Configure Web Services Security in PI 7.1

Hi,
I'm getting an error message when using the XI adapter to send encrypted data. I am using SAP PI 7.1 EHP1 SP3.
*Communication error Proxy calls are not permitted on sender or receiver side on the IS (client)
Error during message security handling in outbound channel: Security profile 'Sign and Encrypt Message' *
According to my research I need to get my basis team to configure Web Services Security. I've found the Netweaver 04 configuration guide but I don't think this is relevant. The following help has information on web services security but little or no information. 
http://help.sap.com/saphelp_nwpi711/helpdata/en/44/bc872fc60b7006e10000000a155369/frameset.htm
Is anyone able to point me towards the right document?

>
Park Saeiam wrote:
> Hi
>
> May be that partner you define Integration System not Application system in Business system. try define to application system.
>
> Thanks
> Park
or try use Business services instead.

Similar Messages

  • Web Service Security not configured on this component.

    Hi Experts,
                           Before configuring the scenario, i went to RWB to check whether the comopnents are in active mode or not.
                                  Integration Engine XID 
                                  Business Process Engine XID 
                                  Mapping Runtime XID 
                                  Adapter Engine XID 
                                  Integration Engines
                          All components are in Green mode  Except Integration Engine, The Integration is in yellow mode
                           and shows the following details.
                         Details for 'Is Web service security available?'
                           Web Service Security not configured on this component.
    Can you give the solution for this.

    Hi,
                      1, While sending idoc from sapR/3 to PI , in r/3 sm58 shows the foll error:
    "No service for system SAPQA,client 200 in integration directory"*
                               Even the Bussiness sytem pointing R/3.
    From your initial post, it appears that you are using XID system and from above error, I believe you are trying to send the IDoc from QA system. R3 dev will communicate to PI dev, so verify the partner profile and ports in your IDoc Header settings.
                         2, When i execute the tcode sm58 in PI   it shows the following error:
                                   "Syntax error in program SAPLSXI_AC_CACHE _REFERESH"
    I am kinda confused how come sm58 tcode can show an error for this program, as sm58 is for checking the transactional RFCs and  SAPLSXI_AC_CACHE_REFERESH is for XI Cache refresh for Alert Category. Might be some one else can explain this.
                         3, WHEN I EXECUTE THE tcode SXI_CACHE
                                             Under the *STATUS OF RUNTIME CACHE
                                                           Unable to refresh cache contents
                                                           Error during last attempt toreferesh cache
                                                             (red colour triangle leading above both)
    Check this SAP Note 764176, might help in your situation.
    Worth reading - http://help.sap.com/saphelp_nw04/helpdata/en/0d/28e1c20a9d374cbb71875c5f89093b/frameset.htm
                        4, Still there is no messages in Message monitoring.
    Obviously because of error # 1, you are unable to send IDocs, how come you expect messages to reach PI ... strange, isn't it
    Hope this helps.
    Regards,
    Neetesh

  • Oracle Service Bus 11gR1 - missing Web Services Security Configuration?

    I am trying to configure a web service which uses username token policy.
    The below option is missing in Proxy Service --> Security
    Web Services Security Configuration
    Process WS-Security Header     Yes     NoIs there anything that needs to be enabled for the above to show up in Proxy Service-->Security.

    This option was enabled by removing the username token policy from the wsdl file.
    Thanks for looking.

  • Configuring OpenSSO Web Service Security on Tomcat

    Dear All,
    I want to configure a simple OpenSSO Web Service security for my application. My web service is on Tomcat and I have used JAX-WS.
    Please let me know if there is something we can develop just by configuring OpenSSO properties, instead of writing the WSC and WSP SOAP message handlers.
    Regards,
    Tarak

    Dear All,
    I want to configure a simple OpenSSO Web Service security for my application. My web service is on Tomcat and I have used JAX-WS.
    Please let me know if there is something we can develop just by configuring OpenSSO properties, instead of writing the WSC and WSP SOAP message handlers.
    Regards,
    Tarak

  • Details for 'Is Web service security available?'

