Configuring use of clinet certificates for jax web services  configuring u

Similar Messages

• We are using the Azure server for our web services. Server is generating an error "Unable to connect to the remote server". What is this error means

  We are using the Azure server for our web services. Server is generating an error "Unable to connect to the remote server". What is this error means  

  Hello,
  Did you means that you use the Windows Azure Virtual Machine DNS name as the server name in the Reporting Server Web Services URL?
  For example:
  Report server:http://uebi.cloudapp.net/reportserver
  Report manager:http://uebi.cloudapp.net/reports
  If you want to connect to Report Manager on the virtual machine from a remote computer, you should create a  virtual machine TCP Endpoint and open the port in the virtual machine’s firewall. By default, the report server listens for HTTP requests
  on port 80.
  Reference:http://msdn.microsoft.com/en-us/library/jj992719.aspx#bkmk_ssrs_connect_2_remote_RM
  Regards,
  Fanny Liu
  Fanny Liu
  TechNet Community Support

• Certificate for a web service

  Hi,
  Our company has a SAP Netweaver Enterprise Portal implementation.
  Recently we have been asked to create a Web service from a Java class in SAP Netweaver using Netweaver Developer Studio. The connection to Web service must be an https connection.
  In steps of web service's creation we saw that we have the option to create an https (secure soap) web service.
  Can anyone tell us how we can create an https web service?
  The portal server belongs to a Windows Active Directory Domain that has a Certification Authority from which we can request and take a certificate.
  What is the configuration that we must do on server, so that we can call the web service using https?
  Thanks in advanced

  Hi,
  Check this URL:
  [Web Services Over SSL |http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html]
  Regards,
  Shyam.

• Can we use receiver enhancement feature for a web service scenario?

  Hi Experts,
  We have to send across an invoice to web service enabled legacy system from ECC.
  ECC>ABAP Proxy>SAP PI>SOAP Adapter>Legacy System1
  ECC>ABAP Proxy>SAP PI>SOAP Adapter>Legacy System2
  Requirement is like if the invoice number starts with 1A, it should go to Legacy System1 & if the invoice number starts with 2A, it should go to Legacy System2.
  Can we do it in one single scenario using receiver enhancement and if yes How?
  Regards
  Nidhi Kukreja

  You can make use of the XPATH function starts-with(string1,string2) and customize your condition as shown in this blog:
  /people/shabarish.vijayakumar/blog/2006/06/07/customise-your-xpath-expressions-in-receiver-determination
  Update:
  It can even be done without using any XPATH function.....just make use of the option Contains Pattern from the dropdown available for the Middle Operand....right operand will be 1A*
  Regards,
  Abhishek.
  Edited by: abhishek salvi on Feb 3, 2010 1:00 PM

• Sending SSL Certificate to external Web service in BizTalk 2010

  Hi,
  We are facing issues in calling the external web service(SAP I Web service) which is authenticated using the SSL self signed certificates.
  When BizTalk sends the request to SAP it fails with HTTP 401 error, and in SAP PI the log says calling application not sending the client certificate. Please help us in sending the request to external web service by signing with the client
  certificate.
  Below are the details,
  1. This is a 2-way SSL communication authenticating based on the client Certificate.
  2. BizTalk server public key certificate is shared to SAP PI and using SAP PI certificate public key in biztalk
  3. Configuration done at BizTalk as given below
  1. Created BizTalk Certificate using makecert command
  2. Client and Server Certificate Installation
  - Installed BizTalk Client Certificate in Certificates Store under
  a. Current User--> Personal (Private Key)
  b. Current User --> Trusted Root Certification Authorities (Public Key)
  c. Local Computer --> Personal (Private key)
  d. Local Computer --> Trusted Root Certification Authorities (Public Key)
  e. Current User--> Other People
  Installed SAP Server Certificate in Certificates Store under
  a. Current User --> Trusted Root Certification Authorities
  b. Current User --> Trusted People
  c. Local Computer --> Trusted Root Certification Authorities
  d. Local Computer --> Trusted People
  e. Current User--> Other People
  3. BizTalk Status Solicit Response Send Port(used to call the SAP PI Web service) Configuration
  - Transport Type  WCF-Custom
  - Binding  BasicHttpbinding
  Security Mode : Transport
   Client Credential Type : Certificate
   Proxy Credential Type : None
   Realm : localhost
  • Message
   Client Credential Type : Certificate
  Client CredentialsClient Certificate
   findValue : CN=< Thumbprint >
   x509Findype : FindByThumbPrint
  • Server Certificate
   findValue : <Thumbprint>
   x509Findype : FindByThumbPrint

