Http content Server - putCert specification
Hello,
I am trying to develop a HTTP Content server for connection with SAP but I encounter difficulties while implementing security.
The methode putCert stores the certificate from SAP but it seems like it is a X509 v1 certificate and not a V3. like mentionned in the spec doc
Moreover SHA1 seem to be used and not MDS.
Is there any particular reason?
Thank you
Ok finally managed to implement security on the SAP Content Server.
this code snippet works:
Provider bc = new BouncyCastleProvider();
int i = Security.addProvider(bc);
byte[] message2Sign = "E25B5CECB6846E1F4F92C9E9058BC415FDrCN%3DC1120071026161701".getBytes();
String good = "MIIBlAYJKoZIhvcNAQcCoIIBhTCCAYECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAWAwggFcAgEBMBMwDjEMMAoGA1UEAxMDQzExAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzEwMjYxNDE3MDFaMCMGCSqGSIb3DQEJBDEWBBT/ObaVw5qhQRX5MTMnyVqptXhwnTCBpgYFKw4DAhswgZwCQQEi9Vy1IpGpgBwpby66sV16jIHOJkoJI/blRDbeogY2IS69a9JmlAfQEnttGqA3jv/QAf98zFtmFpsDwniO1AhUBQNzq3BaLZ3Vj2dGBB5HPZh5eBa0CQHsZv4pNumfHRNhmlbKK9TDgPQrDDnG7F51g1FhTAFvceltg20WjHE/dFaH8jkigzaJDkFIuV50yGPytGPYmekELzAtAhUBBudqwTj+JNfkpr6BausHDZpqMmUCFC9rWauPQhjYNp4tiHWPmpgw9NXl";
String bad = "MIIBlAYJKoZIhvcNAQcCoIIBhTCCAYECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAWAwggFcAgEBMBMwDjEMMAoGA1UEAxMDQzExAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzEwMTgxMTQxNTVaMCMGCSqGSIb3DQEJBDEWBBS2xHiqu4ZssgcURXnsqxhf5kTCBpgYFKw4DAhswgZwCQQEi9Vy1IpGpgBwpby66sV16jIHOJkoJI/blRDbeogY2IS69a9JmlAfQEnttGqA3jv/QAf98zFtmFpsDwniO1AhUBQNzq3BaLZ3Vj2dGBB5HPZh5eBa0CQHsZv4pNumfHRNhmlbKK9TDgPQrDDnG7F51g1FhTAFvceltg20WjHE/dFaH8jkigzaJDkFIuV50yGPytGPYmekELzAtAhUBOKbZGs22bNiMQ8UkPL4vaPewDwCFFof2Pv04DXMDPj2SnZ7wMcCKTfH";
BASE64Decoder b64 = new BASE64Decoder();
byte[] signature = b64.decodeBuffer(good);
// get public key from cert
File toto = new File("/tmp/toto.txt");
FileInputStream fis = new FileInputStream(toto);
PKCS7 test = new sun.security.pkcs.PKCS7(fis);
java.security.cert.X509Certificate[] certs = test.getCertificates();
//PublicKey pk = certs[0].getPublicKey();
// construct PKCS7 data object
CMSProcessable processable = new CMSProcessableByteArray(message2Sign);
CMSSignedData s = new CMSSignedData(processable, signature);
// get 1st signer infos
SignerInformationStore signers = s.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
SignerInformation signer = (SignerInformation) it.next();
// verification
boolean test2 = signer.verify(certs[0], "BC");
System.out.println("Ok = " + test2);
Similar Messages
-
TREX not working for e-recruiting with HTTP content server
We have a separate e-recruiting instance where we have only e-recruiting functionality installed. In this system we are using Storate type as "http content server instead of standard setting "SAP system database" for HR_KW content repository via transaction code "OAC0"
Following are the details
Document Area: HR_KW
Storage type : HTTP Content Server
Version no. 0046 Content Server version 4.6
HTTP server vd24cs02.sce.com
Port Number 8080 SSL Port Number
HTTP Script archive
Phys. path /usr/sap/N09/SYS/global/
Points to be noted:
1) TREX Search functionality for Job postings etc is not
working with this setting, however if we use HR_KW_CONT (storage type=03 SAP System database) , above mentioned functionalities work. We observed that xml files required for TREX search are also not getting created when we change the settings.
