Create XML with digital sign and SOAP header...

Hi.
With ABAP, I need create an XML file iwith SOAP envelope. The message has to be signed and the sign data saved in the ws-security part in the SOAP header. I have to sign the file with a X509v3 certificate in base64.
Somebody can tell me how can create the SOAP header and sign it with ABAP for the XML.
Thanks.

Please refrain from implementing WS-Security yourself.
NWAS ABAP 7.x provides support for WS-Security - in both roles, as Consumer and Provider.
The right approach is to generate a proxy based on a given WSDL.
What kind of (message-based) authentication is demanded by the WS Provider?
Other info source: see https://wiki.sdn.sap.com/wiki/display/Security/SingleSignonforWeb+Services
Edited by: Wolfgang Janzen on Jul 8, 2009 12:11 AM

Similar Messages

  • Sap PI-xml Digital Signing and encryption in PI-ehp1

    Hi Experts,
    Our Business scenario is sap R/3 (sender)>rfc data to PI and to webservice(receiver) using rfc and soap adapters
    The communication channels are secured by snc/ssl.
    Now the issue is PI have to send digitally sign and encrypt xml messages to receiver and I got no clue how to do this.
    Experts please advise.
    We have to Digitally sign and encrypt xml messages in PI
    1)can we use SAML or Ssfdata xml..if so how to use them,can you send me some documents with screen shots so that i can configure the same in PI
    We used adepative tool but it does not support Dsigning
    2)Please advise the correct procedure
    3)how to develop a adapter user module and how to call it for testing purpose...please advise
    O/s:windows
    PI EHP1 7.1
    DB:oracle
    PLEASE HELP
    Thanking you
    Pooja

    Hi Experts,
    Please Advise for my above querys
    1)I tried to develop a EJB project and generate EAR file and depoly it in J2ee server and create adapter modules to call It..however I tried to use a document provided my sdn http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c0b39e65-981e-2b10-1c9c-fc3f8e6747fa?quicklink=index&overridelayout=true................however I am unable to see the options provided ,unable to create EAR project and unable to see deploy option,please can you share a correct document irrespective of nwds SP level
    2)Apart from giving JNDI name in module tab,what else should be mentioned for a small test message request/response
    3)How to call the adapter for testing purpose apart from monitoring audit logs
    Please Advise Experts
    Thanking you
    Pooja

  • Digitally Signing specific SOAP elements using Java Mapping

    Hello SDNers,
    Iu2019m having trouble creating java mappings to sign and verify digital signatures.  Iu2019m new to Java so this is proving difficult.  I understand the basic concepts of OO programming and utilizing classes/objects to build the program, but Iu2019m having trouble with the conceptual understanding of how I would like to get this done.
    I have outbound and inbound messages.  The outbound messages are originating from an ECC backend.  The messages are processed through PI with a basic Message Mapping, then it is wrapped in a SOAP envelope with specific information using a XSL mapping and then I would like to use a Java Mapping to Digitally Sign specific portions of the entire message; specifically around an element in the SOAP header and sign the SOAP body.  I also need to verify these sections for all inbound messages.
    The simple pseudo code I have for the outbound messages is as follows:
    <ol>
    <li>1. read in xml (file input stream)</li>
    <li>2. find the (specific information)</li>
    <ol>
    <li>a. assign that string to a variable</li>
    <li>b. sign this variable with the security profile (keystore, private key)</li>
    <li>c. e-write the variable into the main xml file</li>
    </ol>
    <li>3. find the soap body</li>
    <ol>
    <li>a. assign that string to a variable</li>
    <li>b. sign this variable with the security profile (keystore, private key)</li>
    <li>c. re-write the variable into the main xml file</li>
    </ol>
    <li>4. write the output file with both variables written (file output stream)</li>
    </ol>
    Currently Iu2019m using PI 7.1 so there is no more Visual Administrator tool.
    Iu2019ve seen the examples from the last link, but I canu2019t seem to put it together when mixed with basic java mapping example.  I have been searching the SDN forums for a while now, but hereu2019s my specific question:  how do you create a java mapping to sign and verify specific elements of a SOAP message?
    Thanks in advance,
    Jason

    Hi Jason, did you ever architect a solution for this?

