How to use HTTPS with sender SOAP Adapter

Similar Messages

• How to make call to Sender Soap Adapter using HTTPS with Client Aut

  Hello everyone, I have spent some time trying to get this to work. We downloaded a trail certificate from SAP and installed it on our machine and I created a webservice that works great. I tested the HTTPS without client authentification and it works great, as soon as I change it to use with Client Authentification I can't get it to go through. I am using Soap Sonar to test the certificates. To get the certificate I called the url with firefox then saved the certificate in my trust store, from there I import it to soap sonar as a signed certificate, but I am getting the error  <Exception>Object contains only the public half of a key pair. A private key must also be provided.</Exception>  I assume I am doing something way wrong, is there a way to get the certificate with both public and private key pair, or a way to test this that I can't seem to find in documentation or blogs?
  I def award points
  Cheers
  Devlin

  Hi
  I think This link is useful to u
  http://www.sapag.co.in/SAP-XI-SOAP-Adapter-FAQ'S.html
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/40611dd6-e66e-2910-f383-e80fb44f9cd4
  Thanks
  Santosh

• Certificate based authentication with sender SOAP adapter. Please help!

  Hi Experts,
     I have a scenario where first a .Net application makes a webservice call to XI via SOAP Adapter. Then the input from the .Net application is sent to the R/3 system via RFC adapter.
  .Net --->SOAP -
  >XI -
  >RFC -
  R/3 System
  Now as per client requirement I have to implement certificate based authentication in the sender side for the webservice call. In this case the .Net application is the "client" and XI is the "server". In other words the client has to be authenticated by XI server. In order to accomplish this I have setup the security level in the SOAP sender channel as "HTTPS  with client authentication". Additionally I have assigned a .Net userid in the sender agreement under "Assigned users" tab.
  I have also installed the SSL certificate in the client side. Then generated the public key and loaded it into the XI server's keystore.
  When I test the webservice via SOAPUI tool I am always getting the "401 Unauthorized" error. However if I give the userid/password for XI login in the properties option in the SOAPUI tool then it works fine. But my understanding is that in certificate based authentication, the authentication should happen based on the certificate and hence there is no need for the user to enter userid/password. Is my understanding correct? How to exactly test  certificate based authentication?
  Am I missing any steps for certificate based authentication?
  Please help
  Thanks
  Gopal
  Edited by: gopalkrishna baliga on Feb 5, 2008 10:51 AM

  Hi!
  Although soapUI is a very goot SOAP testing tool, you can't test certificate based authentication with it. There is no way (since I know) how to import certificat into soapUI.
  So, try to find other tool, which can use certificates or tey it directly with the sender system.
  Peter

• How i use header fields in soap adapter

  Hi Experts,
  I need use  header fields http  in soap adapter receiver but i don't know where's the Variable Header
  Do you know where i find this?
  Somebody know how i put header fields http in soap adapter receiver?
  Thanks for all,

  It is similar like in this blog:
  /people/william.li/blog/2006/04/18/dynamic-configuration-of-some-communication-channel-parameters-using-message-mapping
  Find in the online help the values for the SOAP adapter.
  You can only add additional fields, you cannot influence the standard field like content-type and content-id.
  Regards
  Stefan

• How to use HTTPS with JSSE URLConnection in servlet

  Hi, I have a servlet that calls another servlet using the URLConnection class. This seems to work very well if I am using http. However when trying to call it using https using JSSE I get the following error:
  "javax.net.ssl.SSLHandshakeException: untrusted server cert chain."
  The following is the code that I am using in the servlet:
            java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
            System.getProperties().put("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
            this.servlet = new URL(servletURL);
            URLConnection conServlet = servlet.openConnection();
  Both of these servlets are under IIS on my machine. I am able to execute each of the servlets from the browser using https directly. Does this sounds like an SSL certifcate problem or is that something in the Java code? Any ideas greatly appreciated.

  Hi,
  Perhaps you can create your own trust manager. I've found this example in another newsgroup: (please note that this example trusts everyone, but you can modify the trust manager as you wish)
  if (putUrl.startsWith("https"))
    //set up to handle SSL if necessary
    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    System.setProperty("javax.net.debug", "ssl,handshake,data,trustmanager");
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    //use our own trust manager so we can always trust
    //the URL entered in the configuration.
    X509TrustManager tm = new MyX509TrustManager();
    KeyManager []km = null;
    TrustManager []tma = {tm};
    SSLContext sc = SSLContext.getInstance("ssl");
    sc.init(km,tma,new java.security.SecureRandom());
    SSLSocketFactory sf1 = sc.getSocketFactory();
    HttpsURLConnection.setDefaultSSLSocketFactory (sf1);
  m_url = new URL (putUrl);
  class MyX509TrustManager implements X509TrustManager {
  public boolean isClientTrusted(X509Certificate[] chain) {
    return true;
  public boolean isServerTrusted(X509Certificate[] chain) {
    return true;
  public X509Certificate[] getAcceptedIssuers() {
    return null;
  }Hope this helps,
  Kurt.

