Issue with Web Service Security

Dear Forum Members and Readers,
I am a beginner to Web Services, and facing an issue with WS-Security.
My issue seemingly is quite specific to my projects though, It will be great if you can provide me your views.
Context Description:
I am developing a Java Web Service application that is deployed on JBoss Application Server.
This application will communicate with two other applications those are not deployed in same JBoss Application Server.
These 2 applications are third party applications, one is C++ based web services and other is Java based web services.
My application gives a call to Third Party Application1 and receives the response back form it. It then passes this received response to Third Party Application 2.
Issue Description:
I now need to enable https paradigm among these 3 applications. (I need to implement web service security model here)
I started with looking in to JBoss specific WS-Security but found it not suitable in my case, as it requires to configure both the client and server. I have the control over my application but not on other 2 third party applications.
To this extent, I am unable to identify a solution that can address my issue.
Can anybody please provide me with initial thoughts or any reference material that might help me to give this a start.
Any clue will be highly appreciated!
Thanks in advance
Mukul

mukul.object wrote:
Actually, my SOAP messages contains some critical information that needs to be encrypted.You think that its critical information however your third party doesn't. If they would have had same thought they would have enabled the security. As I said earlier, you will have to discuss this with them.
Another solution (however I don't know the viability in your case) could be to deploy one component before each third party service. Your web service will call this new component (Which is installed in their environment i.e. local to third party web service) and new component will forward the request to third party service. Now you can apply security/encryption/decryption between your web service and your component.
I have had a look in to XMLEncrytion using that I can encrypt my SOAP messages but I wonder how would other tools decrypt that.My above comments answers this.
Is there anyway I can encrypt my SOAP messages (without having to customize third party tools) in this scenario ??My above comments answers this.

Similar Messages

[OSB Kernel:398133]The service is based on WSDL with Web Services Security

Team,
I need to use the wsdl given by external client. When I create a osb business service, I am receiving the below error.
OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button. ...
WSDL:
http://personator.melissadata.net/v3/SOAP/ContactVerify
We don't have OWSM set up. Is there any workaround that I can use to connect to this service for OSB?

As a workaround, you can try to remove the Policy definition and reference from the copy you will import in OSB.
I would recommend to add OWSM to your domain. It's a straight forward process.
Regards,
Fabio.

Log4j.jar issue under Web Service Security Module

I am running into an issue with log4j.jar for WebLogic OES PDP. there is a custom appender class that extends org.apache.log4j.AppenderSkeleton, if we packed into one jar file under \bea\ales32-ssm\webservice-ssm\lib\log4j.jar everthing is fine. if we split this class with another jar file(sth like patch.jar) and add a entry in the config file WLESws.wrapper.conf under bea\ales32-ssm\webservice-ssm\instance\WSSM\config and it failed with this error,
but an error is
generated when starting the WSSM(Web Service Security Module):
log4j:ERROR A "com.foo.AuditJMSQueueAppender" object is not assignable to a "org.apache.log4j.Appender" variable.
log4j:ERROR The class "org.apache.log4j.Appender" was loaded by
log4j:ERROR [com.bea.security.providers.utils.InverseURLClassLoader@5f7d3f] whereas object of type
log4j:ERROR "com.foo.AuditJMSQueueAppender" was loaded by [sun.misc.Launcher$AppClassLoader@a18aa2].
log4j:ERROR Could not instantiate appender named "JMS_AUDIT".
130
ARME is started now
Rendering object type: AuditAtzEvent
I have tried add java option:log4j.ignoreTCL=true. in this WLESws.wrapper.conf file, but does not work.
How to resolve this issue, Thanks for your help!

hi
Can anyone help with this...

SOAP Request with Web Service Security

Hi masters of XI,
the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>XXXX</wsse:Username>
<wsse:Password>XXXXXXXXX</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
How can we send UserNameToken's elements inside SOAP web service envelope
signing with X.509 certificate also? There are any way to do it in the
receiver agreement or receiver SOAP adapter?
thanks.