  • Bug with digitally signed/encrypted emails

    Summary:
    In Lion, inbound emails that are digitally signed and/or encrypted do not contain any indicators that show that the email is encrypted and that the sender has digitally signed it.
    Even worse, if the contents of a digitally signed email have been altered, Mail does not display any warnings that the message has been tampered with.
    Steps to Reproduce:
    Send an encrypted and digitally signed email. It will be received without any indicators saying it was signed/encrypted. In addition, alter the digitally signed email source with a text editor, and then send the email (using telnet commands) to the mail server. When received, Mail does not warn the user that the email was modified.
    Both of these issues were not present in Mail under Snow Leopard
    Expected Results:
    Digitally signed/encrypted emails should have visual indicators to show it (see screenshot below showing same email in Lion and a different client). In addition, digitally signed emails that were altered must cause mail to warn the user about the tampering.
    Actual Results:
    Mail does not show that an email is signed/encrypted. Mail does not show that a digitally signed email has been tampered with.
    Neither of these two issues were present in the Mail.app in Snow Leopard.
    Anyone found a solution....?

    Running OS X 10.7.3 Apple Mail version 5.2(1257)
    My signature and encryption work fine for both incoming and outgoing e-mail. However there is an odd thing I see with e-mail received from Outlook senders.
    The e-mail from Outlook 2007 and 2010 show in my Apple Mail as Encrypted,Encrypted. Not as Signed,Encrypted as one would expect. Also in some cases I do not see anything in the header to indicate that the e-mail is Signed or Encrypted, unless I open the e-mail a second time.
    On the second attempt to view the e-mail I then can see in the header Encrypted,Encrypted when from Outlook. I only see this behavior when the Sender is using MS Outlook or Mozilla Thunderbird.
    I hope this bug is addressed as soon as possible.

  • How to create xml file from Oracle and sending the same xml file to an url

    How to create xml file from Oracle and sending the same xml file to an url

    SQL/XML (XMLElement, XMLForest, XMLAgg, etc) and UTL_HTTP.
    Whether that works for you with the version of Oracle you have, your requirements, and needs is another story. A little detail goes a long way.

  • Adobe PDF iFilter 9 for 64-bit platforms does not index my PDF files with Digital Sign

    Adobe PDF iFilter 9 for 64-bit platforms does not index my PDF files with Digital Sign, why?

    hi  Phillip
    i am not sure what you mean
    I downloaded the ifilter and installed it
    then configured everything as shown in the pdf file
    I tried indexing from scratch exactly as i did successfully in the other computer
    and got some errors in the log file
    i checked the sql server log and the event viewer logs and got :
    Error '0x80004005' occurred during full-text index population for table or indexed view '[Pirsumim_ext_ck].[dbo].[T_PUBLICATIONS]' (table or indexed view ID '2073058421', database ID '14'), full-text key value 0x0000027A. Attempt will be made to reindex it.    
    The component 'PDFFilter.dll' reported error while indexing. Component path 'C:\Program Files\Adobe\Adobe PDF iFilter 9 for 64-bit platforms\bin\PDFFilter.dll'.   
    Informational: Full-text retry pass of Full population completed for table or indexed view '[Pirsumim_ext_ck].[dbo].[T_PUBLICATIONS]' (table or indexed view ID '2073058421', database ID '14'). Number of retry documents processed: 1. Number of documents failed: 1.
    Changing the status to MERGE for full-text catalog "Pirsumim_ext_catalog_ck" (5) in database "Pirsumim_ext_ck" (14). This is an informational message only. No user action is required.
    Informational: Full-text Auto population initialized for table or indexed view '[Pirsumim_ext_ck].[dbo].[T_PUBLICATIONS]' (table or indexed view ID '2073058421', database ID '14'). Population sub-tasks: 1
    the same dll worked fine in another computer...
    how can i see more details what is wrong with this dll  ?
    meidad

  • Web-services.xml for EJB component and SOAP Message Handler Chain

    I have used the following example for my own web service with EJB component and SOAP
    Message Handler Chain:
    http://e-docs.bea.com/wls/docs70/webServices/dd.html#1058208
    I have a deployment error:
    javax.naming.NameNotFoundException: Unable to resolve 'app/ejb/DocumentService.j
    ar#DocumentService/home' Resolved: 'app/ejb' Unresolved:'DocumentService.jar#Doc
    umentService' ; remaining name 'DocumentService.jar#DocumentService/home'
    In attachement is the ear file.
    Is there a problem in web-services.xml?
    Thanks
    [ws_dox_sdi.ear]