2) We observed that when we change the storage type the indexing job is successful but application log shows some failures in reading/modifying xml files
Please let me know what are the settings/ procedure to use a different storage type instead of standard setting delivered with the product. Anything related to the setting for above requirementHi All,
I may have a similary problem but I'm not entirely sure.
I have been tasked with setting up a simple java servlet to authenticate against a BOXI (Business Objects) server, from my tomcat server (tomcat 5.5) on my windows XP desk top machine. I will add more info on this shortly.
I have been supplied with a krb5.ini file and the bscLogin.conf file as follows:
bscLogin.conf :
com.businessobjects.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required debug=true;
krb5.ini[libdefaults]
default_realm = ADF.SOMEWHERE.CO.UK
dns_lookup_kdc = true
dns_lookup_realm = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
[realms]
ADF.SOMEWHERE.CO.UK = {
kdc = DC90.ADF.SOMEWHERE.CO.UK
default_domain = ADF.SOMEWHERE.CO.UK -
hello,
I want to create manually the KPro-metadata for documents. do you knwo which tables (like SDOKSTCA) I have to consider and make entries?
the next step is to migrate still existing documents on a sap http content server into the sap kpro and sap dvs.
which steps I have to made? which fm´s tables do I need?
is there any documentation in the web for this topic?Check out this online help.
<a href="http://help.sap.com/saphelp_nw04/helpdata/en/58/2c0795e3914868ad716a524c158cb5/frameset.htm">Defining Content Repositories on the SAP Web Application Server</a>
Regards
Raja -
Decompress files in HTTP Content Server
Hello,
I have a problem with the consistency of files stored in HTTP content server. That is to say I have an inconsistency between the object and content of the linked file.
I have a controller program for consistency but I do not know how to decompress.
The files in the content server are compressed with CSCompress (I think). Is there a possibility to decompress this files ?
Tank you.
MichelHi Michel,
Conerning your questions regarding the possibility to decompress the
files outside the SAP system, I'm afraid this is not possible. The
document files are stored in a compressed format. Even if you managed
to extrace the files from the tables, their content still remains
compressed. In other words, you still have to rely on SAP Content
Server's decompression logic to generate the original content. The only
way to retrieve the files, therefore, is by using the SAP Content
Server HTTP Interface.
Regards,
David -
Store archiving IDoc's to an HTTp content server
Hi Guru's,
I want to store the archived IDoc's to an HTTP content server.
i have created an content server on OAC2 and i dont know how to link the archived IDocs to an HTTp content server.
I searched many forums, but i cant get the exact solution for this.
Could anyone help me on this.. pls...
Thanks in advance,
murugan..Hello,
I will take a final call on this - As i understand all the configuration is correct but not updating in link tables.
I also understand system Id is ok as PO and IDoC are working.
In Content repository creation for PO & IDoC you will be taking document area as Data Archiving but for Printlist content repo you have to select ArchiveLink.
If you have done above then check connectivity and send the certificate
In your Archive server (IXOS, EASY, DOCUMENTUM or so on ) Check same content repository is properly configured.. if possible refresh it. Check for certification from SAP.
You are facing connectivity issue so cross check carefull all archive server level.
Lastly check oss note
Let us hope for the best.
-Thanks,
Ajay. -
SAP HTTP Content Server and ECC 6 to be installed on same Windows system?
Hi Gurus:
I have ECC 6 (IDES) running on a Windows 2003 server already. I plan to install the SAP HTTP Content server on the same machine/same operating system. I will be the only user, just testing it out and learning things myself.
Is this advisable?
Also does anyone know the latest set of Content Server DVDs/CDs to download ?Deepak:
Thanks a lot.
My Content Server is running OK now.
