HTTPs without client authentication, error while posting through Altova

Similar Messages

• HTTPS Without client authentication shows error of Certificate

  Hi Experts,
  I am trying to develop a SOAP to RFC scenario where in SOAP sender HTTP security level - HTTPS Without Client Authentication is selected.
  I have downloaded WSDL from Sender agreement and trying to test web service from SOAPUI.  Now as per my understanding simply placing request to HTTPS:<host>:<port>:XISOAPAdapter/....   with correct user should work and this scenario shouldn't need any certificates.
  However in SOAPUI and even in RWB SOAP Sender, I am receiving error that - Client Certificate required.
  Any comments on why would it be happening ?    In fact whatever option in HTTP Security level I select, error remains same. In NWA is there any other configuration to be done to make this work ?
  Is below understanding right ?
  -- >> HTTPS Without client authentication will not need certificate exchange and simply user authentication will do
  Thanks..
  regards,
  Omkar.

  Hello Omkar,
  What you are trying to do is Consume a SOAP->RFC scenario (synchronous) from SOAP UI and you want that to be secure. With this requirement, just having the certificates alone is not sufficient (sorry for late response..i just came across this post when i was searching something else )
  1)How did you generate the certificate and the private key? Because Key Generation plays a Big Part in it. The Key should have been signed by a CA. Though its not signed by a CA, a trick which would work is, at the time of Key generation, provide the Organization Name as SAP Trust Community and Country as DE.
  2) At the time of Key Generation definitely it shall ask for a password. You remember that.
  3) Export the Private Key as PCKS12 format and the certificate as Base64 format and have it in your local system, (shall be used later in SOAP UI and NWA)
  Here follows the major part
  4) Open NWA and go to Configuration Management->Authentication
  5) Go to Properties Taband click Modify
  6)  Under Logon Application select the check box "Enable Showing Certificate Logon URL Link on Logon Page" and save it.
  7) Now go to the Components Tab.
  8) Search for client_cert Policy Configuration name and Edit it it. Make sure the following Login Modules are maintained in the same Order
  ==> Name: com.sap.engine.services.security.server.jaas.ClientCertLoginModule
         Flag : Sufficient
  ==> Name: BasicPasswordLoginModule
         Flag: Optional
  9) Now Select the name com.sap.engine.services.security.server.jaas.ClientCertLoginModule and you can see lots of entries under the Login Module Options. Remove them all and add anew entry (case sensitive). Save it.
  ==>Name: Rule1.getUserFrom
         value : wholeCert
  10) Now search for the Policy Configuration name sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter
  and edit it.
  11) Under the Authentication stack select the template client_cert against the used template label. and save it
  12)If you are using AXIS Adapter, do the steps 11 for the Policy Configuration name sap.com/com.sap.aii.axis.app*XIAxisAdapter.
  13) Now in NWA navigate to Operation management->Identity Management
  14) Search for the user PIISUSER (or any user id which you thing has good amount of authorizations to access the service)
  15)Click Modify and go to the TAB Certificates and upload the certificate (not the private key) which you downloaded in step 3.
  16) With this setup what you have done is you have created proper certificate, enabled certificate based logon for SOAP and AXIS adapter and associated the certificate with a user id.
  17) usually in Dual stack PI, we will have the same certificate added to the server pse in strustsso2 tcode. But since its single stack, just make sure in the cert and keys you add this certificate to teh Trusted CAs and also to the Server Keystore.
  18) Now in SOAP UI Right Click on the Project Name->Select Show Project View->Under the WS Security Configurations->Go to Keystore and certificates and add the Private Key
  19) In SOAP UI under the operation name, in the Request, in stead of providing user credentials, choose the private key name against the SSL Keystore entry.
  20) Before you execute the scenario  make sure you have chosen the HTTPS url and https port is proper. Usually its 443, but some customers configure their own port.
  Scenario should work now. Else if you track it using XPI Inspector, you can find out easily at which step it has gone wrong.
  Good Luck!!
  Best Regards,
  Sundar

• Client Authentication error while invoking portal web service.

  Hi All,
  I have created a java portal web service from portal service using NWDS, I am getting client authentication error while invoking the service.
  Please tell me where to enter client authenticity details.
  regards
  Santosh

  hi,
    check whether you have the UME permissions for accessing this webservice.
  Rdgs,
  Guru

• HTTPS without client authentication

  Hi Friends,
  In SOAP adapter, we have three options for HTTP
  HTTP without SSL
  HTTP with SSL (= HTTPS) without client authentication
  HTTP with SSL (= HTTPS) with client authentication
  Please let me know if I use  "HTTP with SSL (= HTTPS) without client authentication" ,  is it Transport Layer Sceurity of Message level Security?
  Please answer only if you are confident. No guess please!!!
  Thanks,
  Sandeep Maurya