Hi,
thank you very much for your answers.
I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>XXXX</wsse:Username>
<wsse:Password>XXXXXXXXX</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
This is my Request:
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#id-104309952">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#Timestamp-104310599">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
        <ds:KeyInfo Id="KeyId-104377209">
          <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
            <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
      <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
        <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
        <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
</soapenv:Header>
And this is the request I need:
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#id-104309952">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#Timestamp-104310599">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
        <ds:KeyInfo Id="KeyId-104377209">
          <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
            <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>

<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
        <wsse:Username>xxxxxxx</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
      </wsse:UsernameToken>

<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
        <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
        <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
</soapenv:Header>

Security issue with Web Services on Oracle SOA suite? (Serious?)

Hi,
I have recently installed and set up the SOA 10.1.3 on my local machine.
I created a simple test web service and deployed - worked ok.
I then added simple plain text security to the service, and again opened it up for testing using the test service function.
Initially, it returns with the expected message 'missing soap header security'.
However if you refresh the page / or test the service again, it is then invoked - seemingly bypassing the security !!!
Oddly the 3rd attempt then shows the security message again, and it seems to alternate between allowing access to the service and imposing the security?!?!
Has anyone else experience this ?
Is it a bug ? (if so, its a pretty nasty one that could quite possibly catch alot of people out !)

I have now created an independant client in Java to call the WS.
The security is still bypassed on ever other call?!?!
I have this over HTTPS also, and was hoping this would provide an adequate means of securing my web services.
How is everyone else securing web services that are exposed to general consumers? Maybe i should find a new approach !

Working with Web Service Security

Hi... forum
I really need your help.
I created a web service client. with JDEV 10.1.3, when i crearted a function call i got this error
javax.xml.rpc.soap.SOAPFaultException: SoapException
at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:540)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:390)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
at com.ws.runtime.POSSoap_Stub.comprar(POSSoap_Stub.java:659)
at com.ws.POSSoapClient.comprar(POSSoapClient.java:55)
at com.ws.POSSoapClient.main(POSSoapClient.java:40)
I debug the application and then get down in this line:
send((String) getProperty(ENDPOINT_ADDRESS_PROPERTY), _state);
i also using web Secure Proxy
and i have another methor called ping and this work fine, but one method that needs webservice security doesn´t work.
some body has work with Webservice Security ?
How can i view the message that is sending ?
i don´t know what´s happenning ?
Can help me, please?
thnks
Josue

HI Frank, thank you for your help...
I run the HTTP analyzer and see the error.. the usernametoken doesn´t was put it...
My proxy i put it like secure proxy and i check the option username token. but the service. doesn´t put me this tag.
this the message send it.
<?xml version = '1.0' encoding = 'UTF-8'?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="urn:schemas-orbitel-com-co:pos">
<env:Body>
<ns0:SolicitudCompra>
<ns0:IdTransaccion>123</ns0:IdTransaccion>
<ns0:TipoTarjeta>Orbitel Europa</ns0:TipoTarjeta>
<ns0:Localizacion>Colombia</ns0:Localizacion>
<ns0:Valor>0</ns0:Valor>
<ns0:ZonaHoraria>0</ns0:ZonaHoraria>
</ns0:SolicitudCompra>
</env:Body>
</env:Envelope>
And the error message is..:
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>SoapException</faultstring>
<faultactor>urn:schemas-orbitel-com-co:pos</faultactor>
<detail>
<Error xmlns="urn:schemas-orbitel-com-co:pos">
<Codigo>POS006</Codigo>
<Descripcion>El UsernameToken no fue suministrado</Descripcion>
</Error>
</detail>
</soap:Fault>
Frank, what can i do. to put the usernametoken into the send message.. ?
thnks four your help...
thnks.
Joshua

