Communication using Sender soap adapter using secured certificates

Similar Messages

• How to use Basis Authentication in Sender SOAP Adapter

  We implemented one Sender SOAP Adapter and we had to implement the modified WEB.XML method to remove the security specification.  We have now asked the developer to correct this situation so we can remove this modification.  The Interface developer would like to use Basic Authentication. If you have an automated interface sending in a SOAP Message, how do you do Basic Authentication? 
  I've tried using:
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  When I do this, I still get the Authentication Pop-Up Window.
  How does the Sending Interface either supply the ID and Password on the incoming SOAP Message or respond to the Authentication Pop-Up?
  Thanks,
  Anne

  By Defualt the web service exposed by you will use Basic Authentication mode only.
  But the way you do Basic Authentication in the web client is platfrom dependent.
  This is not the way to do Basic authentication
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  I am providing you a code snippet on how to Basic Authentication in Java when making the Web Service Call.
  If the client is on some other platform just look for the corresponding api.
  Please award points if you find this answer useful.
  Code Snippet
  URL url = new URL(URL);
  URLConnection connection = url.openConnection();
  if( connection instanceof HttpURLConnection )
  ((HttpURLConnection)connection).setRequestMethod("POST");
       //connection.setRequestProperty("Content-Length",Integer.toString(content.length()) );
       connection.setRequestProperty("Content-Type","text/xml");
       connection.setDoOutput(true);
       String password = User + ":" + Password ;
        //Where con is a URLConnection 
       connection.setRequestProperty ("Authorization", "Basic " + encode(User + ":"+ Password));
       connection.connect();
  Encode Method
  public static String encode (String source) {
  BASE64Encoder enc = new sun.misc.BASE64Encoder();
  return(enc.encode(source.getBytes()));

• IOException: invalid content type for SOAP: TEXT/ using Sender SOAP adapter

  Hi all,
  When I am using Sender SOAP adapter, i am getting (MessagingException: Could not parse XMBMessage. Reason: java.io.IOException: invalid content type for SOAP: TEXT/HTML using connection SOAP_http://sap.com/xi/XI/System) exception.
  From my RWB I can see:
  2009-05-25 16:18:39 Information The message was successfully retrieved from the call queue.
  2009-05-25 16:18:39 Information The message status was set to DLNG.
  2009-05-25 16:18:39 Error Failed to parse the XI system response.
  2009-05-25 16:18:39 Error The message was successfully transmitted to endpoint com.sap.engine.interfaces.messaging.api.exception.MessagingException: XIMessage creation failed (inbound). Reason: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Could not parse XMBMessage. Reason: java.io.IOException: invalid content type for SOAP: TEXT/HTML using connection SOAP_http://sap.com/xi/XI/System.
  2009-05-25 16:18:39 Error The message status was set to FAIL.
  2009-05-25 16:18:39 Error Returning to application. Exception: com.sap.engine.interfaces.messaging.api.exception.MessagingException: XIMessage creation failed (inbound). Reason: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Could not parse XMBMessage. Reason: java.io.IOException: invalid content type for SOAP: TEXT/HTML
  Please help if possible! Thanks!
  Mayank

  Hi,
  Check in SLD your integration engine business system have the following
  pipeline url : http://server:httpport/sap/xi/engine?type=entry
  check Http port also
  After that go to TCODE - SXMB_ADM - integrationn engine configuration and check if your server is configured as HUB with the same url or not.
  Thanks
  Kasturika Phukan

• Sender Soap Adapter communication channel  error

  Dear Experts,
  When i see Sender soap adapter status in Communication channel monitoring.I am getting the status as:
  "Processing Errors in the Last 50 Minutes"
  Thanx in advance

  Aamir,
  My other interface is working fine by giving the following url:
  http://kpmgvm015:8001/XISOAPAdapter/MessageServlet?channel=:KPMG_AU_ALL:RetrieveOpportunityRecord_SOAP_Sender
  I am not using the propsed url.
  Moreover when  i try to give this url in the browser . It is asking of user id and password.
  I am  giving user as : PIAPPLUSER.It gives message servelet is ok.
  In my communication channel monitoring the corresponsing communication channel:
  RetrieveclientRecord_SOAP_Sender is in Red - Processing Errors In the Last 40 Minutes
  Error meesage in Webclient:
    java.security.AccessControlException: PIAPPLUSER has no permission for accessing binding com.sap.aii.af.service.cpa.Binding@d046043a

