Error in SOAP call with certificate
Hello experts!
I am developing an interface RFC --> SOAP
This SOAP call is for an external system and my basis team set up a certificate into visual adm in order to be able to communicate with my external partner.
I set up this certificate into my communication channel (key store entry).
When this interface is executed I get the following error:
com.sap.aii.af.ra.ms.api.DeliveryException: SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: No service was found matching the request
Does anyone know what is happening?
Best regards,
Diego.
Hi guys,
We have built another scenario to connect to a public web service (without certificates) and it connects properly. In other words the XI machine has access to the internet. Both scenarios are being authenticated in the company proxy. That's why it may not be a firewall issue.
I've imported the wsdl file into the SoapUI (software to test web services) and I am getting the same error. But when I am trying to execute this test from outside of my company I getting a different error, as follows:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Client</faultcode>
<faultstring>Validation Error</faultstring>
<faultactor>internal-firewall</faultactor>
<detail xmlns:det="http://reactivity.com/">
<det:detailmessage>The message was found to be invalid.</det:detailmessage>
</detail>
</soap:Fault>
</soap:Body>
</soap:Envelope>
I believe this can be an error of data itself. I am trying to check it with the external partner.
What do all of you think about it?
Best Regards,
Diego.
Similar Messages
-
SOAP Receiver adapter error. SOAP CALL Failed
Hi ,
I am implementing scenario R/3->RFC adapter->XI->SOAP REceiver adapter->Web Service (Synchronous). I am getting the error.
SOAP: call failed
SOAP: error occured: java.net.ConnectException: Connection timed out
Message log is as below.
Any clue ?
Thanks & Regards,
Mathew
2005-10-31 18:59:58
Success
output
1130810398454
The message was successfully received by the messaging system. Profile: XI URL: http://host:Port/MessagingSystem/receive/AFW/XI
2005-10-31 18:59:58
Success
output
1130810398458
Using connection AFW. Trying to put the message into the request queue.
2005-10-31 18:59:58
Success
output
1130810398458
Message successfully put into the queue.
2005-10-31 18:59:58
Success
output
1130810398459
The message was successfully retrieved from the request queue.
2005-10-31 18:59:58
Success
output
1130810398459
The message status set to DLNG.
2005-10-31 18:59:58
Success
output
1130810398460
Delivering to channel: CC_CALCULATOR
2005-10-31 18:59:58
Success
output
1130810398564
SOAP: request message entering the adapter
2005-10-31 19:03:07
Success
output
1130810587497
SOAP: call failed
2005-10-31 19:03:07
Error
output
1130810587497
SOAP: error occured: java.net.ConnectException: Connection timed out
2005-10-31 19:03:07
Error
output
1130810587498
Exception caught by adapter framework: Connection timed outHi Mathew,
Check if the webservice is availble??? Based on the error below, it looks like the message is timing out at the Adapter Engine level waiting for the connection to make the webservice call...
Prasad -
File to SOAP (Synchronous) with certificates Encryption and Descryption
Hi,
Can anybody advice me how can I develop the scenario file to SOAP (Synchronous Process) with certificates encryption and descryption.
Thanks,
Naidu.For file to soap sync scenario without using BPM, you need to use the following adapter modules.
http://help.sap.com/saphelp_nw04/helpdata/en/45/20c210c20a0732e10000000a155369/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/45/20cc5dc2180733e10000000a155369/content.htm
For applying certificates, you need to configure SSL on java stack.
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/197e6aec-0701-0010-4cbe-ad5ff6703c16
Regards,
Prateek -
SOAP call with attachment from ABAP
Dear ABAP guru's
We have a requirement to trigger a SOAP call from the ABAP stack. We have used the instructions from SAP as specified in the SAP help as specified in this link:
http://help.sap.com/saphelp_47x200/helpdata/en/2d/64d029e74911d6b2e400508b6b8a93/frameset.htm
This works fine. However, we would like to send an attachment with the call and don't see a method available for this. Is there anybody who knows how to achieve this?
