Http wrong client redirect

Similar Messages

• How to make call to Sender Soap Adapter using HTTPS with Client Aut

  Hello everyone, I have spent some time trying to get this to work. We downloaded a trail certificate from SAP and installed it on our machine and I created a webservice that works great. I tested the HTTPS without client authentification and it works great, as soon as I change it to use with Client Authentification I can't get it to go through. I am using Soap Sonar to test the certificates. To get the certificate I called the url with firefox then saved the certificate in my trust store, from there I import it to soap sonar as a signed certificate, but I am getting the error  <Exception>Object contains only the public half of a key pair. A private key must also be provided.</Exception>  I assume I am doing something way wrong, is there a way to get the certificate with both public and private key pair, or a way to test this that I can't seem to find in documentation or blogs?
  I def award points
  Cheers
  Devlin

  Hi
  I think This link is useful to u
  http://www.sapag.co.in/SAP-XI-SOAP-Adapter-FAQ'S.html
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/40611dd6-e66e-2910-f383-e80fb44f9cd4
  Thanks
  Santosh

• HTTPS Without client authentication shows error of Certificate

  Hi Experts,
  I am trying to develop a SOAP to RFC scenario where in SOAP sender HTTP security level - HTTPS Without Client Authentication is selected.
  I have downloaded WSDL from Sender agreement and trying to test web service from SOAPUI.  Now as per my understanding simply placing request to HTTPS:<host>:<port>:XISOAPAdapter/....   with correct user should work and this scenario shouldn't need any certificates.
  However in SOAPUI and even in RWB SOAP Sender, I am receiving error that - Client Certificate required.
  Any comments on why would it be happening ?    In fact whatever option in HTTP Security level I select, error remains same. In NWA is there any other configuration to be done to make this work ?
  Is below understanding right ?
  -- >> HTTPS Without client authentication will not need certificate exchange and simply user authentication will do
  Thanks..
  regards,
  Omkar.

  Hello Omkar,
  What you are trying to do is Consume a SOAP->RFC scenario (synchronous) from SOAP UI and you want that to be secure. With this requirement, just having the certificates alone is not sufficient (sorry for late response..i just came across this post when i was searching something else )
  1)How did you generate the certificate and the private key? Because Key Generation plays a Big Part in it. The Key should have been signed by a CA. Though its not signed by a CA, a trick which would work is, at the time of Key generation, provide the Organization Name as SAP Trust Community and Country as DE.
  2) At the time of Key Generation definitely it shall ask for a password. You remember that.
  3) Export the Private Key as PCKS12 format and the certificate as Base64 format and have it in your local system, (shall be used later in SOAP UI and NWA)
  Here follows the major part
  4) Open NWA and go to Configuration Management->Authentication
  5) Go to Properties Taband click Modify
  6)  Under Logon Application select the check box "Enable Showing Certificate Logon URL Link on Logon Page" and save it.
  7) Now go to the Components Tab.
  8) Search for client_cert Policy Configuration name and Edit it it. Make sure the following Login Modules are maintained in the same Order
  ==> Name: com.sap.engine.services.security.server.jaas.ClientCertLoginModule
         Flag : Sufficient
  ==> Name: BasicPasswordLoginModule
         Flag: Optional
  9) Now Select the name com.sap.engine.services.security.server.jaas.ClientCertLoginModule and you can see lots of entries under the Login Module Options. Remove them all and add anew entry (case sensitive). Save it.
  ==>Name: Rule1.getUserFrom
         value : wholeCert
  10) Now search for the Policy Configuration name sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter
  and edit it.
  11) Under the Authentication stack select the template client_cert against the used template label. and save it
  12)If you are using AXIS Adapter, do the steps 11 for the Policy Configuration name sap.com/com.sap.aii.axis.app*XIAxisAdapter.
  13) Now in NWA navigate to Operation management->Identity Management
  14) Search for the user PIISUSER (or any user id which you thing has good amount of authorizations to access the service)
  15)Click Modify and go to the TAB Certificates and upload the certificate (not the private key) which you downloaded in step 3.
  16) With this setup what you have done is you have created proper certificate, enabled certificate based logon for SOAP and AXIS adapter and associated the certificate with a user id.
  17) usually in Dual stack PI, we will have the same certificate added to the server pse in strustsso2 tcode. But since its single stack, just make sure in the cert and keys you add this certificate to teh Trusted CAs and also to the Server Keystore.
  18) Now in SOAP UI Right Click on the Project Name->Select Show Project View->Under the WS Security Configurations->Go to Keystore and certificates and add the Private Key
  19) In SOAP UI under the operation name, in the Request, in stead of providing user credentials, choose the private key name against the SSL Keystore entry.
  20) Before you execute the scenario  make sure you have chosen the HTTPS url and https port is proper. Usually its 443, but some customers configure their own port.
  Scenario should work now. Else if you track it using XPI Inspector, you can find out easily at which step it has gone wrong.
  Good Luck!!
  Best Regards,
  Sundar