• SEcurity settings for sender SOAP adapter

  Hey guys
  i m implemeting some security features in sender SOAP adapter by taking help frm www.help.sap.com,i have checked the message security box in sender Communication channel but in sender agreement i dont see any options for Decryt or Validate,i only see Keystore,Issuer and subject.
  i m on SP9 and XI 3.0
  where can i find these options of Decrypt etc?
  thanx
  ahmad

  Hi,
  Please see below links
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f0650f56-7587-2910-7c99-e1b6ffbe4d50
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/BTS06CoreDocs/html/a3229d73-170d-42b7-bab9-12ae5f2d0fa7.asp
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/BTS06CoreDocs/html/f869bd82-df93-45e1-b747-b538820253fb.asp
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/121b053d-0401-0010-539f-f9295efb7bad
  Document security option in webservices
  And also check,
  Launch Visual administrator and navigate to Server->Services->Security Provider. In 'Policy Configurations' tab page, select the component 'sap.com/com.sap.aii.af.soapadapter*XISOAPAdapter'. Then click on the tab page 'Security Roles' and select 'xi_adapter_soap_message'. You will find the groups (equivalent to roles in PFCG) to which this security role (xi_adapter_soap_message) is assigned to. Make sure you assign the PFCG role listed here to the user.
  regards
  Chilla..

• Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

  Hello All,
  We are currently building up a HTTPS message exchange with an external client.
  Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
  The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
  Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
  Now we have to configure the addtional Client Authentication.
  At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
  But what are the next steps to get this scenario successfully in place?
  Many thanks in advance!
  Jochen

  Hi Colleagues,
  following Steps still have to be done:
  - Mapping public key to technical user at Java Stack
    As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
  - Be sure CA root certivicate at Database under STRUSTSSO2
  - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
  - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
  Many thanks to all for support!
  Regards,
  Jochen

• SMIME in sender soap adapter

  Hi,
  I'd like to know the proper format of the POST request to a sender soap adapter with SMIME activated. I've found almost no documentation about it.
  I'm trying to send a document ciphered to PI via soap adapter (HTTP POST). I've done the following steps
  1. I activate SMIME in the sender soap adapter, and I specify "Decrypt" as the security procedure in the sender agreement. I also incorporate the private key in the keystore DEFAULT and reference to it in the sender agreement.
  2. I use OpenSSL to cipher an xml document like this (I use the public certificate associated to the previous private key) :
  --> openssl smime -encrypt -in fich.txt -out fich_encrypted.txt certTesting.pem
  What I get is:
  MIME-Version: 1.0
  Content-Disposition: attachment; filename="smime.p7m"
  Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
  Content-Transfer-Encoding: base64
  MIIC....[base64 content of the file encrypted]
  3. I use CURL to send the HTTP POST request to PI. Previously I get the binary file from the base64 content.
  > POST /XISOAPAdapter/MessageServlet?senderParty=&senderService=BC_1[...]
  > Authorization: Basic c2U[...]
  > Host: pi.[...].com:50000
  > Accept: /
  > Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=fich_encrypted.der
  > User-Agent: Jakarta Commons-HttpClient/3.1
  > Accept-Encoding: text/xml
  > Content-Disposition: attachment; filename=fich_encrypted.der
  > Content-Length: 620
  > Expect: 100-continue
  but I get this error from the SOAP Adapter:
  --> java.io.IOException: invalid content type for SOAP: APPLICATION/PKCS7-MIME.
  I also get the same error if I remove the header Content-Disposition.
  4. If I send the xml file without ciphering (header Content-Type: text/xml;charset=UTF-8) I get the error:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: call failed: java.lang.SecurityException: Exception in Method: VerifySMIME.run(). LocalizedMessage: SecurityException in method: verifySMIME( MessageContext, CPALookupObject ). Message: IllegalArgumentException in method: verifyEnvelopedData( ISsfProfile ). Wrong Content-Type: text/xml;charset=UTF-8. *Expected Content-Type: application/pkcs7-mime or application/x-pkcs7-mime*. Please verify your configuration and partner agreement
  PROBLEM --> I really don't know what the SOAP sender channel is expecting when SMIME is activated. I've tried to send the binary file encripted as an attachment and also directly, but the soap adapter complains.
  Thanks