Thanks a lot in advance,
Rudy ClaassenDear ABAP guru's
We have a requirement to trigger a SOAP call from the ABAP stack. We have used the instructions from SAP as specified in the SAP help as specified in this link:
http://help.sap.com/saphelp_47x200/helpdata/en/2d/64d029e74911d6b2e400508b6b8a93/frameset.htm
This works fine. However, we would like to send an attachment with the call and don't see a method available for this. Is there anybody who knows how to achieve this?
Thanks a lot in advance,
Rudy Claassen -
Webservice call with certificate base authentication
Hi ,
Usually while sharing the WSDL with any third party we share the credentials of the system which is used to make the connection to SAP PI system.
I current scenario the tool which is consuming the WSDL cannot store the username password and can only store certificates .
Can you please guide what all steps we need to do to share the certificates , also what certificate we have to share .HI Hareesh ,
Thanks for the pointer , I have done all the settings as mentioned in the blog . Just curious it says one place "Click on certificate tab, Click on modify and then upload the certificate you have with your partnerClick on certificate tab, Click on modify and then upload the certificate you have with your partner"
Do we need to import the PI server certificate or we have to install the certificate of 3rd party who is calling the webservice ?
I am doing the connection test from SOAP UI but it is still giving me 401 – Unauthorized error -
Troubleshooting SOAP Call with ABAP Client Proxy
Hello,
we want to make a synchronous call to a web service from ABAP via HTTP / SOAP. The third party system provides a WSDL which we have used to create a client proxy in ABAP.
The request call works fine, but we do not get any SOAP response.
The question now is which monitoring / debugging capabilties are recommended on the SAP system to track down the problem? Which transactions and monitoring functionalities should I use?
Thank you very much for your advise!
Edited by: Florian G. on Jun 6, 2010 2:47 PMHi Prasad,
Here is an example of each one... notice the difference between the Username elements in each of the requests:
qualified -
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ver="http://somenamespace">
<soapenv:Header/>
<soapenv:Body>
<ver:GetUserRequest>
<ver:IdmRequestContext>
<ver:UserName></ver:UserName>
</ver:IdmRequestContext>
</ver:GetUserRequest>
</soapenv:Body>
</soapenv:Envelope>
unqualified -
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ver="http://somenamespace">
<soapenv:Header/>
<soapenv:Body>
<ver:GetUserRequest>
<ver:IdmRequestContext>
<UserName></UserName>
</ver:IdmRequestContext>
</ver:GetUserRequest>
</soapenv:Body>
</soapenv:Envelope>
If you have the option of the WSDL definition changing that attribute to unqualified then it should start working immediately. If that is not an option then your ABAP mapping needs to handle the namespace insertion into the XML. I achieved this in my requirement by using a graphical mapping instead because I imported the WSDL as an external definition and mapped my proxy 1:1 to each element in the external definition.
Regards,
Ryan Crosby -
Error in 'HR_EMPLOYEE_ENQUEUE' called with RFC
Hello,
I need to Enqueue an employee in the remote system and after this, create an absence. Im using the FM 'HR_EMPLOYEE_ENQUEUE' and is working but when the RFC ends, the lock is removed!! and I can´t create the absence afterwards.
Do you hava any idea? I cannot create a new FM including both things, I need to call them separately, but the lock is losted!!
Thanks & Regards.
Fernando.Hi Fernando,
One option is, to create another Z FM (RFC) which does the whole thing.
This new Z FM will do the following things:
a) first enqueue
b) create the absence
c) lastly dequeue the employe
This new Z FM (RFC enabled) will have to be created in the target system. In this way since the RFC connection will persist til the end of the logic, the enqueue will work.
