Configure Client Authentication for Receiver SOAP Adapter

Hi,
Can you please tell me what i should give in receiver soap channel for KeyStoreEntry and KeyStoreView after checking Configure Client Authentication checkbox,as I have got certificate from third party.
Thanks in advance
Best Regards,
Harleen Kaur Chadha

Hi,
Keystore Entry:
Login to Visual Admin --> Server --> Services --> KeyStorage --> TrustedCAs --> Load --> Select the location where you have stored the certificate on your local system
Load function is used as you have already got the certificate....
Once this is done you will find an entry for your certificate in the Entries tab of your TrustedCAs section.
This is your Keystore Entry...in other words it the name of your certificate.
Keystore View:
http://help.sap.com/saphelp_webas630/helpdata/en/16/c0503e1dac5b46e10000000a114084/content.htm
Are you going to consume Logon tickets of the Third party system (which is other than SAP J2ee engine of your XI)? If yes, then you may also need to do some more settings in the J2ee Engine.
Regards,
Abhishek.

Similar Messages

  • Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

    Hello All,
    We are currently building up a HTTPS message exchange with an external client.
    Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
    The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
    Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
    Now we have to configure the addtional Client Authentication.
    At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
    But what are the next steps to get this scenario successfully in place?
    Many thanks in advance!
    Jochen

    Hi Colleagues,
    following Steps still have to be done:
    - Mapping public key to technical user at Java Stack
      As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
    - Be sure CA root certivicate at Database under STRUSTSSO2
    - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
    - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
    Many thanks to all for support!
    Regards,
    Jochen

  • Target url for receiver soap adapter

    Hi everybody
    where will I get the target url to enter in the receiver soap adapter parameters? I got the link from wsdl  under "address location"..But when I open the link from the internet explorer I could see an empty  wsdl 
    <faultstring xml:lang="en">SRT: Wrong Content-Type and empty HTTP-Body received</faultstring>
    thanks
    Ramya

    Hi Ramya,
    When you try opening the URL using web browser, you are not sending any data and hence in response you get an empty message.
    But at the same time, the message shows you that the service corresponding to that URL is invoked, activated and running.
    Give the same URL in your receiver communication channel and try execcuting the scenario, as far as receiver URL is concerned, it should work.
    -Tanaya.

  • SOAP -Client Certificate Authentication in Receiver SOAP Adapter

    Dear All,
    We are working on the below scenario
    SAP R/3 System  -> XI/PI -> Proxy -> Customer
    In this, SAP R/3 System sends a IDOC and XI should give that XML Payload of IDOC to Customer.
    Cusomer gave us the WSDL file and also a Certificate for authentication.
    Mapping - we are using XSLT mapping to send that XML payload as we need to capture the whole XML payload of IDOC into 1 field at the target end ( This was given in the WSDL).
    Now, how can we achieve this Client Certificate authentication in the SOAP Receiver Adapter when we have Proxy server in between PI/XI and Customer system.
    Require your inputs on Client Certificate authentication and Proxy server configuration.
    Regards,
    Srini

    Hi
    Look this blog
    How to use Client Authentication with SOAP Adapter
    http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
    Also refer to "SAP Security Guide XI" at service market place.
    ABAP Proxy configuration
    How do you activate ABAP Proxies?

  • Client Certification for Sender SOAP Adapter

    I am trying to configure an incoming SOAP call to allow client certification for autentication and not ask for username/pwd. I already tried changing the configuration of the SOAP adater in visual admin to have the client certification module with no luck.
    Please let me know if anyone has already done this before.

    Hi,
    Check the link for Client Certificate authentication...
    [http://www.i-barile.it/SDN/EnablingSSL&ClientCertificatesOnTheSAPJ2EEEngine.pdf]
    Regards,
    Prakasu.M

  • Receiver SOAP adapter SSL error - client certificate required?