  HI,
  for XI EP
  Please see the below links so that you can have clear Idea..
  /people/saravanakumar.kuppusamy2/blog/2005/02/07/interfacing-to-xi-from-webdynpro
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/java/integrating%20web%20dynpro%20and%20sap%20xi%20using%20jaxb%20part%20ii.article
  Consuming XI Web Services using Web Dynpro – Part II-/people/riyaz.sayyad/blog/2006/05/08/consuming-xi-web-services-using-web-dynpro-150-part-ii
  Consuming XI Web Services using Web Dynpro – Part I -/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
  /people/sap.user72/blog/2005/09/15/creating-a-web-service-and-consuming-it-in-web-dynpro
  /people/sap.user72/blog/2005/09/15/connecting-to-xi-server-from-web-dynpro
  Regards
  Chilla..

• HTTPS sender soap adapter

  Hi,
  I want to use HTTPS port for one of our SOAP -->RFC sync interface .
  currently we are using  http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel this url and its working fine,
  Here  we want to use  HTTPS  ( HTTPS with client authentication as security level) ,but in our current PI system ( 7.31) is  not enabled https/ports.
  Please let me know how we can enable  HTTPS  port ,let me know the process.
  once HTTPS port is enabled  please let me know the process to use  HTTPS with client authentication as security level)
  Thanks
  Surya

  Hi Surya,
  Base on your requirement ports like 433, 4022 etc as per availability to Trading partners.
  Port mapping should be done in the firewall configuration as your web dispatcher port(This information can be obtained from your basis team / will be managed at the installation time / netweaver administration.)
  80* series is for ABAP ports and 50* series i sfor JAVA port.
  Also check the below link for more information.
  http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/09/20/sender-soap-adapter-https-with-client-authentication
  Thanks and Regards,
  Naveen

• Failed in Message Mapping for Sender SOAP Adapter

  I am using a synchronous Sender SOAP adapter for sending SOAP messages using HTTP security protocol. I am trying to send SOAP messages to XI and then to RFC-R/3. And Responses back from RFC to XI and then to SOAP. I am getting an error for failed in message mapping in SXMB_MONI for converting SOAP messages to RFC. When I debug it in Message Mapping in Integration Repository, it works fine.
  Any help is appreciated.
  Thanks in advance!
  Mrudula

  Hi,
  try to do a full cache refresh
  regards,
  Jakub

• Sender SOAP Adapter, inconsistent behavior

  Hi,
  We are using XI 3.0 SP17. We have noticed some inconsitent behavior with the sender SOAP adapter:
  When sending a valid SOAP message to the adapter, it will reply with:
  <SOAP:Envelope xmlns:SOAP='http://schemas.xmlsoap.org/soap/envelope/'><SOAP:Header/><SOAP:Body/></SOAP:Envelope>
  To me this seems errornous, becuase it is missing "<?xml version='1.0'?>" in the beginning, and thus is not valid XML. This leads to errors on the Client that is sending messages to the Sender SOAP adapter.
  When sending an errornous SOAP message from the client to the XI Sender SOAP adapter, the error message does include the "<?xml version='1.0'?>" + the corresponding error message, so the behavior seems inconsitent and errournous.
  Can someone tell me how the get the Sender SOAP Adapter to include "<?xml version='1.0'?>" in the reply for valid SOAP messages?
  Thanks for any help on this subject!
  -Hans
  PS: Here is an example of an error message from the Sender SOAP adapter, that does include the xml header:
  <?xml version="1.0"?>
  <!-- see the documentation -->
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
       <SOAP:Body>
            <SOAP:Fault>
                 <faultcode>SOAP:Server</faultcode>
                 <faultstring>Server Error</faultstring>
                 <detail>
                      <s:SystemError xmlns:s="http://sap.com/xi/WebService/xi2.0">
                           <context>XIAdapter</context>
                           <code>MalformedMessageException</code>
                           <text><![CDATA[Unexpected content in SOAP:Body; nested exception caused by: com.sap.aii.messaging.util.XMLScanException: Unexpected content in SOAP:Body\tat com.sap.aii.messaging.mo.Message.reparseRootDocument(Message.java:1014)\tat com.sap.aii.messaging.net.MIMEInputSource.readSOAPPart(MIMEInputSource.java:619)\tat com.sap.aii.messaging.net.MIMEInputSource.decodePart(MIMEInputSource.java:611)\tat com.sap.aii.messaging.net.MIMEInputSource.readBody(MIMEInputSource.java:379)\tat com.sap.aii.messaging.net.MIMEServletInputSource.parse(MIMEServletInputSource.java:58)\tat com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:378)\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:760)\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:853)\tat com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)\tat com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)\tat com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)\tat com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)\tat com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)\tat com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)\tat com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)\tat com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)\tat com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)\tat com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)\tat com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)\tat java.security.AccessController.doPrivileged(AccessController.java:180)\tat com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)\tat com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)          ]]></text>
                      </s:SystemError>
                 </detail>
            </SOAP:Fault>
       </SOAP:Body>
  </SOAP:Envelope>