Regards,
Amit Mittal. -
External SOAP-Call ends with general error "PART UNKNOWN (NULL)"
Hi,
we generated a consumer proxy using the following WSDL file:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions targetNamespace="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt" xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:impl="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt" xmlns:intf="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns1="https://soap.global-esign.com/xsd" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<!--WSDL created by Apache Axis version: 1.3
Built on Oct 05, 2005 (05:23:37 EDT)-->
<wsdl:message name="CreatePdfSignatureRequest">
<wsdl:part name="in0" type="xsd:string"/>
<wsdl:part name="in1" type="xsd:string"/>
<wsdl:part name="in2" type="xsd:base64Binary"/>
<wsdl:part name="in3" type="xsd:string"/>
<wsdl:part name="in4" type="xsd:boolean"/>
<wsdl:part name="in5" type="xsd:string"/>
<wsdl:part name="in6" type="xsd:string"/>
</wsdl:message>
<wsdl:message name="CreatePdfSignatureResponse">
<wsdl:part name="CreatePdfSignatureReturn" type="xsd:base64Binary"/>
</wsdl:message>
<wsdl:portType name="GlobalEsignSoapExt">
<wsdl:operation name="CreatePdfSignature" parameterOrder="in0 in1 in2 in3 in4 in5 in6">
<wsdl:input message="impl:CreatePdfSignatureRequest" name="CreatePdfSignatureRequest"/>
<wsdl:output message="impl:CreatePdfSignatureResponse" name="CreatePdfSignatureResponse"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="GlobalEsignSoapExtSoapBinding" type="impl:GlobalEsignSoapExt">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="CreatePdfSignature">
<wsdlsoap:operation soapAction=""/>
<wsdl:input name="CreatePdfSignatureRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://GlobalEsign.tsi.de" use="encoded"/>
</wsdl:input>
<wsdl:output name="CreatePdfSignatureResponse">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt" use="encoded"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="GlobalEsignSoapExtService">
<wsdl:port binding="impl:GlobalEsignSoapExtSoapBinding" name="GlobalEsignSoapExt">
<wsdlsoap:address location="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
The coding of the test program is:
*& Report Z_SOAP_PDF_SIGNATUR
REPORT z_soap_pdf_signatur.
*------ Type pools
type-pools: sai.
*------ Class definitions and references
DATA: lo_zpdf_sign TYPE REF TO zpdfco_global_esign_soap_ext,
lo_system_fault TYPE REF TO cx_ai_system_fault,
lo_appl_fault type ref to cx_ai_application_fault.
*------ data
DATA: output TYPE zpdfcreate_pdf_signature_respo,
input TYPE zpdfcreate_pdf_signature.
DATA: wa_controller TYPE prxctrl.
DATA: pdfout(255) TYPE c VALUE
'C:/TEMP/pp-20080229-93ES-40010-0013439840-1690000005.pdf',
pdfsign(255) TYPE c VALUE
'C:/TEMP/pp-20080229-93ES-40010-0013439840-1690000005-sign.pdf',
wa_objcont TYPE soli,
objcont LIKE soli OCCURS 0.
DATA: xlines TYPE string,
buffer TYPE xstring,
x_msg TYPE c LENGTH 100.
TRY.
CREATE OBJECT lo_zpdf_sign
EXPORTING
logical_port_name = 't_systems'.
CATCH cx_ai_system_fault .
ENDTRY.
* read unsigned pdf
OPEN DATASET pdfout FOR INPUT MESSAGE x_msg
IN BINARY MODE.
TRY.
READ DATASET pdfout INTO xlines.
CATCH cx_sy_file_open_mode.
EXIT.
ENDTRY.
CLOSE DATASET pdfout.
* convert string
CALL FUNCTION 'SCMS_STRING_TO_XSTRING'
EXPORTING
text = xlines
* MIMETYPE = ' '
* encoding = 'UTF-8'
IMPORTING
buffer = buffer
EXCEPTIONS
failed = 1
OTHERS = 2 .
TRY.
input-in0 = 'user'.
input-in1 = 'password'.
input-in2 = buffer.
input-in3 = 'affilinet'.
CALL METHOD lo_zpdf_sign->create_pdf_signature
EXPORTING
input = input
IMPORTING
output = output.
CATCH cx_ai_system_fault INTO lo_system_fault.
DATA: lv_message TYPE string.
DATA: lv_message_long TYPE string.
CALL METHOD lo_system_fault->if_message~get_text
RECEIVING
result = lv_message.
CALL METHOD lo_system_fault->if_message~get_longtext
RECEIVING
result = lv_message_long.
WRITE lv_message.
WRITE lv_message_long.
CATCH cx_ai_application_fault into lo_appl_fault.
DATA: lv_messaap TYPE string.