  Hi,
  Please let me know if I use  "HTTP with SSL (= HTTPS) without client authentication" ,  is it Transport Layer Sceurity or Message level Security?
  HTTPS is used to encrypt the traffic between the client and the Web server. SSL encrypt the segments of network connections at the Transport Layer end-to-end.
  Don't get confused with the Client Authentication (with / without), as SSL is already being used in both the forms and the network is secured.
  Regards,
  Neetesh

• Error while posting through tcode tbb1

  Hi All,
  While trying to post through TBB1, I'm getting the following error message:
  " S.E.201 Profit Center 001"
  While debugging I noticed that the FM 'TB_DEAL_FIX_POST' is returning an error in its error flag.
  Wating for your replies.
  Regards,
  Arnab

  hi,
  please check this link ,it will help you
  http://72.14.235.132/search?q=cache:V0BoGC09gZAJ:help.sap.com/bp_hightechv1600/HighTech_DE/Documentation/H83_BPP_EN_DE.docerrorSerialnumberislockedbyUserwhilepostingthrough+MIGO%2Bsap&hl=en&ct=clnk&cd=10&gl=in
  Thanks and regards
  Durga.K

• Getting Error while posting through KB11N : No true sender object entered

  HI Expert,
  We have stastical internal order defined and same we are using in Asset. Let me explain the scenarion.
  We created the Purchase requisition with the stastical Internal Order then we did Purchase Order and MIGO -Goods Receipt.
  Now we realised that wrong Internal Order  was used. Now we want to tranasfer cost from that Internal order to New Internal Order. we are trying to post through KB11N but while giving the all details i am getting error as per below;
  No true sender object entered
  Message no. BK175
  Diagnosis
  You have entered a statistical object as a sender. Statistical objects, however, are only intended for use with dual account assignments.
  Procedure
  1. If you require a dual account assignment, enter a true object as a sender also.
  We are using cost element with having cost element category 90.
  I don't no which is the true sender Object.
  Thanks in advance
  ealry help will be highly appreciated.

  Your postings had happened to a statistical internal order.  I hope the real postings might have happened to a cost centre.
  You cannot settle anything from a statistical internal order.  It is just for information purpose only.  If the above posting had captured a cost centre (real posting), you can distribute/assess the cost from the cost centre to a real internal order for your purpose.

• Getting Error while posting through BAPI_ACC_DOCUMENT_POST

  Hi Folks,
     I could not post an GL account using the BAPI function module BAPI_ACC_DOCUMENT_POST . The code was,
  wa_docheader-bus_act    =  'RFBU'.
  wa_docheader-username   =  'CHARAN'.
  wa_docheader-comp_code  =  '0147'.
  wa_docheader-doc_date   =  '20101006'.
  wa_docheader-pstng_date =  '20101006'.
  wa_docheader-DOC_TYPE   =      'SA'.
  *wa_docheader-REF_DOC_NO =     'UNASSIGNED'.
  wa_glaccnt-itemno_acc  = '0010'.
  wa_glaccnt-gl_account  = '0000100632'.
  wa_glaccnt-item_text   = 'POSTING TO GL'.
  APPEND wa_glaccnt TO i_glaccnt.
  wa_glaccnt-itemno_acc  = '0020'.
  wa_glaccnt-gl_account  = '0000100634'.
  wa_glaccnt-item_text   = 'POSTING TO GL'.
  APPEND wa_glaccnt TO i_glaccnt.
  *wa_pyaccnt-itemno_acc  = '0000100634'.
  *wa_pyaccnt-gl_account  = '0001234567'.
  *APPEND wa_pyaccnt TO i_pyaccnt.
  wa_curamt-itemno_acc    =      '0010'.
  wa_curamt-currency      =        'USD'.
  wa_curamt-curr_type     = '00'.
  wa_curamt-amt_doccur    =  200 .
  APPEND wa_curamt TO i_curamt.
  wa_curamt-itemno_acc    =      '0020'.
  wa_curamt-currency      =        'USD'.
  wa_curamt-curr_type     = '00'.
  wa_curamt-amt_doccur    =     200.
  APPEND wa_curamt TO i_curamt.
  CALL FUNCTION 'BAPI_ACC_DOCUMENT_POST'
    EXPORTING
      documentheader          =  wa_docheader
    CUSTOMERCPD             =
    CONTRACTHEADER          =
  IMPORTING
    OBJ_TYPE                =
    OBJ_KEY                 =
    OBJ_SYS                 =
    TABLES
      accountgl               = i_glaccnt
    ACCOUNTRECEIVABLE       =
      accountpayable          = i_pyaccnt
    ACCOUNTTAX              =
      currencyamount          = i_curamt
    CRITERIA                =
    VALUEFIELD              =
    EXTENSION1              =
      return                  = i_ret
    PAYMENTCARD             =
    CONTRACTITEM            =
      extension2              = i_ext2
    REALESTATE              =
    ACCOUNTWT               =
  The Output error i'm getting is :
  Error in document : BKPFF $ BH2CLNT200 400.00 USD
  Balance in transaction currency.
  Please help me in posting the Gl document successfully. Help will be rewarded.
  Thanks in advance.