  Hi,
  "Do not use SOAP Envelope" is not really an option for us.
  From help.sap.com:
  If the indicator is set, the adapter expects a message without a SOAP envelope.
  If you have set the indicator, you must also enter nosoap=true in the URL.
  The adapter then puts the whole message in the XI payloads
  So this also requires heavy changes to the client side. It would almost make more sense to use the plain HTTP adapter in that case..
  -Hans

• Dynamic sender SOAP Adapter

  Hi,
  i need to define a web service that could be consumed by any sender system, how could i do this if i need to define the BS in the URL when i create the WSLD undel menu tool-->Define web service
  http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel
  in case its migth be possible, how could i identify which system consume the service, is there any system information where i could get at least the host name or the IP???
  Thanks
  Rodrigo

  >> how could i do this if i need to define the BS in the URL when i create the WSLD undel menu tool-->Define web service
  http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel in case its migth be possible
  Create Webservice using Sender SOAP adapter. Go to sender agreeement, click display wsdl. Save the file . That is your wsdl and it contains all your webservice details that includes sender business system, interface, URL etc.
  >>how could i identify which system consume the service, is there any system information where i could get at least the host name or the IP???
  You create valid service users of PI to communicate and distribute for different consuming systems. When they invoke your webservice they have to use your login credentials. Also you can go with client authentication certifcate(SSL) so that only trusted partners with client certificate can communicate your webservice.
  >>where i could get at least the host name or the IP???
  You dont get those informations. You allow only trusted trading partners to consume your webservice using client authentication and certificate credentials.

• Remove authentication in sender soap adapter pi 7.1

  Hello
  Did anyone manged to remove authentication in PI 7.1 sender soap adapter?
  I have updated file web.xml in the file com.sap.aii.adapter.soap.war
  and now I want to deploy it,but I dont have any sda in the folder
  thx
  Shai

  hi Shai,
  just something to try in case:
  you don't need any java parameters of SOAP sender
  you can try approach from Stefan:
  /people/stefan.grube/blog/2006/09/21/using-the-soap-inbound-channel-of-the-integration-engine
  and then:
  1. in SICF copy the engine service to a new one
  2. put the credentials for this new service inside SICF
  then you will have sender SOAP adapter without a password right?
  I didn't try it but I guess it would work without
  crashing the whole original SOAP sender adapter by
  making changes into web.xml
  Regards,
  Michal Krawczyk