• Sender SOAP Adapter problem in PI 7.1

  Hello Everyone,
  I have a problem with Sender SOAP  Adapter
  In PI 7.0 i am able to receive the messages through sender SOAP Adapter for both HTTP and HTTPS. But when i am testing in PI 7.1 i am unable to receive any messages at Adapter level for both HTTP and HTTPS
  All sender leagcy system are getting different error messages like
  1. 400 HTTP Bad request.
  2. Invalid request.
  3. BAPI  error message
  Could any one please assist me in this problem.
  Thanks
  Vick

  Hi Vick,
  Try like this......in ID from your sender agreement in which you have your sender SOAP comm channel, from menu select Display WSDL and then copy the WSDL URL and give it to source applications to use it.............create a service user for them to access PI 7.1 server while sending the SOAP req msg.............
  your source applications may have to generate proxy from this WSDL URL in their application and then they can send a SOAP req msg to your PI 7.1 server............
  Regards,
  Rajeev Gupta

• Failed in Message Mapping for Sender SOAP Adapter

  I am using a synchronous Sender SOAP adapter for sending SOAP messages using HTTP security protocol. I am trying to send SOAP messages to XI and then to RFC-R/3. And Responses back from RFC to XI and then to SOAP. I am getting an error for failed in message mapping in SXMB_MONI for converting SOAP messages to RFC. When I debug it in Message Mapping in Integration Repository, it works fine.
  Any help is appreciated.
  Thanks in advance!
  Mrudula

  Hi,
  try to do a full cache refresh
  regards,
  Jakub

• Sender SOAP Adapter - XMLAnonymizerBean

  Hi All,
  I am trying to use XMLAnonymizerBean in " sender SOAP Adapter " with out much luck .
  Even though I have enter the bean in the module chain , the xml o/p to the mapping program is still
  continuing to have namespaces which I was trying to remove.
    If some body has tried this out , could you kindly confirm if XMLAnonymizerBean could be used or
  not in a Sender SOAP Adapter.
  Many thanks
  KLK

  This blog says - "It is not possible to use this module in the sender SOAP adapter as this adapter type does not support any additional modules. "
  /people/stefan.grube/blog/2007/02/02/remove-namespace-prefix-or-change-xml-encoding-with-the-xmlanonymizerbean
  Regards,
  Ravi

• How to use Basis Authentication in Sender SOAP Adapter

  We implemented one Sender SOAP Adapter and we had to implement the modified WEB.XML method to remove the security specification.  We have now asked the developer to correct this situation so we can remove this modification.  The Interface developer would like to use Basic Authentication. If you have an automated interface sending in a SOAP Message, how do you do Basic Authentication? 
  I've tried using:
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  When I do this, I still get the Authentication Pop-Up Window.
  How does the Sending Interface either supply the ID and Password on the incoming SOAP Message or respond to the Authentication Pop-Up?
  Thanks,
  Anne

  By Defualt the web service exposed by you will use Basic Authentication mode only.
  But the way you do Basic Authentication in the web client is platfrom dependent.
  This is not the way to do Basic authentication
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  I am providing you a code snippet on how to Basic Authentication in Java when making the Web Service Call.
  If the client is on some other platform just look for the corresponding api.
  Please award points if you find this answer useful.
  Code Snippet
  URL url = new URL(URL);
  URLConnection connection = url.openConnection();
  if( connection instanceof HttpURLConnection )
  ((HttpURLConnection)connection).setRequestMethod("POST");
       //connection.setRequestProperty("Content-Length",Integer.toString(content.length()) );
       connection.setRequestProperty("Content-Type","text/xml");
       connection.setDoOutput(true);
       String password = User + ":" + Password ;
        //Where con is a URLConnection 
       connection.setRequestProperty ("Authorization", "Basic " + encode(User + ":"+ Password));
       connection.connect();
  Encode Method
  public static String encode (String source) {
  BASE64Encoder enc = new sun.misc.BASE64Encoder();
  return(enc.encode(source.getBytes()));

• Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

  Hello All,
  We are currently building up a HTTPS message exchange with an external client.
  Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
  The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
  Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
  Now we have to configure the addtional Client Authentication.
  At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
  But what are the next steps to get this scenario successfully in place?
  Many thanks in advance!
  Jochen

  Hi Colleagues,
  following Steps still have to be done:
  - Mapping public key to technical user at Java Stack
    As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
  - Be sure CA root certivicate at Database under STRUSTSSO2
  - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
  - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
  Many thanks to all for support!
  Regards,
  Jochen

• Sender SOAP Adapter with Https

  Hi,
  can any one give me information on  how my Sender SOAP adapter to be configured with HTTPS port.
  please give me the what are all different ways to make my Sender SOAP Adapter secure and give me the steps to achieve the functionality.
  Thank You,
  Madhav

  check this section:
  http://help.sap.com/saphelp_nw70/helpdata/EN/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  Also some help from SAP note:
  https://service.sap.com/sap/support/notes/891877
  Regards,
  Abhishek.
  Edited by: abhishek salvi on May 29, 2009 1:59 PM

• How to catch the sender SOAP adapter http response?