    It works. Thanks,
    Ioana
    "Neal Yin" <[email protected]> wrote:
    The error means your EJB is not deployed.
    Adding a EJB module to your application.xml file of the ear should fixe
    it.
    <application>
    <display-name />
    <module>
    <web>
    <web-uri>dox_sdi.war</web-uri>
    </web>
    </module>
    <module>
    <ejb>DocumentService.jar</ejb>
    </module>
    </application>
    "Ioana Meissner" <[email protected]> wrote in message
    news:3cf640cc$[email protected]..
    I have used the following example for my own web service with EJBcomponent and SOAP
    Message Handler Chain:
    http://e-docs.bea.com/wls/docs70/webServices/dd.html#1058208
    I have a deployment error:
    javax.naming.NameNotFoundException: Unable to resolve'app/ejb/DocumentService.j
    ar#DocumentService/home' Resolved: 'app/ejb'Unresolved:'DocumentService.jar#Doc
    umentService' ; remaining name 'DocumentService.jar#DocumentService/home'
    In attachement is the ear file.
    Is there a problem in web-services.xml?
    Thanks

  • Problem while creating xml with cdata section

    Hi,
    I am facing problem while creating xml with cdata section in it. I am using Oracle 10.1.0.4.0 I am writing a stored procedure which accepts a set of input parameters and creates a xml document from them. The code snippet is as follows:
    select xmlelement("DOCUMENTS",
    xmlagg
    (xmlelement
    ("DOCUMENT",
    xmlforest
    (m.document_name_txt as "DOCUMENT_NAME_TXT",
    m.document_type_cd as "DOCUMENT_TYPE_CD",
    '<![cdata[' || m.document_clob_data || ']]>' as "DOCUMENT_CLOB_DATA"
    ) from table(cast(msg_clob_data_arr as DOCUMENT_CLOB_TBL))m;
    msg_clob_data_arr is an input parameter to procedure and DOCUMENT_CLOB_TBL is a pl/sql table of an object containing 3 attributes: first 2 being varchar2 and the 3rd one as CLOB. The xml document this query is generating is as follows:
    <DOCUMENTS>
    <DOCUMENT>
    <DOCUMENT_NAME_TXT>TestName</DOCUMENT_NAME_TXT>
    <DOCUMENT_TYPE_CD>BLOB</DOCUMENT_TYPE_CD>
    <DOCUMENT_CLOB_DATA>
    &lt;![cdata[123456789012345678901234567890123456789012]]&gt;
    </DOCUMENT_CLOB_DATA>
    </DOCUMENT>
    </DOCUMENTS>
    The problem is instead of <![cdata[....]]> xmlforest query is encoding everything to give &lt; for cdata tag. How can I overcome this? Please help.

    SQL> create or replace function XMLCDATA_10103 (elementName varchar2,
      2                                             cdataValue varchar2)
      3  return xmltype deterministic
      4  as
      5  begin
      6     return xmltype('<' || elementName || '><![CDATA[' || cdataValue || ']]>
      7  end;
      8  /
    Function created.
    SQL>  select xmlelement
      2         (
      3            "Row",
      4            xmlcdata_10103('Junk','&<>!%$#&%*&$'),
      5            xmlcdata_10103('Name',ENAME),
      6            xmlelement("EMPID", EMPNO)
      7         ).extract('/*')
      8* from emp
    SQL> /
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[SMITH]]></Name>
      <EMPID>7369</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[ALLEN]]></Name>
      <EMPID>7499</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[WARD]]></Name>
      <EMPID>7521</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[JONES]]></Name>
      <EMPID>7566</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[MARTIN]]></Name>
      <EMPID>7654</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[BLAKE]]></Name>
      <EMPID>7698</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[CLARK]]></Name>
      <EMPID>7782</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[SCOTT]]></Name>
      <EMPID>7788</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[KING]]></Name>
      <EMPID>7839</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[TURNER]]></Name>
      <EMPID>7844</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[ADAMS]]></Name>
      <EMPID>7876</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[JAMES]]></Name>
      <EMPID>7900</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[FORD]]></Name>
      <EMPID>7902</EMPID>
    </Row>
    <Row>
      <Junk><![CDATA[&<>!%$#&%*&$]]></Junk>
      <Name><![CDATA[MILLER]]></Name>
      <EMPID>7934</EMPID>
    </Row>
    14 rows selected.
    SQL>

  • Trying to login to software program known as hamspher (vip simulated ham radio,  it downloaded the program but it will not allow me to login with call sign and pin.  it has to be opened with what they call a jar file.  how do i do this?

    trying to login to software program known as hamspher (vip simulated ham radio,  it downloaded the program but it will not allow me to login with call sign and pin.  it has to be opened with what they call a jar file.  how do i do this?