  Hi All,
  The reasons why the trigger from BizTalk is failing and the trigger from SoapUI is successful.
  In SoapUI configuration we select the Private key of the client certificate and provide the password for the same.
  In BizTalk we only have the option of selecting the certificate and we cannot provide the password. Below is the MSDN article for the same
  In one of the Site  , its mentioned as below, Kindly let us knwo whether the below mentioned will work or not
  Organization Security Restrictions::
  Each organization may have restriction on using client certificates for security reasons . One such restriction is when a user requests a client certificate a password prompt is displayed . A client certificate can be used only if the correct password is provided
  becuase Biztalk Server uses services and services cannot interact with dialog boxes so do not use client certificates requiring password validation.
  To Prevent the issue , configure the policy so no password are prompted when a certificate is used this setting is enforced by the Group policy Object (GPO) system cryptography: Force strong Key protection for user keys stored on the computer . If setting
  this policy , then the value should be set to "User input is not required when new keys are stored and used "
  Kindly let us know whether setting needs to be done in the system cryptography
  Thanks

• OWSM and Webservices -Define policies once for multiple web services

  I thought that through using OWSM we had the possibility to use the same Policy Lines for multiple web services.
  Mostly when web services are used/integrated within an application, the same rules need to be defined and I thought this requirement could be met when using OWSM.
  But you need to define the policy requirements on each web service that's passing through a gateway or agent, why isn't it supported to define policy lines one level higher to be able to use the same requirements for multiple web services?

  Nathalie,
  For this purpose OWSM allows you to use Template Policy Pipelines.
  For individual services, you can than replace the pipeline with the Template.
  But I have to agree with you here: the templating functions are rough on the edges, e.g. limited editing capabilities.
  Hope this helps.
  Best regards, Sjoerd

• Using Identity Management for Securing Web Services

  My goal is to associate my services with an Oracle Internet Directory. I made some attempts to set up SAML authentication for the web services, but it didn't have the right outcome.
  (My identity management server and OID is up and running and I have successfully made authentication modules for other web applications)
  Here is what I did:
  1. I wrote a simple java file, used jdeveloper tools to create and deploy it as a web service to OC4J. I associated an identity management server with this service through OC4J web tools as security provider.
  2. I made a data control for the web service and put it in an ADF application . (client)
  3. I deployed the client project(2) to OC4J.
  I could use the web service through the page.
  Then
  I secured the webservice to expect SAML for authentication.
  Surprisingly, the client could still communicate with the webservice, Why? Shouldn't it have rejected the request because of the problem in SAML token? (The proxy and the data control were not secured, and didn't provide any SAML tokens)
  4.
  I added login page to my client project (through ADF security wizard). It used idenity management for authentication successfully. login process completes and web service data control is displayed.
  5. I want the authentication information to be propagated through the page so that the web service receives the data and uses Identity Management.
  I know I should add <property name="oracle.security.wss.propagate.identity" value ="true"/>
  to one of the configuration files, but don't know where exactly.
  Best Regards,
  Farbod

  It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
  The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
  Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
  If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
  Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
  You can enforce rules at your network layer to allow access to the App server only from Gateway.
  When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
  The next BPEL developer in your project may not be aware of Security extensions
  Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
  Thanks
  Ram