DATA: lv_messaap_long TYPE string.
CALL METHOD lo_appl_fault->if_message~get_text
RECEIVING
result = lv_messaap.
CALL METHOD lo_appl_fault->if_message~get_longtext
RECEIVING
result = lv_messaap_long.
WRITE lv_messaap.
WRITE lv_messaap_long.
ENDTRY.
LOOP AT output-controller INTO wa_controller.
WRITE:/ wa_controller-field.
WRITE:/ wa_controller-value.
ENDLOOP.
* store signed pdf
OPEN DATASET pdfsign FOR output MESSAGE x_msg
IN BINARY MODE.
transfer output-CREATE_PDF_SIGNATURE_RETURN
to pdfsign.
Processing the soap call in the test programm ends in a system exception (cx_ai_system_fault) with the message:
"General Error Es ist ein Fehler bei der Proxy-Verarbeitung aufgetreten ( PART UNKNOWN (NULL) )"
It seems as if there is no response or a response in a wrong format given by the webservice.
We had a look at the ICF-Trace.
The request seems to be a proper soap-call.
But the response is not in XML-format and therefore could not be completely displayed.
it says:
Ungültig auf der obersten Ebene im Dokument. Fehler beim Bearbeiten der Ressource 'file:///C:/Dokumente und Einstellungen/S...
HTTP/1.1 200 OK
^
Could anybody help ?
Kind regards
HeinzHello Mathias,
in our case the problem was, that the WDSL used parameters, which were not correcty interpreted by the SAP-Routine that creates the proxy.
We changed the WDSL using only paramters covert by SAP.
Here ist the WSDL that worked fine:
<?xml version="1.0" encoding="utf-8" ?>
- <wsdl:definitions targetNamespace="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:tns="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt" xmlns:tsi="http://GlobalEsign.tsi.de">
- <wsdl:documentation>
<sidl:sidl xmlns:sidl="http://www.sap.com/2007/03/sidl" />
</wsdl:documentation>
- <wsdl:types>
- <xsd:schema elementFormDefault="qualified" targetNamespace="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt" xmlns="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt">
- <xsd:complexType name="CreatePdfSignature">
- <xsd:sequence>
<xsd:element name="in0" type="xsd:string" />
<xsd:element name="in1" type="xsd:string" />
<xsd:element name="in2" type="xsd:base64Binary" />
<xsd:element name="in3" type="xsd:string" />
<xsd:element name="in4" type="xsd:boolean" />
<xsd:element name="in5" type="xsd:string" />
<xsd:element name="in6" type="xsd:string" />
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
- <xsd:schema targetNamespace="http://GlobalEsign.tsi.de" xmlns="http://GlobalEsign.tsi.de">
<xsd:import namespace="https://soap.global-esign.com/axis/services/GlobalEsignSoapExt" />
<xsd:element name="CreatePdfSignature" type="tns:CreatePdfSignature" />
- <xsd:element name="CreatePdfSignatureResponse">
- <xsd:complexType>
- <xsd:sequence>
<xsd:element name="CreatePdfSignatureReturn" type="xsd:base64Binary" />
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:schema>
</wsdl:types>
- <wsdl:message name="CreatePdfSignature">
<wsdl:part name="CreatePdfSignature" element="tsi:CreatePdfSignature" />
</wsdl:message>
- <wsdl:message name="CreatePdfSignatureResponse">
<wsdl:part name="CreatePdfSignatureResponse" element="tsi:CreatePdfSignatureResponse" />
</wsdl:message>
- <wsdl:portType name="GlobalEsignSoapExt">
- <wsdl:operation name="CreatePdfSignature">
<wsdl:input message="tns:CreatePdfSignature" />
<wsdl:output message="tns:CreatePdfSignatureResponse" />
</wsdl:operation>
</wsdl:portType>
</wsdl:definitions>
<wsdl:part name="in1" type="xsd:string"/> was changed to <xsd:element name="in0" type="xsd:string" /> .
Please let me know, whether you succeeded.