    Hi all,
    Problem configuring SSL in XI 3.0 NW04 SP17....
    I have followed the config steps from Rahul's excellent weblog at <a href="/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter">How to use Client Authentication with SOAP Adapter</a> (my Basis team have done the Visual Admin steps) and am going through his example as it closely matches my requirement. So, I have a test receiver SOAP adapter sending messages to a web service URL defined for a sender SOAP adapter. My test scenario is:
    <b>Sender File -> <u><i>Receiver SOAP -> Sender SOAP</i></u> -> IDoc Receiver -> IDocs in R/3</b>
    The problem components are in italic and underlined above. My Receiver SOAP Adapter has the web service URL, Certificate Keystore Entry and View entered. If, in the Sender SOAP Adapter, I have an HTTP Security Level of HTTPS Without Client Authentication, the interface works fine (note that Rahul suggests you untick the User Authentication in the Receiver but with this Security Level, it seems to work with or without it).
    The problem is when I set HTTPS <b>With</b> Client Authentication in the Sender. I then get the following error in the message monitor:
    SOAP: response message contains an error XIServer/UNKNOWN/ModuleUnknownException - com.sap.aii.af.mp.module.ModuleException: java.security.AccessControlException: <b>client certificate required caused by: java.security.AccessControlException</b>: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:1111) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl3.process(ModuleLocalLocalObjectImpl3.java:103) at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:250) at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0.process(ModuleProcessorLocalLocalObjectImpl0.java:103) at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:166) at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:421) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.Client.handle(Client.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java(Compiled Code)) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java(Compiled Code)) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java(Compiled Code)) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java(Compiled Code)) at java.security.AccessController.doPrivileged1(Native Method) at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java(Compiled Code)) Caused by: java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:843) ... 22 more
    Has anyone got any idea what this could be caused by?
    Many thanks,
    Stuart Richards

    Have you configured the https port with that keystore entry?
    Check out these links:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/frameset.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/5c/15f73dd0408e5be10000000a114084/frameset.htm
    Regards,
    Henrique.

  • Dynamic username and password for UsernameToken in Receiver Soap Adapter.

    Hi All,
    I am using AXIS Frame work for WS Security Authentication in Receiver SOAP channel. I deployed AXIS and used WSDoAllSender handler. I want to set the username and password parameters in the module dynamically. These have to be extracted from the payload. 
    kindly give me pointers to dynamically assign Username and Password.
    Regards,
    Saipriya.

    continued from the previous entry
    1.  configure the following four handlers in the request chain
    Handler dc
    Handler xireq
    Handler wssec
    Handler trp
    For the xireq and trp handler, you can use the default setting.
    For the dc and wssec handlers, you use the following setting:
    dc: handler.type =  java:com.sap.aii.axis.xi.XI30DynamicConfigurationHandler
    dc: key.1 = write http://sap.com/xi/axis username
    dc: value.1 = user
    wssec: handler.type = java:org.apache.ws.axis.security.WSDoAllSender
    wssec: action = UsernameToken
    wssec: passwordType = PasswordText
    wssec: passwordCallbackClass = com.sap.aii.axis.security.DefaultPasswordCallbackHandler
    2. Create an external password file with user password pairs. For example, if you have three users: orange, banana, and apple, with their passwords: orange, yellow, red,  you create a file with content:
    orange:orange
    banana:yellow
    apple:red
    You name this file to ".password" and place it at the engine's classloader directory (e.g.,
    /usr/sap/E07/JC90/j2ee/cluster/server0)
    3. Prepare the input message containing the user name in the dynamic configuration header that looks like:
    <ns3:DynamicConfiguration xmlns:ns3="http://sap.com/xi/XI/Message/30">
      <ns3:Record name="username" namespace="http://sap.com/xi/axis">orange</ns3:Record>
    </ns3:DynamicConfiguration>
    The namespace and name must match the value used in the key.1 property of the dc handler. As long as they match, you can use any names.
    In this example, the user name value "orange" will be extracted by the dc handler and inserted into the message context.
    4. Send a test message.
    Best regards, Yza