• Trip form - Warning PageBuilder will run with wrong client window ID"

  Dear All,
  I am getting following warning message before opening Trop form.
  "error starting iView webdynpro PageBuilder will run with wrong client window ID"
  If we click on OK button, the pdf form ets opened correctly.
  How to remove this warning ?
  Thanks,
  Vinod

  We ran into the exact problem when opening a PCR form from the "Status Overview" iView in MSS.
  The solution is here: [Note 1171930 - Application will run with a wrong client window ID alert|https://service.sap.com/sap/support/notes/1171930]
  This applies if you have one of the following versions and an iView is launched in a new window:
  - NW04s SP15
  - EhP1
  Best regards,
  Jill

• Non-Deterministic Exception When Connecting With Wrong Client Certificate

  I am working on an internal application and need to determine the correct client-side SSL certificate to use when connecting to a server (the user can supply multiple client-side certificates). I had expected that if I connected to a server using the wrong client certificate the java client would throw a SSLHandshakeException and I could then try the next certificate. This seems to work some of the time, however the java client will sometimes throw a “SocketException: Software caused connection abort: recv failed”, in which case it is not possible to know that the wrong certificate caused the problem.
  Below is the code I have been using to test as well as the intermittent SocketException stack trace. Does anyone have an idea as to how to fix this problem? Thanks in advance.
  Note: the TrustAllX509TrustManager is a trust manager that trusts all servers.
  protected void connectSsl() throws Exception {
        final String host = "x.x.x.x";
        final int portNumber = 443;
        final int socketTimeout = 10*1000;
        // Note: Wrong certificate (expect SSLHandshakeException).
        final String certFilename = "C:\\xxx\\clientSSL.P12";
        final String certPassword = "certPassword";
        final BufferedInputStream bis = new BufferedInputStream(new FileInputStream(new File(certFilename)));
        final char[] certificatePasswordArray = certPassword.toCharArray();
        final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        final KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(bis, certificatePasswordArray);
        keyManagerFactory.init(keyStore, certificatePasswordArray);
        final KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        final SSLContext context = SSLContext.getInstance("SSL");
        context.init(keyManagers, new TrustManager[]{new TrustAllX509TrustManager()}, new SecureRandom());
        final SocketFactory secureFactory = context.getSocketFactory();
        final Socket socket = secureFactory.createSocket();
        final InetAddress ip = InetAddress.getByName(host);
        socket.connect(new InetSocketAddress(ip, portNumber), socketTimeout);
        socket.setSoTimeout(socketTimeout);
        // Write the request.
        final OutputStream out = new BufferedOutputStream(socket.getOutputStream());
        out.write("GET / HTTP/1.1\r\n".getBytes());
        out.write("\r\n".getBytes());
        out.flush();
        InputStream inputStream = socket.getInputStream();
        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
        byte[] byteArray = new byte[1024];
        int bytesRead = 0;
        while ((bytesRead = inputStream.read(byteArray)) != -1) {
           outputStream.write(byteArray, 0, bytesRead);
        socket.close();
        System.out.println("Response:\r\n" + outputStream.toString("UTF-8"));
     }Unexpected SocketException:
  main: java.net.SocketException: Software caused connection abort: recv failed
       at java.net.SocketInputStream.socketRead0(Native Method)
       at java.net.SocketInputStream.read(SocketInputStream.java:129)
       at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
       at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1435)
       at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
       at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:612)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:808)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:734)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:197)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