• Using Web Dynpro authentication for a Web Service call

  Hi all,
  I want to develop a Web Dynpro that calls a Web Service running on the same Web AS (7.0). The Web Dynpro will be integrated in a Portal. The web service that has to be called is automatically generated when we create a guided procedure :
  http://help.sap.com/saphelp_nw2004s/helpdata/en/44/44c59fd7c72e84e10000000a155369/frameset.htm
  In my Web Dynpro, I imported the WSDL of this WS and created a model.
  The first time I tried to call the WS in my Web Dynpro I got an authentication error :
  Service call exception; nested exception is: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://<myHostName>:50100/GPRuntimeFacadeWS/GPProcessExposing?style=document&pid=CA544E9B629A11DB91480017A48D672A&pver=0.5"
  So I hard-coded an HTTP authentication :
       model._setUser("myWASuser");
       model._setPassword("myPassword");
  And the Web Service call now works.
  Now the next step is that the WS call is made by the user that runs the Web Dynpro. So I found this documentation :
  http://help.sap.com/saphelp_nw04/helpdata/en/59/e8e95d1eba48dfa86ae91ad8816f5d/frameset.htm
  It would resolve my authentication problem, AND the transport issue : at the moment the Web Service URL is stored in the Logical Port of the WD model, and at transport time, a rebuild of the WD project will be needed.
  So I applied what is said in the doc : from the point of view of the Web Service consumer, I just had to add :
      model._setHTTPDestinationName("STARTGP");
  (where STARTGP is the name of the destination I created in the Visual Administrator with a "Logon Ticket" authentication.)
  before the execute(), and I removed my hardcoded authentication.
  Unfortunately, nothing changes... I still get a 401 authentication error.
  Does anyone have an idea about this ? Or maybe a workaround ?
  Thanks in advance for any suggestion.
  Regards,
  Julien

  Hello Julien,
  I have a scenario similar to yours. A client webdynpro application accessing a EJB methods exposed as web service. Those EJB's methods calls R3 RFC's. The client requirements' was to allow SSO through all the layers (Webdynpro -> EJB WS -> RFC). The Webdynpro and EJB's are deployed on the same WAS.
  Solution:
  1 - Create a RFC Destination on Visual Administration provide the R3 connection parameters and set the Authentication for "Current User (Logon Ticket)". Save your Destination;
  2 - In your EJB Project open your Web Service Configuration, on the Security page, set:
      Authentication Mechanism: HTTP Authentication
      Basic (username/password)
      Use SAP Logon Ticket
  3 - In your EJB, implement the following code to create JCO Client for the RFC invocations:
  Object obj = ctx.lookup(DestinationService.JNDI_KEY);
      DestinationService dstService = (DestinationService) obj;
      RFCDestination dst = (RFCDestination) dstService.getDestination("RFC", "<YOUR_RFC_DESTINATION_NAME>");
      Properties jcoProperties = dst.getJCoProperties();
      JCO.Client jcoClient = JCO.createClient(jcoProperties);
  4 - In your EAR Project, open your "application-j2ee-engine.xml" and add the References:
       "tc/sec/destinations/service" as Service
       "tc/sec/destinations/interface" as Interface.
  5 - Create your EAR File and Deploy;
  6 - Check if the web service now requires Authentication: go to http://<host>:<port>/index.html and click on Web Services Navigator. Test your Web Service. Your Web Service should requiere you to log in before execute the test;
  7 - Go back to your Visual Administrator and create a HTTP Destination. Provide your WS URL (should be something like "http://<host>:<port>/<WS_NAME>/Config1?style=document"). Choose Authentication: Logon Ticket. Save your Destination;
  8 - Go to your webdynpro project, import your WS Model. (If you have already created it, you have to delete it and import it again, refer to this blog on how to reimport WS Models: /people/bertram.ganz/blog/2005/10/10/how-to-reimport-web-service-models-in-web-dynpro-for-java  How To Reimport Web Service Models in Web Dynpro for Java );
  9 - Open your model's Logical Ports node, go to the Security tab, and choose "Use SAP Logon Ticket";
  10 - In your webdynpro code, before you call the ws invocation (should be something like that: <YOUR_NODE_DEFINITION>.modelObject().execute();), include the following line:
  <YOUR_NODE_DEFINITION>.modelObject()._setHTTPDestinationName("<YOUR_HTTP_DESTINATION_NAME>");
  11 - Save All Metadata and deploy your Webdynpro App. Test your results.
  I hope it helps you, as the documentation on how to implement this scenario is scattered through the SDN and all the SAP help portal.
  Best regards,
  Paulo.