    Hi i am working on scenario rfc to webservice.Its as secued webserivce i need to do ssl configuration.
    In component monitoring..for the integration engine its in yellow...
    Details for 'Is Web service security available?'
    Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client)
    can any one please help me out..
    Thanks
    sriram

    I have already installed certificates on the j2ee engine & i have given the paramaters for keystore entry & keystore value.Still i have the same error
    In component monitoring
    For integration engine
    Details for 'Is Web service security available?'
    Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client) 
    In message monitoring
    Audit Log for Message: f614df00-e9e0-11da-95ef-0004ac577b32
    Time Stamp Status Description
    2006-05-22 15:18:58 Success The message was successfully received by the messaging system. Profile: XI URL: http://saptst01:51000/MessagingSystem/receive/AFW/XI
    2006-05-22 15:18:58 Success Using connection AFW. Trying to put the message into the request queue.
    2006-05-22 15:18:58 Success Message successfully put into the queue.
    2006-05-22 15:18:58 Success The message was successfully retrieved from the request queue.
    2006-05-22 15:18:58 Success The message status set to DLNG.
    2006-05-22 15:18:58 Success Delivering to channel: ZCH_VERISIGNPPGR
    2006-05-22 15:18:58 Success SOAP: request message entering the adapter
    2006-05-22 15:18:58 Success SOAP: call failed
    2006-05-22 15:18:58 Error SOAP: error occured: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter
    2006-05-22 15:18:58 Error Exception caught by adapter framework: Peer sent alert: Alert Fatal: illegal parameter
    Can any one please help me out.
    Thanks
    sriram

  • Web Services Security Problem

    hi all,
    I am publishling the BC4J Component(Application module) as a webservice. The particular web service method will be as follows. The method is returning the element object.
    public Element getEmp(String searchString,String selectedItem, int pageNoInput)
    return (Element)hits.writeXML(1,Row.XML_OPT_LIMIT_RANGE);
    I am securing the web service by the instructions which are given in the following link
    http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
    Then i am creating the proxy client. when i run the proxy client it gives me the following exception
    javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
         at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:553)
         at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:390)
         at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
         at aptuitclient.runtime.ReviewProtocolAppModuleServiceSoapHttp_Stub.getEmp(ReviewProtocolAppModuleServiceSoapHttp_Stub.java:91)
         at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.getEmp(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:58)
         at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.main(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:44)
    When i am removing the security for the web service it is giving the Element object.
    The Problem is when i am securing the web service it is giving the above said exception.
    Please help me regarding this... this is very urgent...
    rgds
    Parameswaran

    Hello,
    When you are using WS-Security you need to secure the client too. So in your case the client is the ADF Data Control.
    The way you should configure your data control is documented here:
    - Web Services Security and ADF Data Control
    Regards
    Tugdual Grall

  • Web service security in PI

    Mine is PROXY to SOAP asynchronous.
    PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
    so that at receiver statem they can validate the user using these.
    When i am calling webservice from soapui with the header parameters
    Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>xxxxx</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
    <wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
    <wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    What configuration needs to be done in PI.

    I got this in Runtime work bench
    <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
    - <SOAP:Header>
    - <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
      <sap:MessageClass>ApplicationMessage</sap:MessageClass>
      <sap:ProcessingMode>asynchronous</sap:ProcessingMode>
      <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
      <sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
    - <sap:Sender>
      <sap:Party agency="" scheme="" />
      <sap:Service>test2310</sap:Service>
      </sap:Sender>
    - <sap:Receiver>
      <sap:Party agency="" scheme="" />
      <sap:Service>test_serivce</sap:Service>
      </sap:Receiver>
      <sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
      </sap:Main>
    - <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
      <sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
      </sap:ReliableMessaging>
    - <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
      <sap:TraceLevel>Fatal</sap:TraceLevel>
      <sap:Logging>On</sap:Logging>
      </sap:Diagnostic>
    - <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    - <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
      <sap:Engine type="BS">test_serivce</sap:Engine>
      <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
      <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
      <sap:Info>3.0</sap:Info>
      </sap:Hop>
    - <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
      <sap:Engine type="IS">is.68.devai020</sap:Engine>
      <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
      <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
      <sap:Info>3.0</sap:Info>
      </sap:Hop>
    - <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
      <sap:Engine type="AE">af.dxi.devai020</sap:Engine>
      <sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
      <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
      </sap:Hop>
      </sap:HopList>
      </SOAP:Header>
    Edited by: Vamsi on Jul 15, 2009 7:06 PM

  • Web Service Security using OpenSSO

    Hi,
    I have a question regarding the usage of the OpenSSO in order to secure web services.
    I have read the documentation and it states the OpenSSO enables web service security.
    However, in the docs the main scenario is where the WSC and WSP are protected by the agent.
    In my scenario, I would like to use agents only on the WSP side, but leave the implementation of the client side open to the partners. Partners will have the interface from the OpenSSO for the authentication and saml token retrieval. The client will have to create soap by itself. This is the case since the WSC are to be standalone applications on client computers.
    To set the actual question; what are web service interfaces that OpenSSO as a STS offers for authentication and saml token issuance. Is there same sort of a referential architecture for this case where only the STS and WSP can be configured and the WSC implementation of the WSS left to the partner. Any pointers and directions would be appreciated.
    Thanks!