Two repositories are created: one is DMS, one is on ArchLink (ArchiveLink).
But when I am trying to attach a PDF document to a PO, I got this:
HTTP error: 401 Unauthorized
Message no. CMS025
Diagnosis
Error in accessing via HTTP
401 Unauthorized
Any clue??? -
ArchiveLink with SAP HTTP Content Server configuration using SAPdb MaxDB
We have configured SAP 4.7 to use ArchiveLink to store outgoing POs. The POs are in PDF format and are to be stored on an SAP HTTP content server using MaxDB. We believe everything is setup but when we go to retrieve a stored file, using and HTTP link we do not see the document. Here is a sample HTTP link:
http://company-sap20.company200-sap.com:1090//ContentServer/ContentServer.dll?get&pVersion=0046&contRep=ZT&docId=47E9C60A28145211E10000000A0126F3
Can anybody give me a few pointers?
What table in the MaxDB shall I look at? Where is the docID being passed to?I'm sorry to say that I don't know.
AFAIK, the report gets documents from the document store. The Contentserver itself runs embedded in the Web-Server.
Besides the trial to write a trace file with the Contentserver (see Contentserver.ini somewhere on your Web-Server) I strongly recommend to open a customer message.
Regards Thomas -
Migration of documents from a http content server into sap kpro und sap dvs
hello,
I want to migrate documents from an http 4.5 content server into the sap knowledge provider (kpro) and in sap dvs with an abap program.
I know I have to create a PHIO and a LOIO and write it in the tables DMS_PH_CD1 and (only the LOIO) in DMS_DOC2LOIO.
Where I have to write my url for accessing the document on the content server?In which table?
What fm´s do I need to create the PHIO´s and LOIO´s?
Has anyone an idea and hints (like weblinks) to integrate documents from an content server into kpro and sap dvs?Hello,
the private key, where the hash is signed with is stored
in your AppServer directory $DIR_INSTANCE/sec and is
called SAPSYS.PSE. Where the PSE is a secude (www.secude.de) specific format which contains the private and the publik key.
But I guess you won't get the private key, because its private, unless you are the Administror
Then signig is done via the normal industry standards. (http://www.rsasecurity.com/)
regards,
mumba. -
Migration of SAP DMS documents from RFC Archive to SAP HTTP Content Server
Can anyone verify the correct OSS for the migration of documents from an RFC Archive repository (non SAP) in SAP DMS to a SAP Content Server HTTP Repository. Most of the OSS notes seem to indicate HTTP to HTTP migrations or based storage category migrations.
Which is the most suitable for this?
Edited by: Athol Hill on Oct 30, 2009 2:35 PMDear Athol,
If you want to move the originals from an archive or vault to a Content
Server, please use the DMS_KPRO_CONVERT and DMS_KPRO_CONVERT2 report I
would kindly ask you to see teh documentation on DMS_KPRO_CONVERT report
in transaction SE38, which explains the whole process and gives
necessary information.
This conversion program offers two possibilites:
- Complete migration:
The meta data of the document info record and the checked-in original
application files are migrated together. The checked-in original
application files are transported into the storage catgories.
- Step-by-step migration:
In the first step meta data is migrated. The original application files
remain in the old storage data. The migration of original application
files starts after you have processed the files with the integrated
viewer and checked them into a secure storage area.
Best regards,
Christoph -
HTTP Content Server - custom parameters
Hello!
Is there any possibility (even by using ABAP) to send parameters other than those 10 standard ones (stated in sap-help) in HTTP-GET request of the Content Server HTTP interface?
For example, I would like to send username of the current user who starts the HTTP-GET request. Is it possible? If yes, please show me how. On the other hand, if you are SURE that it is NOT possible, please reply as well, so that I can stop trying.
Are there alternative ideas on how to get the current username, even by calling a BAPI or RFC back from the target application?
Thanks in advance!
Kind regards,
IgorHello!
Is there any possibility (even by using ABAP) to send parameters other than those 10 standard ones (stated in sap-help) in HTTP-GET request of the Content Server HTTP interface?