• Pros & Cons for consuming web services in ABAP using ABAP PROXY

  Hi,
  Other then performence  is there any other disadvantages like security,etc for consuming web services in ABAP using ABAP proxy?
  I really appreciate if some one provide the more details(Pros & Cons ) regarding cosuming web services and I also want to know is there any other way to consume web services in ABAP.
  Thanks.

  <i> is there any other way to consume web services in ABAP</i>
  you can use cl_http_client class to make your program to act as http client and post the soap message too webservice. This way you dont need to generate proxy, but you should know the soap message format.
  Regards
  Raja

• Problem using WSDL from SAP in IBM's RAD for generating web service client

  When importing a WSDL from the ABAP stack on a SAP 6.40 system into IBM's RAD tool for generating a web service client there are errors with the soap fault classes that get generated.  The WSDL declares the types for the faults with WebServiceName.RfcException and these have elements of name, text, and message.  When the tools see this in the WSDL they generate classes that extend the Java exeception class and this causes an error because the "message" name conflicts with the standard java exception message.  Has anyone else ran into this problem?  It seems like a basic problem many java tools for generating web service client proxies would have because the soap faults get turned into java exceptions.  This name conflict of the java exception with the WSDL fault definition means that code always needs to be adjusted and cannot simply use the classes that are generated from the WSDL.  Anyone run across this or a similar problem in the java environment using the SAP WSDL?
  Aaron

  Hi,
  Hello again .
  Have you tried your service using soapui ?
  You can use your WSDL as input .
  In order to eliminate eclipse problem try this service:(I just did)
  http://www.oorsprong.org/websamples.countryinfo/CountryInfoService.wso?WSDL
  Regards.
  package main;
  import java.io.FileInputStream;
  import java.rmi.RemoteException;
  import java.util.Properties;
  import org.oorsprong.www.websamples_countryinfo.CountryInfoServiceSoapType;
  import org.oorsprong.www.websamples_countryinfo.CountryInfoServiceSoapTypeProxy;
  import org.oorsprong.www.websamples_countryinfo.TCountryCodeAndName;
  public class Main {
  public static void main(String[] args) {
    try {
     final Properties properties = new Properties();
     properties.load(new FileInputStream("properties.ini"));
     System.getProperties().putAll(properties);
    } catch (final Exception exception) {
     exception.printStackTrace();
    new Main();
  public Main() {
    try {
     final CountryInfoServiceSoapType infoServiceSoapType = new CountryInfoServiceSoapTypeProxy();
     final TCountryCodeAndName[] tCountryCodeAndNames = infoServiceSoapType.listOfCountryNamesByName();
     for (final TCountryCodeAndName tCountryCodeAndName : tCountryCodeAndNames) {
      System.out.println(tCountryCodeAndName.getSName());
    } catch (final RemoteException exception) {
     exception.printStackTrace();

• I cannot use the right colors for a web image.

  I cannot use the right colors for a web image. Photoshop CC keeps replacing colors because my colors are "out of color space for print" or something like that (I hope I translated it right - I work with PS Dutch version and this forum is only in English).
  I am not interested in printing at all. I do not want any adaption for printing! I only want the right color on screen for a web image.
  I changed the color settings many times,  I created my image all over again, but Photoshop keeps replacing my vivid red by pale pink because of print colors.
  Thanks for your help.