    This is compatible with Mac? Especially Snow Leopard (if that is what you'e running)?
    Have you considered posting your question in their forums?
    Here is some information re. the jar file:
    http://ostermiller.org/opening_jar_files.html

  • Unable to digitally sign and save a PDF document

    I am currently using ADOBE ACROBAT 8.0 Professional (Ver 8.1.0).  I provide proofreading service for a client.  The client provides me with a PDF which I use the comment and mark up tool to indicate required changes.  Once all of the comments are complete, I mark the document approved or disapproved and attach a digital signature.
    Recently, many files that I have recieved from the client will not allow me to sign and save the PDF.  I can save the PDF without the signature but not when it is digitally signed.  The error reads:
    "The document could not be saved.   A number is out of range"
    I queried my client to find out if they have made any changes.  They have recently upgraded to Illustrator 4 and they create the PDF's for me from the Illustrator files they work from.  There are four teams using the same Illustrator program but not all of them are producing files that I cannot sign and save.
    Can anyone tell me what the error indicates?  Is there a property assigned to the document that I can not recognize that refers to this problem.
    Since the files I work on contain proprietary information, I prefer not to attach them to this forum.  If anyone is interested in helping, I will share a file to fully explain my problem.

    I will try that, thank you.
    Jim Dodge
    English Proofreading Coordinator
    ASIST Translation Services
    4891 Sawmill Road, Suite 200
    Columbus, OH 43235-7266
    www.ASISTtranslations.com
    Tel:  937-596-6649
    NOTICE: This electronic mail transmission is for the use of the named
    individual or entity to which it is directed and may contain information
    that is privileged or confidential. It is not to be transmitted to or
    received by anyone other than the named addressee (or a person authorized
    to deliver it to the named addressee). It is not to be copied or forwarded
    to any unauthorized persons. If you have received this electronic mail
    transmission in error, delete it from your system without copying or
    forwarding it, and notify the sender of the error by replying via email or
    by calling ASIST Translation Services, Inc. at (614) 451-6744, so that our
    address record can be corrected.

  • Jdev web service and SOAP header

    Hello,
    How can I implement a web service in jdev that extracts some elements from the SOAP header ?
    How can I implement a web service proxy in jdev so that it inserts elements in SOAP header?
    Thank you.
    The operation WSDL looks approx like this:
              <operation name="SoapDDXML">
                   <soap:operation soapAction="someaction"/>
                   <input>
                        <soap:body
                             use="encoded"
                             namespace="ns"
                             encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
                             parts="psXML"/>
                   </input>
                   <output>
    <soap:Header>
    <OurCredentials xmlns="ns">
    <UserName>string</UserName>
    <Password>string</Password>
    </OurCredentials>
    </soap:Header>
                        <soap:body
                             use="encoded"
                             namespace="ns"
                             encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
                             parts="Result"/>
                   </output>
              </operation>

    Hello,
    When using OracleAS/JDeveloper 10.1.3.x you are creating Web Service using the standard JAX-RPC API. This API uses the SOAP with Attachments API for Java (SAAJ) to manipulate SOAP messages.
    When dealing with SOAP Header, it is common usage to use the notion of "handler" to set/read header from the messages.
    The chapter "Using JAX-RPC Handler" is a good point to start to see how do deal with this requirement,
    When manipulating the header in the handler, the code will look like:
    SOAPHeader header = message.getSOAPHeader();
    Name headerName = soapFactory.createName("OurCredentials", "ns", "http://schemas.xmlsoap.org/soap/encoding/");
    .. // add sub element
    SOAPHeaderElement headerElement = header.addHeaderElement(headerName);also..
    Could you specify the version of JDeveloper and the type of Web Service that you are using when ascking a question on the forum it help community member to provide a better answer.
    Regards
    Tugdual Grall

  • Split/Join, Invoke Service and SOAP Header in osb10.3 wls10.3

    Hi gurus,
    Are Split/Join able to invoke external services with a custom SOAP header?
    I have a split join to call 2 external business services in parallel. Those 2 external services requires a custom SOAP Header
    <soapenv:Header>
    <v1:ConsumerRequestHeader>
    <v1:requestSessionID>TEST_1</v1:requestSessionID>
    <v1:requestTimestamp>2011-06-16T16:57:54.943+02:00</v1:requestTimestamp>
    </v1:ConsumerRequestHeader>
    </soapenv:Header>
    All WSDLs were configured by the instructions of this link : http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/eclipsehelp/tasks.html#wp1150628, but in my debuging, the SOAP header is disappeared when calling those external services from the splitjoin. (No problem if designing and testing with the ProxyService. but Proxyservice is useless here because of parallel processing)
    When designing with OSB Workshop IDE, there is no way to pass the custom SOAP header to the "Invoke Service", only the body request/response message.
    My question is, Split/Join automatically uses its header to pass it into the invoke call ?
    Please advise...
    Thanks,

    see this :https://forums.oracle.com/thread/951618
    not the most fancy way, but you can create some sort of  wrapper proxyservice in front of your business service to make it work