For example, I would like to send username of the current user who starts the HTTP-GET request. Is it possible? If yes, please show me how. On the other hand, if you are SURE that it is NOT possible, please reply as well, so that I can stop trying.
Are there alternative ideas on how to get the current username, even by calling a BAPI or RFC back from the target application?
Thanks in advance!
Kind regards,
Igor -
Error when trying to store content in the HTTP content server.
I call the FM SDOK_PHIO_STORE_CONTENT to store a document into the pre-configured content server(the server was configured with transaction OAC0 and the connection is tested ok). But the sy-subrc returns 2 (not_allowed). I debugged into this FM and found the specific error is TRANSFER_ERROR in the subroutine STORE_CONTENT.
I have no idea in which situation this error will occur. Anyone can help?
Thank you.Hi Tang,
Though long back, you faced this error.. Any chance you remember the solution for it? Even am facing the same issue. Not able to find a solution for it anywhere. Its getting tough. Your help would be of great helppp...
Many thanks in advance.
Awaiting for your reply, kindly do help me out in this. -
HTTP Content serve - Archive link
Dear Friends,
I know archive link custimization, we need to do the following steps:
1.Define the content repository
2.Confirm that the appropriate document class
3.Assign the document class to a document type
4. Assign the document type to the content repository
Yesterday I was going thru document " document management for utilities 692 building block configuration guide"
http://help.sap.com/bp_utilities603/BBLibrary/Content_Library_UTL_EN_CN.htm
In this Document they created DMS doc. types, status, data carrier, work station application like DMS . Then when defining Content repositories , they doneHi,
By mistake it has posted. I am drafting the message.
Regards -
HTTP Content Server Interface Behaviour
I developed my own http servlet which is a link to the external DMS. This http servlet is receiving requests from SAP to get, create documents etc.. (info, get, create,.. functions encoded in URL query). I carefully log every request coming from SAP. I can not figure out why exactly every 5 minutes SAP sends a request with info function for a document (docId) which does not exist, either in link tables (TOA01,..) nor in DMS itself? How is this info request generated? Why exactly every 5 minutes? There is no job related to Archiving, which has period of 5 min. Any Ideas?
Regards,
SimonI developed my own http servlet which is a link to the external DMS. This http servlet is receiving requests from SAP to get, create documents etc.. (info, get, create,.. functions encoded in URL query). I carefully log every request coming from SAP. I can not figure out why exactly every 5 minutes SAP sends a request with info function for a document (docId) which does not exist, either in link tables (TOA01,..) nor in DMS itself? How is this info request generated? Why exactly every 5 minutes? There is no job related to Archiving, which has period of 5 min. Any Ideas?
Regards,
Simon -
Content server Instalation problem.---HTTP 404- ERROR FORBIDDEN
Hello Guys,
This issue is pertaining to Content server instalation with SAP 6 ECC.
Status till date:
1) content server is installed to windows 2003 server.
2) we are currently working in quality server.I have opted a 80 GB harddisk and installed windows 2003 server and also installed Content server to that.
3) i defined New content repository ZDMS_C1in OAC0
Gave appropriate description,
Doc area : Doc magt system
Storage type: HTTP content server
Version no: 0046
Http server 132.147.167.110( this is 80 gb system Ip address)
port number:1090
Http script: Contentserver/contentserver.dll
Physical path: H:usr\sap\ELD\SYS\Global\ (default selection )
i saved and i get every information of created by and last changed by....
Ok but when i <u><b>test connection</b></u> it says " HTTP 404:ERROR FORBIDEN".
I get another error when i "<u><u><b>SEND CERTIFICATE</b></u></u>"
" ERROR IN HTTP ACCESS IFHTTPCLIENT--RECEIVE 1
ICM-HTTP-CONNECTION-FAILED.
Some problem in IIS server but litraly basis team is unable to solve the status.
How to solve this issue.....Help me out in detail.