    Hi
    Thanks for your reply
    I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
    I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
    I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
    When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
    What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
    paul

  • Web Service security is not set up on this component

    Hi Friends,
    In RWB, when I click on component monitoring->Integration Engine, I got "Web Service security is not set up on this component"
    I want to send message using soap adapter by encrypting and signing it. for this purpose I need to configure the Web Service Security.
    Can someone please provide some documentation or link on how to set up this Web Service Security?
    thankx

    Hi,
    there is a chapter - Security Configuration at Message Level
    in XI config guide which specifies everything you need - this is what you need
    so I hope no further explanations are necessary
    Regards,
    Michal Krawczyk

  • Is Web service security available?

    Dear Experts,
        In RWB, when i click on Integration Engine(in component monitoring) i get a yellow triangle next to it instead of green. Result of self test says that
    Is Web service security available?
    "Communication error Proxy calls are not permitted on sender or receiver side on the IS (client)".
    Can u guys tell me the reason behing this.
    Thanks & regards.

    Hi,
    Check if you have selected any security level for the WebService or may be it is across the firewall. Probably you need to install the related certificates and have to configure the SSL layer.
    refer
    You need to setup SSL layer for HTTPS endpoint.
    Possible HTTP security levels are (in ascending order):
    HTTP without SSL
    HTTP with SSL (= HTTPS), but without client authentication
    HTTP with SSL (= HTTPS) and with client authentication
    Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).
    http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
    General guide
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
    Message level security
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
    Thanks
    Swarup

  • RWB - Integration Engine self test - web service security and proxy

    Hi,
    I am working with a new installation of PI 7.0. In the runtime workbench, under self test for integration engine, there is this error/warning:
    ""Details for 'Is Web service security available?'
    Communication error: Proxy calls are not permitted on sender or receiver side on the IS (client)""
    What exactly is the problem? Is there any additional configuration needed within PI to use proxies? We do not have the cryptographic toolkit installed. Is that nesseccary to work with proxies? We have done several other scenarios with RFC, MAIL, HTTP, etc and they work fine. If anyone else had this problem and managed to fix it, please let me know..
    Thanks,
    Lasya

    You can ignore this error. It is  simply a warning that says message level security has not been configured. Without message security too, you can do proxy communication.
    But, if you want to configure messag level security, go through XI Config guide section 12.4.
    Message was edited by: Jay

  • ADOBE + Web Services Security

    Hello
    I am trying to follow the Adobe Document Service Configuration Guide.
    In "Setting Up Basic Authentication in a Java Environment"
    I am supposed to go to the Visual administratotr -> services -> web services Security - > Runtime  to see the config files. Unfortunately, this Runtime tab is empty!!!
    I would appreciate it if assistance could be provided as to how to set this RT environment.
    Thanks
    yuval

    Hi Yuval,
    Make sure that the service tcsecwssec~service is running.
    To do this. Logon to Visual Admin
    Server>Services>Deploy->Runtime Tab> Server>webservices_container->sap.com/tcsecwssec~app.
    Stop and Start the application.
    Then check if you are getting the desired entries in the Runtime Tab of web services security.
    If need be restart your server.
    Hope this helps.

  • Web Services Security is empty in Visual Administrator

    Hi Everybody,
    Please Help me! I'm configuring the Adobe Document Service but in the step where I have to configure something in the WebServicesSecurity It appears empty in the runtime tab.
    I have read this links, but It didn't work.
    ADOBE + Web Services Security
    Re: Web Services Security
    I'll appreciate any help!!!
    Yolanda.

