readSOAPPart(MIMEInputSource.java:619)\tat com.sap.aii.messaging.net.MIMEInputSource.decodePart(MIMEInputSource.java:611)\tat com.sap.aii.messaging.net.MIMEInputSource.readBody(MIMEInputSource.java:379)\tat com.sap.aii.messaging.net.MIMEServletInputSource.parse(MIMEServletInputSource.java:58)\tat com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:378)\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:760)\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:853)\tat com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)\tat com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)\tat com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)\tat com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)\tat com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)\tat com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)\tat com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)\tat com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)\tat com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)\tat com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)\tat com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)\tat java.security.AccessController.doPrivileged(AccessController.java:180)\tat com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)\tat com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)          ]]></text>
                        </s:SystemError>
                   </detail>
              </SOAP:Fault>
         </SOAP:Body>
    </SOAP:Envelope>

    Hi,
    "Do not use SOAP Envelope" is not really an option for us.
    From help.sap.com:
    If the indicator is set, the adapter expects a message without a SOAP envelope.
    If you have set the indicator, you must also enter nosoap=true in the URL.
    The adapter then puts the whole message in the XI payloads
    So this also requires heavy changes to the client side. It would almost make more sense to use the plain HTTP adapter in that case..
    -Hans

  • Sender SOAP adapter error 401

    Hello All,
    Here the scenario is SOAP -> XI -> SAP ECC.
    When the webservice is seding the message I am getting error in Sender SOAP channel.
    Message is not going to Integration Engine.
    Its failing with 401Un Authorized in sender soap adapter channel.My sender soap channel is plain channel with no authentication check and certificated etc.When webservice is seding request to XI its sending wit some usernmae which was there on XI box.I am facing this issue in Quality Env. The same is working fine in Dev box.
    Please give me the list of points that I need to check here.
    Thanks,
    Regards,
    Naresh

    Hi,
    I am facing this issue in Quality Env. The same is working fine in Dev box.
    Once the scenario is transported from Dev to QA the location where the Webservice is hosted will also change
    Hence you will have to change the target URL .....just the HostName / IP address and the port for all the webservices (that you transported to QA)
    Once you are in QA and with no change to the URL the sender (which I suppose is also in QA env) will be still trying to ping the same old Dev-URL....in such situation the sender is bound to get UnAuthorized error....
    So one in all change the URL in your WebService to point to QA and then test....
    Same logic applicable to QA --> PROD
    Regards,
    Abhishek.

Maybe you are looking for

  • Why doesn't my front camera work

    Why doesn't my front camera work

  • SQL Server Reporting Services Multi Color selection

    Hi to All. iam trying to use this swicth condition in SSRS for multi color view. But its not getting can u suggest me  =switch(Fields!AVGSALES.Value<2000 ,"red",Fields!AVGSALES.Value<5000, "blue", Fields!AVGSALES.Value>5000,"yellow"

  • A notification that won't go away

    I've got a notification showing up on my Blackberry in the same place I would normally get notifications for texts or missed calls. It's the wifi signal, with a one next to it. However, whenever I try checking it, nothing shows up. When I was at my l

  • What is a full charge?

    ok.. here is the deal ig to my 5G pod for about um... lets say a week....and i have to charge it everyday, because it's always empties in less then 8 hours ( just music with no back lights) so i connect the USB to the pod and after 2 hours it's charg

  • Export Office 365 User Last Logon Date

    When following this procedure http://technet.microsoft.com/en-US/ms772425 I receive the error below. Any help is appreciated. C:\Get-LastLogonStats.ps1 : A parameter cannot be found that matches parameter name 'InputFile'. At line:1 char:97 + .\Get-L