  • More than 10 Authentication Keys in receiver SOAP adapter

    Hi
    My requirement is that I need more than 10 authorization/authentication keys in the receiver SOAP adapter. Is this possible?
    Advanced tab -> Use adapter-specific message attributes -> variable transport binding -> view authorization keys.
    Only 10 entries are provided here. Can I extend this somehow?
    Thanks!
    regards Ole

    Yes..
    These links will help u in it
    Certificate Authentication with SOAP Receiver
    Certificate Authentication with SOAP Receiver

  • WSDL url for sender and receiver SOAP adapter

    Dear Experts,
    I am working on SOAP --> SAP PI --> SAP ECC synchronous scenario. That means I have to create 2 Cc for SOAP i.e. Sender as well as Receiver adapter. I am responsible for creating the Request as well as Response structure in SAP PI. The sender application team is dependent on me to get the WSDL file.
    Please provide the suggestions on the below.
    Sender SOAP adapter.
    1. I will create the WSDL from Sender Aggreement. How to get the url and what is the navigation step? Should I provide the    same url to sender application team to call the service.
    Receiver SOAP adapter:
    2. In the receiver SOAP adapter , Should I have to get the web service parameter of the sender application. As mentioned , I am creating the response structure as well. That means I can not import the WSDL from the sender application. How to get target url in the receiver SOAP Cc.
    I refered to the forum SOAP SENDER - test in soapui but its not clear.
    Regards
    Alice Rebecca
    Edited by: Alice@xi on Dec 20, 2011 5:48 PM

    Dear Bhaskar,
    For synchronous scenario
                                                                Request
    MS Application (SOAP)<--> SAP-PI <--
    > SAP ECC.
                                                                                    Response
    I am creating the Request as well as Response structure in SAP-PI and its agrreement for both
    the ways.
    So for the MS appl team, I will give the WSDL url from the sender agreement to make the request to SAP-ECC.
    Now for receiving the response from SAP ECC, from where I should find the value to enter in the target url of SOAP
    receiver channel.
    1.Should I take the target url value from the MS Application team?
    2.How to know whether  the MS Application or SAP ECC is hosting the web service?
    Regards
    Alice

  • Receiver SOAP adapter - User authentication question

    XI experts,
    Here is the scenario - IDOC > XI > SOAP - Ansynchronous call..
    I need your all help to understand the user authentication on the "Receiver SOAP Adapter"... We are using "HTTP" transport protocol.
    I believe, the userid which we entered in the communication channel needs to have proper security on the web server. The Web server URL starts with "http://lsme
    01.xyz.com/...." .
    Question : Is this usrid and password will be encrypted when XI calls this web service?
    If an answer is "NO" then is there anyway we can encrypt it?
    Thanks in advance!
    Points will be given..
    MP

    XI experts,
    I need an answer to the following question....
    The Web server URL starts with "http://lsme01.xyz.com/...." .
    Question : Is this usrid and password will be encrypted when XI calls this web service?
    If an answer is "NO" then is there anyway we can encrypt it?
    Thanks in advance!
    Points will be given..
    MP

  • Error when setting dynamically the target URL in receiver SOAP Adapter

    Hi,
    I'm setting dynamically (from the mapping) the target URL in the receiver SOAP adapter:
    String url = "http://mosxd30:50000/XISOAPAdapter/MessageServlet?senderParty=&senderService=DUM&receiverParty=&receiverService=&interface=SI_OA_CustomInvoiceData&interfaceNamespace=urn:repsol.com:laboratory:firma";
    DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
    DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP", "TServerLocation");
    conf.put(key, url);
    The receiver adapter fails with:
    "invalid content type for SOAP: TEXT/HTML; HTTP 401 Unauthorized"
    Reading weblogs, etc, the most probable cause for this is a wrong target URL, but then what I did was to set it as a fixed URL in the C.Channel, and it worked, so the URL is fine.
    In the communication channel, I'm using "Configure user authentication", with a user and password, and what I think it's happening is that if I use another different URL dynamically, the channel is ignoring the user authentication settings.
    Any ideas?
    Thanks