  Total amount of internal table I_CURAMT-AMT_DOCCURR should be zero (Credit & Debit).
  Edit : See [Accounting Document Interface |http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=195726664] for reference.
  Edited by: Vinod Kumar on Oct 8, 2010 1:04 PM

• Authentication error while creating directory server through dscc

  Hi
  I am getting authentication error while creating a DS from dscc on windows box on a linux RHEL4 server.However I do not get an authentication issue when creating a ds on solaris box from same dscc.
  Can someone guide me what might be the issue?
  Thanks
  Aarti

  Hi,
  Please check there is no firewall issue between your windows client to Linux directory server. You may be able to login via dscc but when you create DS instance, your dscc agent port might be an issue not able to talk to Directory server because of firewall.

• HTTPS With Client Authentication

  Hi,
  I've created a simple Web Service in PI 7.11 SP 4 when trying to connect to the Web Service from Soap UI I get the following error:
  java.security.AccessControlException: client certificate required
  In the the transaction scim the following can be seen:
  [Thr 5061] <<- SapSSLSessionInit()==SAP_O_K
  [Thr 5061]      in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)"
  [Thr 5061]     out: sssl_hdl = 1117534b0
  [Thr 5061] <<- SapSSLSetSessionCredHdl(sssl_hdl=1117534b0)==SAP_O_K
  [Thr 5061]      in: sssl_hdl = 1117534b0
  [Thr 5061]      in: cred_hdl = 116cfc110
  [Thr 5061] NiIBlockMode: set blockmode for hdl 271 TRUE
  [Thr 5061]   SSL NI-sock: local=XX.XX.XX.XX:50001  peer=XX.XX.XX.XX:2310
  [Thr 5061] <<- SapSSLSetNiHdl(sssl_hdl=1117534b0, ni_hdl=271)==SAP_O_K
  [Thr 5061] <<- SapSSLSessionStart(sssl_hdl=1117534b0)==SAP_O_K
  [Thr 5061]          status = "resumed SSL session, NO client cert"
  The fault is not at the Soap UI end as I've fired the request at a Tomcat server and confirmed that a certificate is sent when requested.
  Sender Communication Channel, 
  Transport Protocol: HTTP,
  Message Protocol: Soap 1.1,
  Adapter Engine: Central Adepter Engine,
  HTTPS with Client Authentication,
  Keep Headers
  Any ideas?
  Kind regards,
  John

  Hi Peter,
  If memory serves we did not find a solution to this problem. I think, and a quick check of the configuration suggests I'm right, that we're handling the HTTPS connection on an IIS box and passing it through to a non encrypted HTTP sender on PI.
  It may be that Soap UI is not configured correctly, however when I was getting the 'client certificate required', as mentioned in the original post, I'd confirmed that soap UI was correctly configured by connecting to an alternative Web Service. I also used Wireshark to see whether or not a certificate was being requested, or sent. It's invaluable if you're using Soap UI.
  All the best,
  John

• Error while posting FPSEC1

  Hi everyone,
  Please guide me how to correct the following error:
  While posting SD Request through transaction code: FPSEC1, we are facing an error message, 'document is transferred without Main and Sub transaction'.
  Please guide.
  Thanks and Regards

  Hi Prudhvi,
  Please check whether the main and sub transactions for which you have defined the account assignments are assigned correctly with the internal main and sub transaction.
  And for the error 2, please maintain the reconciliation group id for your user id in the IMG path>Financial Accounting>Contract Accounts Receivable and Payable>Basic Functions>Postings and Documents>Document>Define Default Values>Maintain Rules for Reconciliation Key Default Values>Maintain Reconciliation Groups for Default Values.
  You should define the reconciliation key group for the user id because posting the security deposit requires a reconciliation key to post the statistical security deposit request in FICA. The reconciliation key is generated automatically using the reconciliation key group assigned for the user id. You will not be able to edit the reconciliation key from FPSEC1.
  Thanks,
  Sakthi.