Possible issue with Web service connections in SP3

Hello,
I installed Xcelsius 2008 SP3 over SP2 and some of my input values for my web service connection were not being built into the XML request. I then rolled back to 2008 SP2 and all was fine. Not a thing i tried could fix it, and it was not all the input values just some of them and the same ones each time. Perhaps i installed different Xcesius suites: the SP2 one i have is trial version and has a black BO splash, the SP3 one has a yellow SAP splash. SP3 has some funky enhancements so i would certainly like to go that way. Any ideas? Or ideas as to how i could get this into BO support for troubleshooting?
Regards,
Gilbert

By mistake I posted to this thread. Removing my message.
Edited by: Anil Kumar on Dec 24, 2009 4:55 AM

Web Service Security with SAML - Invalid XML signature

Hello together,
we want to build a scenario where we want to use Web Service Security with SAML.
The scenario will be
WS Client (Java Application) -> WS Adapter -> Integration Engine -> WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
SAP PI release is 7.11 (SP Level 4)
We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
But we get following error at calling the CRM system when we want to communicate with SAML:
<E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
Has somebody an idea of the possible reason for the error.
Thanks in advance
Stefan

Error Messages in the Trace/Log Viewer:
CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48 with internal error id 1001 and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1 ).
Invalid XML signature

Java Web Services Security with 10.1.2.1

I have developed a Java Web Service with J Developer 10.1.2.1 which was deployed onto Oracle 10.1.2.1 application server. Now I have to implement Security for this Web Service (similar to ws-security etc.,), how I can achieve Security with 10.1.2.1?
J Developer 10.1.3.1 seems to have the feature to implement Web Service Security, but a Java Web Service developed using J Developer 10 .1.3.1 with security enabled cannot be deployed onto Oracle 10.1.2.1 application server.
Please help as how I can implement Java Web Service Security with 10.1.2.1?
Email: [email protected]
Thanks for the help in advance.

You can use Oracle Web Services Manager to virtualize the end point and still implement WS-Security.
Thanks
Ram

Security with Web Service calling some EJBs

Hi everybody,
I have implemented some web services residing in a war file deployed on my Tomcat. The web services module is a client to some EJBs deployed on my JBoss. I need to log the user in my realm on each WS request and log the user out before the WS response.
I have implemented security on web applications with JBoss and used JAAS realms succesfully but what do I do in this case with Web Services? I mean the requests are stateless. If I use the org.jboss.security.ClientLoginModule
won't this override the credentials of another user who is already logged in the realm?
I have also implemented a standalone application which spawns a thread for each user request and I am wondering about the same thing. This application is a service listening for some kind of messages; on a message the application should log the user in the realm before calling an EJB and log the user after the request is completed. So it's more or less the same situation as above.
Is this possible? I mean logging many users in the same realm in one non-web application?
Any ideas?
Thank you in advance!!!
thoism

requests are stateless, just as are requests to webapps.
Which is hardly surprising as a web services stack is typically implemented as a web application.
If you could log in only a single user at the same time to an EJB application, it would be rather pointless to have the application as a distributed multiuser system :)
What you might check is whether you're allowed to log in the same user several times, if I remember correctly this can be limited in the EJB module deployment descriptors.

"Define Web Service" - Security Issues

Hello all,
I have successfully defined a Web service with the wizard in ID. So I already have my WSDL file.
Now, I need to use this WSDL file from a Web Application that exposed to all public internet.
Now my question is, how is security managed for this web service? I mean, if the web service is exposed to any user of the web application in the internet, how can I assure that, the information in the WSDL file will not be used to access the XI Server with out authorization?
Who should be in charge of the security, the web application? the web service? or xi?
Thanks,
Felipe

If you are using the SOAP Adapter for receiving the information it provides the features like
1. HTTP without Client Authentication
2. HTTP with Client Authentication
Even you can select Security Prameters like
1. Web Service Security
2. S/MIME
If you configure all this then which other kind of security you are looking for.
Gaurav Jain
Reward Point if answer is helpful