    I forgot to say that I've checked the SAP note "FAQ Soap adapter", and it says:
    Q: I get an authorization error "401 Unauthorized" from the adapter's servlet. What went wrong?
               A: The adapter's servlet is protected by default. You must use one of the user names assigned in security role xi_adapter_soap_message for component XISOAPAdapter. Please consult the documentation for Visual Administrator to view and change the security setting.
               The user authentication of the SOAP adapter is not part of the SOAP adapter but of the web container of the J2EE engine. The default authentication setting is defined in the web.xml descriptor file of the SOAP dapter web application. This setting may be modified from Visual Administrator with some restriction. Please refer to the security documentation for the J2EE engine.
               Please note that 710 onwards there is no Visual Administrator instead the Netweaver Administrator is to be used to assign the roles to the user to access the SOAP adater servlet.The user must be assigned one of the following roles SAP_XI_IS_SERV_USER, SAP_XI_APPL_SERV_USER, SAP_XI_DEVELOPER_J2EE, SAP_XI_ADMINISTRATOR_J2EE.
    The target URL is a sender soap adapter (the result of one interface is sent to another one via soap adapter), and it's this one which is complaining because of the authentication I think. But I don't know why it's ignoring the user authentication flag I'm using.

  • Receiver SOAP Adapter (HTTP AXIS)

    Hi Experts,
    I need to use receiver soap adapter to communicate with a WebService, actually it is a AXIS service i can see when i give the soap url in web browser.
    my question is for axis service, does it mean i have to use HTTP AXIS in the receiver channel to request the response for web service server? Can i use HTTP only without AXIS?
    when i use SoapUI to test the webservice, it works fine. But when i use receiver soap adapter with HTTP (without AXIS), it is responding with the belwo error.
    <sap:Error ...>
      <sap:Category>Application</sap:Category>
      <sap:Code area="UNKNOWN">APPLICATION_ERROR</sap:Code>
      <sap:AdditionalText>Application Fault</sap:AdditionalText>
      <sap:ApplicationFaultMessage namespace="http://sap.com/xi/XI/System/Axis/sample">host name</sap:ApplicationFaultMessage>
      <sap:Stack/>
    </sap:Error>
    Experts, please help on this, the major question is HTTP AXIS is required when target web service is an AXIS service?
    Thanks in advance.
    Regards,

    >>my question is for axis service, does it mean i have to use HTTP AXIS in the receiver channel to request the response for web service server? Can i use HTTP only without AXIS?
    You are going to consume webservice. You can use standard SOAP adapter itself to consume the webservice that is built with axis framework.
    Do you have some specific user authentication procedures like SAP Assertion Tickets, username token etc and some specific encapsulation formats (MIME, DIME, MTOM),WS Reliable Messaging  and so then you need SOAP Axis adapter. If you need to consume webservice with standard transport protocol (HTTP or HTTPS) and client authentication etc , our standard SOAP adapter is more than enough.
    Refer this link what axis soap adapter supports

  • Receiver SOAP Adapter error

    Hi All,
             I am getting this response error message in my receiver SOAP Adapter while invoking a synchronous webservice.
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
    - <!--
    Request Message Mapping
      -->
    - <ProcessMessageResponse xmlns="http://Sleek.Integrator.Messaging" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <ProcessMessageResult>Value cannot be null. Parameter name: Request string is a null reference.</ProcessMessageResult>
      </ProcessMessageResponse>
    Thx in advance
    Ravijeet

    Hi All,
             I am still getting the same error value is null. I am not able to track what could be the cause of the error. If I am taking the message from SXMB_MONI and using it in a client tool it is successfully calling the webservice.
    Do we need to explicitly mention in some configuration that content type is soap/xml. SOAP header is omitting the content type or is not specifying "soap/xml" as the content type.
    I am interacting with a WAF websevice, is there any compatibilty issue with Windows Webservice and SAP XI?
    Also what should I pick as the SOAP Action from this wsdl file definition
    <wsdl:portType name="IMessageProcessor">
              <wsdl:operation name="ProcessMessage">
                   <wsdl:input message="tns:IMessageProcessor_ProcessMessage_InputMessage" wsaw:Action="XXX.Messaging/ProcessMessage"/>
                   <wsdl:output message="tns:IMessageProcessor_ProcessMessage_OutputMessage" wsaw:Action="XXX.Messaging/ProcessMessageResponse"/>
              </wsdl:operation>
         </wsdl:portType>
         <wsdl:service name="MessageProcessor">
              <wsdl:port name="BasicHttpBinding_IMessageProcessor" binding="i0:BasicHttpBinding_IMessageProcessor">
                   <soap:address location="http://XXX.com/cardax/provisioningservice"/>
              </wsdl:port>
    Thx in advance
    Ravijeet