Kind regards
Heinz Schäfe -
Weblogic app server wsdl web service call with SSL Validation error = 16
Weblogic app server wsdl web service call with SSL Validation error = 16
I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
Cannot complete the certificate chain: No trusted cert found
Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
Validation error = 16
From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
Here is how I load trustStore and keyStore in my java program:
System.setProperty("javax.net.ssl.trustStore",”cacerts”);
System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
System.setProperty("javax.net.ssl.trustStoreType","JKS");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.keyStore", keyStoreName);
System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd); System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
Here is how I create cacerts using verisign hierarchy certs (in this order)
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
Because my program is a weblogic app server, when I start the program, I have java command line options set as:
-Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.enforceConstraints=strong
That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
1. Do I create “cacerts” the correct order with right keeltool options?
2. Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
3. Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
4. Do I need to put the “cacerts” to some specific weblogic directory?
---------------------------------wsdl file
<wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp:Policy wsu:Id="TokenServices_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="true"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
<xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ITokenServices_GetUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
</wsdl:message>
<wsdl:portType name="ITokenServices">
<wsdl:operation name="GetUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="TokenServices" type="tns:ITokenServices">
<wsp:PolicyReference URI="#TokenServices_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="GetUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="TokenServices">
<wsdl:port name="TokenServices" binding="tns:TokenServices">
<soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
<wsa10:EndpointReference>
<wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
----------------------------------application log
adding as trusted cert:
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>I received a workaround by an internal message.
The how to guide is :
-Download the wsdl file (with bindings, not the one from ESR)
-Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
-Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
-Create a new logicial destination that point to the wsdl file modified
-Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
Then the received data is check by the metadata logical destination but the data is retrieved from the correct server. -
SOAP Receiver with HTTPS(without certificate)
Hi experts
Receiver system not using any certificate. Without certificate How PI can send message through HTTPS using SOAP.
How to choose HTTPS transport protocol. (Here Target Url have Https://.....)
Here I am using PI7.1 EHP1.
I configured Receiver SOAP CC as
Transport protocol as HTTP
Taget Url https://api-demo.e-xact.com/transaction
It will work? if not how to enable Https in SOAP receiver
but I am getting below error In adapter
Adapter Framework caught exception: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Thank you
SriniHi Srini,
The main reasons for this error "Peer certificate rejected..." be appearing are the following:
1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in the URL below:
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi711/helpdata/EN/ea/c91141e109ef6fe10000000a1550b0/frameset.htm
2. The server certificate chain contains expired certificate. Check for it (that was the cause for other customers as well) and if it's the case renew it or extend the validation.
3. Some other customers have reported similar problem and mainly the problem was that the certificate chain was not in correct
order. Basically the server certificate chain should be in order Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Please generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again. Please take this third steps as the principal one.
4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period.
(This certificate is the one which is sent to Server for Client authentication)
As a resource, you may need to create a new SSL Server key.
The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site. I mean if I request URL X then the CN must be CN=X.
In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
In any other case the SSL communication will not work.
Regards,
Caio -
Partner claiming no certificate attached in SOAP call
Having a weird situation here. Trying to send an outbound SOAP call to a 3rd party. They claim that the reason we continue to get forbidden error is because there are no certificates attached with the message. We are reaching their server so it's not a firewall issue.
I have setup the receiver SOAP adapter and tried specifying the client authentication by choosing the private key that's in the key store in Visual Admin.
Ive also tried selecting web services security and configuring the receiver agreement. In the logs I continue to see the below message.
"Attempting to create outgoing ssl connection without trusted certificates"
This seems to back up what the partner is saying. Why would this occur?This scenario is slightly different. All certificates are loaded in the keystore.
In order to authenticate thru their gateway, we provided them with our public key. We then need to use that public key when sending the message. Slightly different from the normal way this works but it shouldnt make a difference as long as we select the right cert in the ID.
I confirmed in the logs it's trying to load the keystore view and entry I specify, yet they still don't see any certificate in the request. I can't seem to verify this on my own as I can't see what's actually being sent to them.
Another thing I noticed is that the selection help in the receiver soap adapter only lists the private key entries vs the public key entries. You have to manually type in the right entry. -
Error in SOAP Receiver Adapter with HTTPS
Dear All,
I am developing a SOAP to SOAP scenario with HTTPS i.e. client without authentication and I am facing an issue with the receiver adapter. Few messages fails in the receiver side while rest are successful.