Regards,
Murali.SHi Murali,
Follow two NOTES 212394 & 661852
or
Ensure that PSE (Personal Security Environment) is created directly on SAP system after the system is installed, this is one time activity.
To do this you use T Code "STRUST". You can check with your Senior Basis guy for more.
By default the system's PSE is used to sign URLs. from SAP WAS you can also create your own PSE to sign Kpro URLs
Regards
Rehman -
Cannot access sapdb backend from Content Server?
I am unable to access my sapdb from my Content Server via CSADMIN or with the /ContentServer.dll?serverInfo page.
I run a Content Server on Unix - version 640, build 16. Here's what I've verified thus far:
- SAPDB is up and running.
- x_server process is running
- apache is running (httpd processes)
- Standalone gateway on same server is running.
In the apache error logs I find the following message:
ErrorDescription: Cannot start Document request, reason: SQLConnect
failed, [MySQL MaxDB][LIBSQLOD SO][MaxDB] Invalid authorization specification;-4008 POS
(1) Unknown user name/password combination, Error
Code: -4008\r\nX-ServerId: server="nwkwcs";serverPort="1090"\r\nX-
ServerType: SAP HTTP Content Server\r\n
I had not changed my SAPR3 user or password in the database, so I am confused why this started happening all of a sudden?
In an attempt to fix, I reset SAPR3 to custom password and ran report
RSCMSPWS to store the new password in the cs.conf file. However, the
same error is still a result.
So, I deleted and recreated SAPR3 based upon SUPERDBA profile with default "SAP" password.
Then, I commented out DBNAME and PASSWORD in cs.conf file. So, it should be using the default SAPR3/SAP login to the database.
However, this did not help either.
I looked at note 706664, however I cannot even get the repositories to a defined status. I cannot connect via CSADMIN?
Here's an excerpt from the http://server:port/ContentServer/ContentServer.dll?serverInfo page for
further analysis:
serverType="SAP HTTP Content Server";serverVendorId="SAPAG";
serverVersion="640"; serverPatch="0";serverBuild="16";
pVersion="0046";serverStatus="running";serverDate="2008-07-
10";serverTime="13:58:28";startUpDate="2008-07-10";
startUpTime="13:58:20";lastAccessDate="2008-07-
10";lastAccessTime="13:58:20";
contRep="Z_EKM_IWBHELP";contRepStatus="offline";contRepStatusDescription="SQLConnect failed, [MySQL MaxDB][LIBSQLOD SO]
[MaxDB] Invalidauthorization specification;-4008 POS(1) Unknown user name/passwordcombination, Error Code: -
4008";storageVersion="17";storage="SAPDB";buildLevel="1";contentStorageName="SDB";contentStorageHost="localhost"; security="1";contRepDescription="Content Repository for IWBHELP";
I am unsure why the Content Server will not connect to the database?
Points to all helpful answers!
Thanks,
JeffHi,
How did you resolve this problem ?
Thanks,
Hemant
Maybe you are looking for
-
How to submit the parent window from child window
Hi, I am looking out for a solution. I have a main JSP page and on clicking a button in the page a pop up window will be displayed, which is too a JSP page. Finally i should submit both Popup window JSP page and the parent window JSP page, when click
-
can some one guide me how to start creating a custom made toolbar in WAD which will show graphical charts for the Tabular data being displayed on the web template
-
Share favorite places or googleearth placemarks wi...
Hi, I have a E55 and think ovi maps is really very good for navigating around. However I have one "problem": In maps there are favorites which help to define places you can navigate to. However I also have placemarks in google earth and would like to
-
I I didn't purchased the item and it still charged me the money can you oay me back?
I went in the app that I wanted to buy stuff in, and then, I cliqued on what I wanted to buy, it worked, but later during the night, when i got the fature of what 8 bought, it said I had bought 2. And I didn't want to of them. I wanted to. Uh songs f
-
Screen Shots - Help please???
I learned how to do screen shots in PSE quite some time ago and have totally forgotten how to do it. I am typing up instructions for a class I'm teaching and need to insert pictures of how the screen looks at different stages of the process. I know t