  • Error in the Receiver SOAP Adapter

    Hello Experts,
           I am sending an order number by running a report on the ECC 6.0 server to a web service for publishing the information on the web site. The receiver side is configured as Receiver SOAP Adapter . I am getting the following error in the SXMB_MONI Transaction.
    com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: Not enough message parts were received for the operation.
    Kindly let me know to overcome this problem.
    Thanks
    Best Regards
    S Joshi

    Hi Ramesh,
        The message Iam getting in MONI is as follows:
    com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: Not enough message parts were received for the operation.
    This is the response for the request that i am sending for order creation. I did checked the fields also it is same and the values of the fields too. they all are correct. Over and above this it was working fine till last week , but suddendly this week I am getting this error.
    Regards

  • Error using SSL on Receiver Soap Adapter

    Hi there,
    I'm having some problems on connecting to a third-party application running a webservice (meaning, through Receiver Soap Adapter). The third-party appl. demands us to use a SSL connection (its url starts with https), with user authentication through certificate.
    We've installed SAP Java Cryptographic toolkit and have a proper certificate configured on the KeyStorage entry, on Visual Administrator.
    On Soap Adapter, I've configured HTTP Transport Protocol and have selected the "configure certificate authentication" option and selected the certificate, filled the mandatory fields (target URL and soap action) but I keep getting this error message on SXMB_MONI: "com.sap.aii.af.ra.ms.api.DeliveryException: unable to create a socket".
    Is there anything else than installing SAP Java Cryptographic Toolkit to enable SSL on Soap Adapter? Is there another configurations that need to be done?
    Thanks in advance,
    Henrique.

    Hi
    can u please tell me, how u r able to resolve the problem
    i am also stuck in the same error
    basically i am working on SSO b/w three systems.
    EP>XI>R/3
    i am able to do the SSO between the EP-->XI
    but  when i try with EP-->XI->R/3 it is giving me error at the receiver side means receiver soap adapter is not accepting the SAP Logon Ticket.
    can u please tell me what entries should be given in the certificate authentication fields.
    please provide the solution.
    Thanks & Regards
    Rinku Gangwani

Maybe you are looking for

  • Adapter for new itouch on old docking station?

    I am sure this issue has been discussed many times over, but here goes. My newer generation ipods will not charge on older docking stations(multiple) They will play music just fine but they will not draw a charge from these stations. There must exist

  • Empty .exe files?

    I rarely open my hard drive: no need to since everything is on my Dock. But the other day I did open it, and I found several .exe files at the same level as my System, Library, and Applications folders. All of the files were empty (0 bytes), and all

  • Grouping of Top 10 Customers by Sales and Total Sales

    Hi Guys... I need to design a report where I need to include both "Top 10 Customers based on Sales" and "Total Sales for remaining customers". Can you guys help me with a solution. Thanks, Regards, G

  • Upgrading from OIM 10.1.2 to 10.1.4

    In the OAS 10.1.4 Upgrade/Compatibility Guide, Chap 10 is called "Verifying the Upgrade and Decommissioning the Source Oracle Homes" and it says to do the following after OIM 10.1.4 upgrade from 10.1.2: 1. Move MR datafiles out of old 10.1.2 ORACLE_H

  • What is the main advantage in EJB Transactions.

    My question is i can have a stateless bean to accept the client requests and will set the Autocommit of database to false and which will invoke the java bean component based up on transaction code and passes the database connection object . the java