Error - Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Please let me know what can be the reason for the error.
Thanks and Regards,
Rana Brata DeHi Rana,
Check the certificates sequence as well the certificates end dates in STRUST in SAP PI system. if, deployed in NWA level check over there.
One more :: sending the data to web server or web page. make sure, PI is pointing to which server.
Regards,
Kesava. -
Error SOAP: call failed: java.io.IOException: Read timed out; HTTP 200 OK
Hi PI gurus,
Need some suggestions on one issue below -
Scenario - proxy (SAP) to SOAP (Web based system)
In the RWB Communication Channel Monitirong we are receiving the below error
" Error SOAP: call failed: java.io.IOException: Read timed out; HTTP 200 OK"
the request from XI system is going to target system and printing the lables (as per the functionality) with no issues but the comminication channel is giving the above error and this is causing the repeated sending the same request to target sytem and the data is printing repeateadly. This issues is occuring in Quality environment.
Strangley the same Interface with the same connectivity details is working fine in Development environment. But not working in Quality environment. Checked the firewalls settings on both in XI and Target system side and confirmed that everything is fine.
Below are the Logs both from Quality and developement are as follows
Quality ( Failure Case)
17.03.2011 07:19:59 Success SOAP: request message entering the adapter with user J2EE_GUEST
17.03.2011 07:25:03 Error SOAP: call failed: java.io.IOException: Read timed out; HTTP 200 OK
Development (Success ful)
17.03.2011 07:27:55 Success SOAP: request message entering the adapter with user J2EE_GUEST
17.03.2011 07:27:58 Success SOAP: completed the processing
When we checked with basis team on user id J2EE_GUEST, they confirmed that they are same in Development and Quality.
I repeat,, that the same target url and everthing is same in XI Configuration
Thanks in Advance. Points would be rewared for the best solution.
Thanks,
JitenderHI Jitender,
If your scenariois working in DEV and if it is not working in QAS.Could you please check if both the systems are at same patch levels..
Please refer below notes :1551161,817894,952402.
Cheers!!!
Naveen. -
Hi, I am trying to implement custom hold order / send to in sharepoint 2010 to send files in to holds / record center.
I am at the last step where I am trying submit the metadata using soap call- submit file
[SoapDocumentMethod("http://schemas.microsoft.com/sharepoint/soap/recordsrepository/SubmitFile", RequestNamespace = "http://schemas.microsoft.com/sharepoint/soap/recordsrepository/", ResponseNamespace = "http://schemas.microsoft.com/sharepoint/soap/recordsrepository/", Use = SoapBindingUse.Literal, ParameterStyle = SoapParameterStyle.Wrapped)]
public string SubmitFile([XmlElement(DataType = "base64Binary")] byte[] fileToSubmit, [XmlArrayItem(IsNullable = false)] Microsoft.SharePoint.RecordsRepositoryProperty[] properties, string recordRouting, string sourceUrl, string userName)
return (string)base.Invoke("SubmitFile", new object[] { fileToSubmit, properties, recordRouting, sourceUrl, userName })[0];
I am getting an error "The request failed with http status 401: Unauthorized".
Actual file was transferred successfully but while transferring the properties (metadata) I am getting this exception.
ganeshHi ganesh,
Please try to disable the loop back check, compare the result:
In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Right-click Lsa, point to New, and then click DWORD Value.
Type DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1, and then click OK.
Quit Registry Editor, and then restart your computer.
In addition, please check if these links are useful:
http://www.sharepointpills.com/2011/10/send-sharepoint-2010-document-to.html
http://www.codeproject.com/Articles/497729/UploadingplusDocumentsplusProgramaticallyplustoplu
I hope this helps.
Thanks,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Wendy Li
TechNet Community Support -
Impersonating user with Soap calls
I want to create (and delete) calendar items in Outlook 2007 (and Exchange 2007).
I do this with soap calls in SOAP UI 5.0.0.