    Hello vamshi,
    As you have suggeseted, I followed the notes and changed the following paramters.The system is 64bit and hence the values are adjusted according to the server.
    -Djco.jarm=1
    -Dsun.io.useCanonCaches=false
    -Djava.awt.headless=true
    -XX:SoftRefLRUPolicyMSPerMB=1
    -verbose:gc
    -XX:+PrintGCDetails
    -XX:+PrintGCTimeStamps
    -Xss2m
    -Xms2048M
    -Xmx2048M
    -XX:MaxNewSize=320M
    -XX:NewSize=320M
    -XX:MaxPermSize=512M
    -XX:PermSize=512M
    -XX:SurvivorRatio=2
    -XX:TargetSurvivorRatio=90
    -XX:+UseParNewGC
    -XX:+UseTLAB
    -XX:+HeapDumpOnCtrlBreak
    The heap size for java is 2048
    But still i am getting the ping time out. Connection to server is lost.
    Kindly let me know,
    Regards
    Vijay

  • "Define Web Service" - Security Issues

    Hello all,
    I have successfully defined a Web service with the wizard in ID. So I already have my WSDL file.
    Now, I need to use this WSDL file from a Web Application that exposed to all public internet. 
    Now my question is, how is security managed for this web service? I mean, if the web service is exposed to any user of the web application in the internet, how can I assure that, the information in the WSDL file will not be used to access the XI Server with out authorization?
    Who should be in charge of the security, the web application? the web service? or xi?
    Thanks,
    Felipe

    If you are using the SOAP Adapter for receiving the information it provides the features like
    1. HTTP without Client Authentication
    2. HTTP with Client Authentication
    Even you can select Security Prameters like
    1. Web Service Security
    2. S/MIME
    If you configure all this then which other kind of security you are looking for.
    Gaurav Jain
    Reward Point if answer is helpful

  • Issue with Web Service Security

    Dear Forum Members and Readers,
    I am a beginner to Web Services, and facing an issue with WS-Security.
    My issue seemingly is quite specific to my projects though, It will be great if you can provide me your views.
    Context Description:
    I am developing a Java Web Service application that is deployed on JBoss Application Server.
    This application will communicate with two other applications those are not deployed in same JBoss Application Server.
    These 2 applications are third party applications, one is C++ based web services and other is Java based web services.
    My application gives a call to Third Party Application1 and receives the response back form it. It then passes this received response to Third Party Application 2.
    Issue Description:
    I now need to enable https paradigm among these 3 applications. (I need to implement web service security model here)
    I started with looking in to JBoss specific WS-Security but found it not suitable in my case, as it requires to configure both the client and server. I have the control over my application but not on other 2 third party applications.
    To this extent, I am unable to identify a solution that can address my issue.
    Can anybody please provide me with initial thoughts or any reference material that might help me to give this a start.
    Any clue will be highly appreciated!
    Thanks in advance
    Mukul

    mukul.object wrote:
    Actually, my SOAP messages contains some critical information that needs to be encrypted.You think that its critical information however your third party doesn't. If they would have had same thought they would have enabled the security. As I said earlier, you will have to discuss this with them.
    Another solution (however I don't know the viability in your case) could be to deploy one component before each third party service. Your web service will call this new component (Which is installed in their environment i.e. local to third party web service) and new component will forward the request to third party service. Now you can apply security/encryption/decryption between your web service and your component.
    I have had a look in to XMLEncrytion using that I can encrypt my SOAP messages but I wonder how would other tools decrypt that.My above comments answers this.
    Is there anyway I can encrypt my SOAP messages (without having to customize third party tools) in this scenario ??My above comments answers this.

Maybe you are looking for

  • My phone wont let me connect to my itunes on my computer. what should I do?

    My phone wont let me connect to my itunes on my computer and i would like to back up my iphones data onto my computer. what should I do?

  • How to create a page & portlet

    Hi I am new to Oracle portal. i am using Oracle 3.0. i am working on an application in portal. i have created n number of forms, reports, dynamic pages, menus, sub menus & lovs etc. currently i access my application in a raw manner. first login , the

  • Ipod not being recoginzed at all.

    I plug in my Ipod and the backlight goes on like it is connected, but is not charging or showing up anywhere on my computer. I have updated everything and did the 5 R's thingy and have restarted my computer and reset my settings on my Ipod. I need he

  • Archiving MM_EKKO

    We have started archiving mm_ekko obbject . Situation which i am facing is that when i ran write job to archive few month of data i was able to archive majority of that data but for some purchase document i get this message "Change date of purchasing

  • IPhone as camera on XP

    Whenever I dock iPhone it asks me which program to open for pictures as a camera either "Microsoft Word" or "Microsoft scanner and camera wizard". It asks me this everytime as well as opening iTunes. Is there any way I can disable both of these funct