  Hi eXperts,
  I've a sender soap adapter opened to customer as webservice. When customers call this webservice, data is coming into XI and works fine. But the customer is complaining that the expected HTTP 200 response is not sent back to the calling SOAP client.
  So my question is: Is there a way to catch the http 200 response from sender adapter, or at least get to know if the sender adapter has sent the response?
  Thanks in advance.
  Regards
  Luis

  Hi,
  If I understood it correcly... Sender is a Async SOAP call and the sender system is expcting a status back of HTTP 200. Are you sure you had set the quality of effort to Exactly Once? If not please try setting it.
  You can also go to Adapter monitoring or Communication channel monitoring in the Runtime workbench and see if the Sender SOAP adapter is fine.
  http://help.sap.com/saphelp_nw04/helpdata/en/5e/164442c1a1c353e10000000a1550b0/content.htm
  Thanks,
  Prakash

• HTTPS sender soap adapter

  Hi,
  I want to use HTTPS port for one of our SOAP -->RFC sync interface .
  currently we are using  http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel this url and its working fine,
  Here  we want to use  HTTPS  ( HTTPS with client authentication as security level) ,but in our current PI system ( 7.31) is  not enabled https/ports.
  Please let me know how we can enable  HTTPS  port ,let me know the process.
  once HTTPS port is enabled  please let me know the process to use  HTTPS with client authentication as security level)
  Thanks
  Surya

  Hi Surya,
  Base on your requirement ports like 433, 4022 etc as per availability to Trading partners.
  Port mapping should be done in the firewall configuration as your web dispatcher port(This information can be obtained from your basis team / will be managed at the installation time / netweaver administration.)
  80* series is for ABAP ports and 50* series i sfor JAVA port.
  Also check the below link for more information.
  http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/09/20/sender-soap-adapter-https-with-client-authentication
  Thanks and Regards,
  Naveen

• Special characters in sender soap adapter provoke HTTP 500 error

  Hi,
  SAP R3 is sending a SOAP message to PI through SOAP adapter.
  When the payload does NOT contain german characters like ü, it works fine.
  However, when the payload DOES contain special characters, the SOAP adapter replies with an HTTP 500 code error.
  If I use SoapUI to send the soap message, and setting UTF-8 as the encoding in the program options, it will go through fine. If I change to ISO-8859-1 it will fail.
  I'm thinking in two options:
  - Make sure that SAP R3 sends the message in UTF-8 format (I think this is happening currently), as if SoapUI works, then probably R3 is not using UTF-8.
  - Force the adapter to use UTF-8. Is this possible? In the sender SOAP adapter I've added AF_Modules/MessageTransformBean (type local EB), and then Transform.ContentType for parameter name and --> text/plain;charset=utf-8 for parameter value. The sender adapter will fail then for every message, with or without special characters.
  Anyway, in this link (http://help.sap.com/saphelp_nwpi71/helpdata/EN/a4/f13341771b4c0de10000000a1550b0/frameset.htm) it seems to say that the sender soap adapter cannot be extended with modules, so maybe that's the reason why it fails when trying to add a module.
  Thanks

  If I use SoapUI to send the soap message, and setting UTF-8 as the encoding in the program options, it will go through fine. If I change to ISO-8859-1 it will fail.
  I'm thinking in two options:
  Check the use of option 1 ..... the URL which SAP is using to send the data can containe the encoding information.
  Check this SAP note: https://service.sap.com/sap/support/notes/856597
  From the above note:
  Q: What character encoding is supported by the SOAP sender adapter?
  +you can supply the encoding information with the xmlenc variable in the request URL as in+
  Regards,
  Abhishek.

• How to build in user authorisation in sender soap adapter

  HI ,
  how can i built the user authorisation in sender soap adapter. either in a url or somewhere on the server .
  if anyone has an idea do let me knwo
  Thanks
  Nikhil

  Nikhil,
  <b>sender soap adapter</b> is used for ex in the case, u need some data from the DB say of a vendor. U give the name of the vendor in the site, suppose u get the contact address of the vendor from the DB.
  Sender soap adapter sends the soap request from the client to XI and from XI the request is passed to DB.
  With XI, WSDL file is generated and SOAP request is generated for the WSDL file. When the WSDL is deployed on the client application, the authorization is handled.
  For receiver SOAP adapter, it is the otherway round u r getting the data from the DB first and so the authorizations are held in XI.
  -Naveen.