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:typ="http://schemas.microsoft.com/exchange/services/2006/types">
<soap:Header>
<typ:RequestServerVersion Version="Exchange2010_SP2"/>
<typ:ExchangeImpersonation>
<typ:ConnectingSID>
<!--<typ:PrincipalName>[email protected]</typ:PrincipalName>-->
<typ:SmtpAddress>[email protected]</typ:SmtpAddress>
</typ:ConnectingSID>
</typ:ExchangeImpersonation>
</soap:Header>
<soap:Body>
<CreateItem xmlns="http://schemas.microsoft.com/exchange/services/2006/messages"
xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"
SendMeetingInvitations="SendToAllAndSaveCopy" >
<SavedItemFolderId>
<t:DistinguishedFolderId Id="calendar"/>
</SavedItemFolderId>
<Items>
<t:CalendarItem xmlns="http://schemas.microsoft.com/exchange/services/2006/types">
<Subject>Planning Meeting - 1234</Subject>
<Body BodyType="Text">1234 - Plan the agenda for next week's meeting.</Body>
<ReminderIsSet>true</ReminderIsSet>
<ReminderMinutesBeforeStart>60</ReminderMinutesBeforeStart>
<Start>2014-07-22T14:00:00</Start>
<End>2014-07-23T15:00:00</End>
<IsAllDayEvent>false</IsAllDayEvent>
<LegacyFreeBusyStatus>Busy</LegacyFreeBusyStatus>
<Location>Conference Room 721</Location>
</t:CalendarItem>
</Items>
</CreateItem>
</soap:Body>
</soap:Envelope>
I created an event in my own calendar (without the typ:ExchangeImpersonation part).
So now I want to create an event in an other user's calendar.
I have an admin account, who got al rights to do this.
But when I configure my endpoint and Authorization (NTLM) to the admins credentials, I get this as response:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://schemas.microsoft.com/exchange/services/2006/types">a:ErrorImpersonateUserDenied</faultcode>
<faultstring xml:lang="nl-BE">The account does not have permission to impersonate the requested user.</faultstring>
<detail>
<e:ResponseCode xmlns:e="http://schemas.microsoft.com/exchange/services/2006/errors">ErrorImpersonateUserDenied</e:ResponseCode>
<e:Message xmlns:e="http://schemas.microsoft.com/exchange/services/2006/errors">The account does not have permission to impersonate the requested user.</e:Message>
</detail>
</s:Fault>
</s:Body>
</s:Envelope>
Admin got all the rigths to do this (normally).
So how can I create an event in another users calendar, with SOAP calls?
Is this with the use of typ:ExchangeImpersonation ?
TYFixed
For anyone who wants to know:
<SavedItemFolderId>
<t:DistinguishedFolderId Id="calendar">
<t:Mailbox>
<t:EmailAddress>[email protected]</t:EmailAddress>
</t:Mailbox>
</t:DistinguishedFolderId>
</SavedItemFolderId>
And login with admin credentials.
see
http://blogs.msdn.com/b/mstehle/archive/2009/06/16/exchange-api-team-blog-exchange-impersonation-vs-delegate-access.aspx
Maybe you are looking for
-
Safari 6.0.1 keeps crashing "unexpectedly"?
Starting today, every time I open Safari it crashed unexpectedly within 5 minutes or so, sometimes instantly. I'm running Safari 6.0.1 on Mountain Lion on my Macbook Pro retina. I installed the update for both Mountain Lion and iPhoto that popped up
-
How do I create a group in contacts for texting?
How do I create a group in contacts for texting to several people?
-
Export to epub with linked ai files result in low quality images
I have a 220 page indesign cc doc which I am exporting to epub fixed layout. I have around 100 linked ai files. When I export, the main paragraph text is crisp and lovely but the ai figures are a little fuzzy. I have tested different settings in the
-
EBusiness Suite Integration Best Practice
I'm just starting an integration project with eBusiness Suite. We are using SOA Suite for the majority of the intergration points but I have a question over large flat files, e.g. 100MB+. SOA suite doesn't handle these too well as you need to do a lo
-
Load file into BPS - Excel File
Hi Guys, Could someone please tell me how to load excel into BPS, the "Loading file Into BPS" loads text file but i need to load excel instead. I know we need to just change few lines of the ABAP code to make it work for excel, but don't