• Error while scheduling through web service

  We have created Web service through WSDL of OBI Publisher. Also we created a web service proxy client to call the services offered by OBI Publisher. We actually want to  "Automate the Scheduling of Reports" according to our requirement:
  1. We used to schedule the reports manually by giving the parameters(used to populate data in reports) and other fields like select report name, report destination, format of reports ( .pdf, .docx,etc) through Oracle BI Publisher.
  2. As there are thousands of permutations of report input parameters possible, so it is difficult to schedule them manually. 
  3.We also want to schedule report to a particular folder according to some parameter, for the ease of the user visibility.
  Above requirements are not currently available with Oracle BI Publisher.
  We are getting error while scheduling through ScheduleRequest class.
  The client.java is as follows:
  public class ScheduleServiceClient
    @WebServiceRef
    private static ScheduleService_Service scheduleService_Service;
    public static void main(String [] args)
      scheduleService_Service = new ScheduleService_Service();
      ScheduleService scheduleService = scheduleService_Service.getScheduleService();
      // Add your code to call the desired methods.
      try {      
                  FTPDeliveryOption ftpdo =new FTPDeliveryOption();
                  ftpdo.setFtpServerName("ServerName");
                  ftpdo.setFtpUserName("Username");
                  ftpdo.setFtpUserPassword("Password");
                  ftpdo.setRemoteFile("/path/TestFile");
                  ftpdo.setSftpOption(true);
                  List<FTPDeliveryOption> listobj=new ArrayList<FTPDeliveryOption>();
                  listobj.add(ftpdo);
                  ArrayOfFTPDeliveryOption ar =new ArrayOfFTPDeliveryOption(); 
                  ar.setItem(listobj);
                  DeliveryChannels dc = new DeliveryChannels();
                  dc.setFtpOptions(ar);
                  ScheduleRequest scheduleRequest = new ScheduleRequest();
                  scheduleRequest.setDeliveryChannels(dc);
                  scheduleRequest.setJobLocale("en-US");
                  scheduleRequest.setUserJobName("Job_1_WebService"); 
                  scheduleRequest.setDataModelUrl("Url");
                  scheduleRequest.setStartDate("Mar 27, 2015 12:40:00 PM");
                  scheduleRequest.setJobTZ("[GMT+05:30] Calcutta, Chennai, Mumbai, New Delhi");
                  String userID = "BI_Publisher_Username";
                  String password = "BI_Publisher_Password";
                  scheduleService.scheduleReport(scheduleRequest,userID,password);
              } catch(Exception exception) {
                  exception.printStackTrace();
  Snapshot of error is attached.
  Kindly suggest the way of getting out of this error.

  Hi
  Check this thread
  WD Message Manager
  Reward opints if usefull....

• Runtime error while posting a document (FB70/FBS1)

  Hi
  I am getting a runtime error while posting a document through FB70 or FBS1 .
  The erro description tells The type "CL_BCS_OBJHEAD" is unknown.
  And the program dumps in Function module SO_KPRO_DECIDE.
  Has any one faced this problem?

  Hi,
  Please check the psoting date and also the reversal  date in FBS1. Please check when you have posted the document and when you want ot reverse the same.
  Thank you,
  Shilpa.

• Error while posting usint tcode f-02 in fi

  Hi all,
  I am getting an error while posting a document using t code f-02.It is allowing me to go through the 3 steps of posting a document  but while saving it gives me the following error message:
  Error accessing function module:fmfk_fikrs_read parameter:ip_fikrsp_fma_objnr
  Message no:f1030
  DIAGNOSIS:
  The application has accessed a funds management or cash management module with parameters messing or defective.
  PROCEDURE:
  Notify your system administrator.
  Hope some body would help me out.
  Thanks

  Hi,
  Not sure if this works out
  try checking img-Financial Accounting-Financial Accounting Global Settings-Company Code-Enter Global Parameters
  double click on company code and see if any thing is assigned in the feild to FM.
  regards
  genie

• FA Retirement- 21151: error while posting asset document: '100000039'

  Hello Experts,
  I have a client who encountered this error during fixed asset retirement - scrapping.
  After selecting the asset to be retired, sap did not assign an account in the account column, but the user
  was able to save the document.  After saving it, the user needs to retire again another asset - scrapping, but the document would not be saved because of this error: 21151: error while posting asset document '100000039'.  The document number the systems is referring to is the last document saved but sap did not assign an account code.
  Please help. My client is using sap b1 8.81 patch5.
  Regards,
  Luz

  Hi Too Mui Hwee,
  What we did is to put letters on the number so the series will continue example there is already 100333, 100334, 100335 since the error is encountered from 100333. We add 100333A, 100334A, 100335A.
  Thanks

• Error while posting J1IS

  Hi,
  I am getting the below error while posting the J1IS with reference to the STO 351 document.
  Could you please advice?
  Error updating table J_1IEXCHDR.
  Message no. 8I308
  Regards,
  Mohd Ali.

  Check it using SM13 transaction to know the real cause of error.
  http://help.sap.com/saphelp_nw04/helpdata/en/e5/de873b35cd11d3acb00000e83539c3/content.htm
  Regards,
  S Anand