  Use SRGB color space. and in the color picker when you see the warning don't click on the warning to have it fix the issue. As that will change the color you want want to use.

• Details for 'Is Web service security available?'

  Hi i am working on scenario rfc to webservice.Its as secued webserivce i need to do ssl configuration.
  In component monitoring..for the integration engine its in yellow...
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client)
  can any one please help me out..
  Thanks
  sriram

  I have already installed certificates on the j2ee engine & i have given the paramaters for keystore entry & keystore value.Still i have the same error
  In component monitoring
  For integration engine
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client) 
  In message monitoring
  Audit Log for Message: f614df00-e9e0-11da-95ef-0004ac577b32
  Time Stamp Status Description
  2006-05-22 15:18:58 Success The message was successfully received by the messaging system. Profile: XI URL: http://saptst01:51000/MessagingSystem/receive/AFW/XI
  2006-05-22 15:18:58 Success Using connection AFW. Trying to put the message into the request queue.
  2006-05-22 15:18:58 Success Message successfully put into the queue.
  2006-05-22 15:18:58 Success The message was successfully retrieved from the request queue.
  2006-05-22 15:18:58 Success The message status set to DLNG.
  2006-05-22 15:18:58 Success Delivering to channel: ZCH_VERISIGNPPGR
  2006-05-22 15:18:58 Success SOAP: request message entering the adapter
  2006-05-22 15:18:58 Success SOAP: call failed
  2006-05-22 15:18:58 Error SOAP: error occured: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter
  2006-05-22 15:18:58 Error Exception caught by adapter framework: Peer sent alert: Alert Fatal: illegal parameter
  Can any one please help me out.
  Thanks
  sriram

• Best Practice for Securing Web Services in the BPEL Workflow

  What is the best practice for securing web services which are part of a larger service (a business process) and are defined through BPEL?
  They are all deployed on the same oracle application server.
  Defining agent for each?
  Gateway for all?
  BPEL security extension?
  The top level service that is defined as business process is secure itself through OWSM and username and passwords, but what is the best practice for security establishment for each low level services?
  Regards
  Farbod

  It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
  The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
  Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
  If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
  Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
  You can enforce rules at your network layer to allow access to the App server only from Gateway.
  When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
  The next BPEL developer in your project may not be aware of Security extensions
  Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
  Thanks
  Ram

• Service Registry in Web Service Configuration

  Hi
  I have a unique problem
  I am using NWDS
  SAP NetWeaver Developer Studio
  SAP Enhancement Package 1 for SAP NetWeaver Developer Studio 7.1 SP04 PAT0000
  Build id: 200911281443
  In NWDS when I go to Windows --> Preferences --> Destination Configuration --> Web Service Configuration --> and say CREATE in the Destination Type I can not see the option of Service Registry I can only see the option of WSDL and WSIL
  and in the following doc
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e058a805-68b2-2b10-6a8b-fc570f1c37d1?quicklink=index&overridelayout=true
  How to Browse an Enterprise Services Registry in Visual Composer.pdf
  Page 13 they have shown a screenshot where it shows the Destination Type as Service Registry
  Can anyone tell me please how can I get the option of having Service Registry in Web Service Configuration
  I have also installed CE 7.1 EHP1 preview provided by SDN
  I know its a unique problem but if someone can throw light on this it will be very helpful to all those who want to work on Enterprise Service Repository
  Regards
  JM

  Hi John,
  I think the screenshot is wrong.
  You can use WSIL to configure the backend system.
  The WSIL url for ABAP systems is http://[host]:[port]/ sap/bc/srt/wsil?sap-client=[client_no]
  Regards,
  Christian

• Good books for java web services

  hi.. i want to learn java web services. can anyone pls tell me the good books or material if any to start with. I have exp in core java.

  http://www.soabook.com/ The Good Book for modern web service development in Java.
  http://www.amazon.com/J2EE-Web-Services-SOAP-JAX-RPC/dp/0321146182 The Bible about all things web services.
  Get them both, use the first to learn and the second as a reference.