  Thanks for the quick response. Here are answers to the questions:
  1) No, this issue is not associated with one particular certificate. I have tried several certificates and see the same issue.
  2) I agree it would be simpler to only send the required certificate, but unfortunately the project requires that the user be able to specify multiple certificates and, if a client-side certificate is required, the application try each one in turn until the correct certificate is found.
  3) Yes, I realize the TrustAllX509TrustManager is insecure, but I am using this for testing purposes while trying to diagnose the client certificate problem.
  In terms of testing, I am just wrapping the above code in a try/catch block and executing it in a loop. It is quite odd that the same exact code will sometimes generate a SSLHandshakeException and other times a SocketException.
  One additional piece of information: if I force the client code to use "SSLv3" using the Socket.setEnabledProtocols(...) method, the problem goes away (I consistently get a SSLHandshakeException). However, I don't think this solves my problem as forcing the application to use SSLv3 would mean it could not handle TLS connections.
  The code to specify the SSLv3 protocol is:
  SSLSocket sslSocket = (SSLSocket) socket;
  sslSocket.setEnabledProtocols(new String[] {"SSLv3"});
  One other strange issue: if instead of specifying the SSLv3 protocol using setEnabledProtocols(...) I instead specify the protocol when creating the SSLContext, the SocketException problem comes back. So if I replace:
  final SSLContext context = SSLContext.getInstance("SSL");
  with:
  final SSLContext context = SSLContext.getInstance("SSLv3");
  and remove the "sslSocket.setEnabledProtocols(new String[] {"SSLv3"})" line, I see the intermittent SocketException problem.
  All very weird. Any thoughts?

• Javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header error while invoking FinancialUtilService using HTTP proxy client

  I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
  javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
  Process exited with exit code 0.
  Message was edited by: Oliver Steinmeier
  Removed attachment

  Hi Jani,
  Thanks for your reply.
  I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command. 
       keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
  Invoking
      SecurityPolicyFeature[] securityFeature =
      new SecurityPolicyFeature[] { new
      SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
      financialUtilService_Service = new FinancialUtilService_Service();
      FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
      // Get the request context to set the outgoing addressing properties
      WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
      WSEndpointReference replyTo =
        new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
      String uuid = "uuid:" + UUID.randomUUID();
      wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
      wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
      wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY,  "Welcome1");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
  SEVERE: WSM-00057 The certificate, client, is not retrieved.
  SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
  SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
  SEVERE: WSM-00005 Error in sending the request.
  SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
  SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
  SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
  oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
    at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
    at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
    at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
    at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
    at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
    at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
    ... 30 more
  Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
    at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
    at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
    ... 32 more
  SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
  File upload failed
  javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    ... 19 more

• HTTPs without client authentication, error while posting through Altova

  Hi Experts
  I am doing a SOAP- XI-Proxy synchronous scenario where i have to use HTTPs without client authentication for the first time in my system.
  I have made the scenario and WSDL out of it.
  When i am trying to test it through Altova, i am getting the following error:
  <?xml version="1.0"?>
  <!-- see the documentation -->
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
      <SOAP:Body>
          <SOAP:Fault>
              <faultcode>SOAP:Server</faultcode>
              <faultstring>Server Error</faultstring>
              <detail>
                  <s:SystemError xmlns:s="http://sap.com/xi/WebService/xi2.0">
                      <context>XIAdapter</context>
                      <code>ADAPTER.JAVA_EXCEPTION</code>
                      <text><![CDATA[
  java.security.AccessControlException: https scheme required
      at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:918)
      at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl0_3.process(ModuleLocalLocalObjectImpl0_3.java:103)
      at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:296)
      at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0_0.process(ModuleProcessorLocalLocalObjectImpl0_0.java:103)
      at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:187)
      at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:496)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
      at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
      at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
      at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
      at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
      at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
      at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
            ]]></text>
                  </s:SystemError>
              </detail>
          </SOAP:Fault>
      </SOAP:Body>
  </SOAP:Envelope>
  i saw a few discussion on web but nowhere the solution was provided.
  the url is
  http://abc.sap.point:1234/XISOAPAdapter/MessageServlet?channel=:system:communicationchannel&amp;version=3.0&amp;Sender.Service=x&amp;Interface=x%5Ex
  i changed it to https also but in that case it was not even posting the request.
  i have set the sender adapter like this
  is there any setting that i am missing.
  What is the setting the i need to do in SM59.
  Please help me getting through this.
  Your help is highly appreciated. Thanks in advance.
  Neha

  HI Neha,
  1. Enable the https service in the ICM: you can follow the way to do it like is pointed out in the page 4 of this document (PI 7.1 and PI 7.0 has the same smicm abap transaction) http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66?overridelayout=t…
  2. Generate the certificate. Use the STRUST transaction. Chech this document SSL Configuration in SAP ABAP AS and JAVA AS – Step-by-step procedure
  Hope this helps.
  Regards.

• Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

  Hello All,
  We are currently building up a HTTPS message exchange with an external client.
  Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
  The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
  Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
  Now we have to configure the addtional Client Authentication.
  At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
  But what are the next steps to get this scenario successfully in place?
  Many thanks in advance!
  Jochen

  Hi Colleagues,
  following Steps still have to be done:
  - Mapping public key to technical user at Java Stack
    As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
  - Be sure CA root certivicate at Database under STRUSTSSO2
  - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
  - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
  Many thanks to all for support!
  Regards,
  Jochen

• HTTPS with Client Authentication not available in EHP1?

  Hi Guys,
  I am not seeing this option in PI 7.1 EHP1.
  At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
  any help would be appreciated
  Thanks,
  Srini

  Hi Srinivas,
  I didnot use it personally. But when I see on SAP help I dont see that option anywhere. Please see this sap help:
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/3555240bea31c3e10000000a42189d/content.htm
  But you have an option sender agreeement for security. Please see this help:
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/ceb8cf18d3424be10000000a421937/content.htm
  Since we have the option to skip the adapter engine they have enabled this option in http adapter. So you can directly hit to integration engine skipping the adapter framework, which will help in improving the performance. Please see this help on this:
  http://help.sap.com/saphelp_nwpi711/helpdata/en/43/64db4daf9f30b4e10000000a11466f/frameset.htm
  Regards,
  ---Satish

• HTTPS with Client Authentication in SOAP sender Adapter

  Hi All,
  In SOAP Sender communication channel. When I generate WSDL with “HTTP Security Level = HTTP:” it works when third party tries to send data to XIwebservice.
  But when I tried with “HTTPS with Client Authentication” option its giving error
  “InfoPath either cannot connect to the data source, the service has timed out, or the server has an invalid certificate.”
  Please guide how to use “HTTPS with Client Authentication” option, and what all configuration need to apply in XI & in third party to use this.
  Regards

  Rohan,
  With spy you can trace the entire route, since you are using client authentication using certificate, it would be a better option to verify with the certificate.
  You also have the option of using a username/pwd combo though that is not advocated as it lowers security levels and is permeable to passive sniffing.
  So the answer to your question is yes, after importing the certificate with sender and third party reciever a test would reveal the complete scenario along with any issues that you could encounter..
  Regards
  Ravi Raman

• Https with client authentication handshake_failure

  Hi everyone. I hope anyone could help me. I have a client class 1 certificate from verisign (digital id) which is needed for https service request. I have installed it on Internet Explorer and it works fine:
  1) Internet Explorer ask me to trust in https server certificate.
  2) I accept the server certificate
  3) Internet Explorer ask me for select which client certificate send to server.
  4) I select my verisign client certificate
  5) Https server returns an xml with the response of the service.
  Now I have to implement this behaviour in Java. I have exported the client certificate to a .pfx file from Internet Explorer. Now I use this file directly as my key store. Then I used Internet Explorer to export server certificate as a .cer file and imported it into cacerts. The fact is that no matters what kind of transformation on the client certificate nor what validations i disable: I always get "Received fatal alert: handshake_failure" exception when trying to do in.readLine() (where in comes from BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));).
  I couldn't guess that connecting to a https server with client certificate was so difficult. I have read lots of examples and documentation, that always drive me to implement the same code.
  Sincerely, I don't use to ask in forums when having the first problems, but this time I'm really frustrated.
  Thanks in advance for any answer.

  Hi Rana da,
  If you want to use Https, make sure Https service must be activated in the system. Check Tcode: SMICM for HTTPS status.
  Have a look at below link
  Sender SOAP Adapter: HTTPS with Client Authentication