  • Difficulty with Digitally Signed Email

    I have been having trouble downloading and displaying email messages that are digitally signed. I have downloaded the required certificates and imported them onto the Pre, using the methods outlined both here and in the Pre documentation. I have confirmed that they are the correct certificates by importing the certificates into Thunderbird and seeing the verification of the digital signatures there.
    The behavior I am seeing is that the messages take forever to load the body and eventually just time out. This is happening for ORC ECA SW3 and DoD Email CA-19 certificates. It may occur for others also, but I have not received signed messages using any other certificates.
    Has anyone else seen this behavior, after correctly installing certificates? Are there any work-arounds?
    Post relates to: Pre p100eww (Sprint)

    The Exchange server here will send messages to clients under the IMAP protocol with the proper certificates attached.  I would not recieve the digital signatures on Thunderbird if the server did not send them.  I can view the signature information using Thunderbird without difficulty.  These same messages will not load, except for the headers, using the IMAP portion of the WebOS client.  Using the EAS portion of the WebOS client, they load both the headers and the body, but do not indicate that they have been signed.
    While I am not the IT person for this server, I have run email serves in the past.  In addition, the IT people are just a door or two down from me here.  I believe the problem is really on your (Palm's) side.  Can anyone there confirm that a properly digitally signed email can be fully loaded using the Palm Pre's email client from a conforming IMAP server?
    Remember, IMAP is a well defined protocol, and it should conform to rigid guidelines.  Therefore, using a conforming IMAP server, you should be able to test the reception of digitally signed emails using the Pre client.

  • OWSM: How to encrypt payload and SOAP header?

    Hi,
    Anybody know how I can encrypt the payload and the SOAP header via OWSM? I can only find references on how to do it using SSL. The reason for using OWSM/WS-Security was to move away from using transport based encryption (SSL).
    Regards Pete

    http://download.oracle.com/docs/cd/E10291_01/doc.1013/e10299/policy_steps.htm#sthref612
    if you look at the topic :XML Encrypt
    you will see you can encrypt every part of the xml
    Encrypted Content
    Part of the SOAP envelope to be encrypted. Valid values are: BODY, HEADERS, ENVELOPE, and XPATH. The default is BODY.

  • Problems with digitally signed PDF FORM

    Hi everyone,
       I am having a situation as follows:
    I have a adobe form that is digitally signed. In Adobe 9 once it is signed, the two properties are set as -
    1)Document assembly not allowed
    2)Changing the document not allowed.
    By saving the pdf into .ps file and reopening it with Adobe pro, I was able to put some links from the text in PDF, using "LINK TOOL" button. But if I redo the links again, then comes the problem. And also, When I merge this pdf form with another the signatures are lost!!! Can anyone please help me and shed some light on this.
    Appreciate all your help.
    rgds,
    Suma.

    Hi Suma
    One thing to realize is one of the purposes of a digital signature is to provide proof of document integrity. With that in mind, although in Acrobat 8 and earlier you were allowed to make changes to the document, and thus invalidate the digital signature, beginning with version 9 we have disabled that functionality. If you need to edit the core PDF don't sign it. The signature should be applied after all of the document layout has been completed. You can fill in form fields and add comments and annotations post signing, but it makes no sense to modify the document structure when all it will do is invalidate the signature.
    Steve

Maybe you are looking for

  • Interactive Report with PL/SQL Function Source

    Is it possible to create interactive report with PL/SQL function source returing a query? If not, has anyone done any work to simulate the interactive reporting feature for a normal report using API?

  • Wife getting her first iPhone - adding to Mac with my phone

    My wife and I have been sharing the same user profile on our Mac. It's easy because I'm the only one with a mobile device. I should note that my daughter has an iTouch, she has her own user profile. Our iTunes Media folder is on the shared folder bec

  • What could change the disk permissions?

    When I talked to an advisor from Apple Care, he asked me to do "verify disk permissions" under the First Aid tab of the Disk Utility software. These are the various read/write/execute permissions of Unix file systems. To my surprise, there were about

  • IDocs not transferred to BW

    Hi Guys, I am having a problem with loading data from CRM. The IDocs are being transferred from BW to CRM but those being sent from CRM are not arriving in BW. The Datapackets are being transferred but not the IDocs. Has anyone faced a similar proble

  • Regarding click flv video and make it fullscreen/enlarge

    As title, i amd using AS2 currently and i have 3 flv video imported  in 1 sigle swf file, what i want to do is when i rollover the flv, it enlarge abit and when i click on it , it become fullscreen or further enlarge. after that i jz simply click agi