• Special characters in sender soap adapter provoke HTTP 500 error

  Hi,
  SAP R3 is sending a SOAP message to PI through SOAP adapter.
  When the payload does NOT contain german characters like ü, it works fine.
  However, when the payload DOES contain special characters, the SOAP adapter replies with an HTTP 500 code error.
  If I use SoapUI to send the soap message, and setting UTF-8 as the encoding in the program options, it will go through fine. If I change to ISO-8859-1 it will fail.
  I'm thinking in two options:
  - Make sure that SAP R3 sends the message in UTF-8 format (I think this is happening currently), as if SoapUI works, then probably R3 is not using UTF-8.
  - Force the adapter to use UTF-8. Is this possible? In the sender SOAP adapter I've added AF_Modules/MessageTransformBean (type local EB), and then Transform.ContentType for parameter name and --> text/plain;charset=utf-8 for parameter value. The sender adapter will fail then for every message, with or without special characters.
  Anyway, in this link (http://help.sap.com/saphelp_nwpi71/helpdata/EN/a4/f13341771b4c0de10000000a1550b0/frameset.htm) it seems to say that the sender soap adapter cannot be extended with modules, so maybe that's the reason why it fails when trying to add a module.
  Thanks

  If I use SoapUI to send the soap message, and setting UTF-8 as the encoding in the program options, it will go through fine. If I change to ISO-8859-1 it will fail.
  I'm thinking in two options:
  Check the use of option 1 ..... the URL which SAP is using to send the data can containe the encoding information.
  Check this SAP note: https://service.sap.com/sap/support/notes/856597
  From the above note:
  Q: What character encoding is supported by the SOAP sender adapter?
  +you can supply the encoding information with the xmlenc variable in the request URL as in+
  Regards,
  Abhishek.

• XI 3.0 Sender SOAP Adapter Default XI Parameters

  Hi all,
  I've noticed when posting to an inbound comm channel using the sender SOAP adapter that unless I specify a namespace and interface under the 'Default XI Parameters', an error is returned indicating I need to specify default values for the namespace and interface.
  This doesn't make sense.  I don't want to set up a new inbound comm channel for every interface for the same sender service.  As long as the SOAP address location is correct, i.e. sender service and interface are specified correctly, why should I need to set a default namespace and interface?  Also, what is the expected behavior of the default XI parameters?  Should it override what's passed in the SOAP location string?

  Hi,
  I think you have to add:
  Optional: xml.addHeaderLine 0
  Obligatory: try to put the ; between quotation marks like:
  Hope this helps.
  Cheers,
  Paul

• Sender SOAP Adapter: zipped Payload or zipped Attachement possible?

  Hi,
  I've a SOAP --> PI --> Proxy Scenario. As the payload of the message can become quite huge (around 10MB), I'd like to zip the message.
  From the documentation it's not clear for me if the Sender SOAP Adapter can be enhanced with the standard PayloadZipBean:
  "You cannot add your own modules to this adapter" --> so is it possible to use modules provided by SAP?
  If it's not possible: is there another way to send the message zipped via SOAP, e.g. as a additional attachement to the SOAP message, and to unzip the attachement / use the content of it as message payload for mapping?
  Please note: usage of SOAP is a must for that scenario.
  Best regards
  Holger

  > File size is a question due to limited network speed between sender and PI. If I can reduce the data package to be transferred, it'd be a big help. Therefore I'd like to zip the message.
  In this case it would be sufficient to use Content-Encoding gzip.
  This is part of the HTTP protocol and will be unzipped automatically by the HTTP framework, so you need not do anything special in SOAP adapter.
  See http://tools.ietf.org/html/rfc2616#section-14.11
  Check if your SOAP client is able to use that.
  Regards
  Stefan
  Edited by: Stefan Grube on Mar 31, 2009 2:11 PM

• Sender SOAP Adapter problem in PI 7.1

  Hello Everyone,
  I have a problem with Sender SOAP  Adapter
  In PI 7.0 i am able to receive the messages through sender SOAP Adapter for both HTTP and HTTPS. But when i am testing in PI 7.1 i am unable to receive any messages at Adapter level for both HTTP and HTTPS
  All sender leagcy system are getting different error messages like
  1. 400 HTTP Bad request.
  2. Invalid request.
  3. BAPI  error message
  Could any one please assist me in this problem.
  Thanks
  Vick

  Hi Vick,
  Try like this......in ID from your sender agreement in which you have your sender SOAP comm channel, from menu select Display WSDL and then copy the WSDL URL and give it to source applications to use it.............create a service user for them to access PI 7.1 server while sending the SOAP req msg.............
  your source applications may have to generate proxy from this WSDL URL in their application and then they can send a SOAP req msg to your PI 7.1 server............
  Regards,
  Rajeev Gupta