• HTTPS With Client Authentication

  Hi,
  I've created a simple Web Service in PI 7.11 SP 4 when trying to connect to the Web Service from Soap UI I get the following error:
  java.security.AccessControlException: client certificate required
  In the the transaction scim the following can be seen:
  [Thr 5061] <<- SapSSLSessionInit()==SAP_O_K
  [Thr 5061]      in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)"
  [Thr 5061]     out: sssl_hdl = 1117534b0
  [Thr 5061] <<- SapSSLSetSessionCredHdl(sssl_hdl=1117534b0)==SAP_O_K
  [Thr 5061]      in: sssl_hdl = 1117534b0
  [Thr 5061]      in: cred_hdl = 116cfc110
  [Thr 5061] NiIBlockMode: set blockmode for hdl 271 TRUE
  [Thr 5061]   SSL NI-sock: local=XX.XX.XX.XX:50001  peer=XX.XX.XX.XX:2310
  [Thr 5061] <<- SapSSLSetNiHdl(sssl_hdl=1117534b0, ni_hdl=271)==SAP_O_K
  [Thr 5061] <<- SapSSLSessionStart(sssl_hdl=1117534b0)==SAP_O_K
  [Thr 5061]          status = "resumed SSL session, NO client cert"
  The fault is not at the Soap UI end as I've fired the request at a Tomcat server and confirmed that a certificate is sent when requested.
  Sender Communication Channel, 
  Transport Protocol: HTTP,
  Message Protocol: Soap 1.1,
  Adapter Engine: Central Adepter Engine,
  HTTPS with Client Authentication,
  Keep Headers
  Any ideas?
  Kind regards,
  John

  Hi Peter,
  If memory serves we did not find a solution to this problem. I think, and a quick check of the configuration suggests I'm right, that we're handling the HTTPS connection on an IIS box and passing it through to a non encrypted HTTP sender on PI.
  It may be that Soap UI is not configured correctly, however when I was getting the 'client certificate required', as mentioned in the original post, I'd confirmed that soap UI was correctly configured by connecting to an alternative Web Service. I also used Wireshark to see whether or not a certificate was being requested, or sent. It's invaluable if you're using Soap UI.
  All the best,
  John

• HTTPS with client auth

  Hello , I am working on a scenario to implement Client Authentication with HTTPS , i got to a blog where its mentioed of steps of implementing HTTPS with Client auth on XI system , in order to test it i would also require a webservice client that works for this purpose. i got to SAP Soap client , but whatz the way to generate the certificate request so that i can send it to CA and get it signed any ideas pl?

  Hi together,
  i have the same problem? is anybody out there who could give us some hints?
  many thanks
  alex schramm

• Error - Application will run with a wrong client window ID!

  Anyone here knows how to resolve this error:
  An error occurred while starting the iView.
  Application /webdynpro/dispatcher/ ... ... ... will run with a wrong client window ID!
  Do not continue; please report this problem to your administrator.
  The user encountered this pop-up message after she upgraded her browser to IE8. However, she's the only one having this error. Others who have switched to IE8 didn't encounter this error.
  SAP Note 1171930 -- is not applicable to us.
  Your prompt response is appreciated.

  I guess you need not use the library. The note says its a problem with library.
  It applies to you if you use custom framework page other than standard framework page.
  SAP can give you better response on why only one user gets it. In my scenario, we are able to consistently reproduce this.
  And I guess most of the bugs will have similar statements attached 'it occurs only for one user'. 

• SOAP Adapter - HTTPS w/ client authentication -SSL termination @ dispatcher

  Hi,
  We have a SOAP client sending SOAP message over SSL to PI. We are using client cert for authentication, but terminating SSL at web dispatcher. In this scenario, i) do we need to configure security for XISOAPADAPTER in Visual admin on PI and ii) do we need to set HTTPS with client authentication security option in SOAp Sender communication channel?
  My understanding is that since we are terminatinating SSL at web dispatcher (Server authentication happens between third-party gateway and our gateway and when web dispatcher terminates SSL, client cert for auth is passed via httpheader to PI where it is mapped to UME user with sufficient authorizations) we don't need to set the XISOAPADAPTER security (if it is end-to-end ssl we would i guess set up in V. Admin>Security provider service>clientcertloginmodule for XISOAPADAPTER) and we don't need to set the sender channel as https with client authentication ( it should just be http in SOAP sender channel).
  Is my understanding correct? I will really appreciate any clues?
  Thanks,
  Saurabh

  Hi saurabh
  follow these links to SAP note
  these will be helpful for you
  Note 856597 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 SOAP Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856597&_NLANG=E
  Note 856599 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 Mail Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856599&_NLANG=E
  Note 870845 - XI 3.0 SOAP adapter SSL client certificate problem
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=916664&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=870845&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  regards
  Sandeep
  If helpful kindly reward points