How to do a InsertOrUpdate with web services 2.0

I understand that InsertOrUpdate method is just valid for Web Services 1.0.
a) Is there a way to do it with web services 2.0 ? I imagine using a query and then Update or Insert.
b) if we decide to use web services 1.0 would there be any cons ? (besides a possible performance issue as in the documentation)
c) InsertOrUpdate uses the record "user key" for identification. If need to identify using another field, I suppose that the only way is thru query, etc. Any other ideas ?
Txs. for any help.
Antonio

Hello Antonio,
I understand that InsertOrUpdate method is just valid for Web Services 1.0.Correct, the InsertOrUpdate method is not available in WS v2.0.
a) Is there a way to do it with web services 2.0 ? I imagine using a query and then Update or Insert.That is one possibility, however it means that every insert or update would consist of two operations. I would suggest reviewing your requirements and expected use cases for a way to determine whether a record is being inserted or updated within CRMOD. The specific approach would depend on whether how the records to be entered into CRMOD are compiled (i.e. user interaction vs. batch sync component)
b) if we decide to use web services 1.0 would there be any cons ? (besides a possible performance issue as in the documentation)There are some objects that are not supported for WS v1.0 as well as the fact that field coverage is not as complete as the WS v2.0 interface.
c) InsertOrUpdate uses the record "user key" for identification. If need to identify using another field, I suppose that the only way is thru query, etc. Any other ideas ?Only certain fields or sets of fields can be used as a user key. These are described in the WS user guide. You can query on other fields to find a record in CRMOD but a unique value must be provided to identify a record for an update operation.
Thanks,
Sean

Web service security in PI

Mine is PROXY to SOAP asynchronous.
PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
so that at receiver statem they can validate the user using these.
When i am calling webservice from soapui with the header parameters
Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>xxxxx</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
<wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
<wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
What configuration needs to be done in PI.

I got this in Runtime work bench
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
- <SOAP:Header>
- <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
<sap:MessageClass>ApplicationMessage</sap:MessageClass>
<sap:ProcessingMode>asynchronous</sap:ProcessingMode>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
<sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
- <sap:Sender>
<sap:Party agency="" scheme="" />
<sap:Service>test2310</sap:Service>
</sap:Sender>
- <sap:Receiver>
<sap:Party agency="" scheme="" />
<sap:Service>test_serivce</sap:Service>
</sap:Receiver>
<sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
</sap:Main>
- <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
<sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
</sap:ReliableMessaging>
- <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
<sap:TraceLevel>Fatal</sap:TraceLevel>
<sap:Logging>On</sap:Logging>
</sap:Diagnostic>
- <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
- <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
<sap:Engine type="BS">test_serivce</sap:Engine>
<sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
<sap:Info>3.0</sap:Info>
</sap:Hop>
- <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
<sap:Engine type="IS">is.68.devai020</sap:Engine>
<sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
<sap:Info>3.0</sap:Info>
</sap:Hop>
- <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
<sap:Engine type="AE">af.dxi.devai020</sap:Engine>
<sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
</sap:Hop>
</sap:HopList>
</SOAP:Header>
Edited by: Vamsi on Jul 15, 2009 7:06 PM

Is Web service security available?

Dear Experts,
In RWB, when i click on Integration Engine(in component monitoring) i get a yellow triangle next to it instead of green. Result of self test says that
Is Web service security available?
"Communication error Proxy calls are not permitted on sender or receiver side on the IS (client)".
Can u guys tell me the reason behing this.
Thanks & regards.

Hi,
Check if you have selected any security level for the WebService or may be it is across the firewall. Probably you need to install the related certificates and have to configure the SSL layer.
refer
You need to setup SSL layer for HTTPS endpoint.
Possible HTTP security levels are (in ascending order):
HTTP without SSL
HTTP with SSL (= HTTPS), but without client authentication
HTTP with SSL (= HTTPS) and with client authentication
Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
General guide
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
Message level security
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
Thanks
Swarup

RWB - Integration Engine self test - web service security and proxy

Hi,
I am working with a new installation of PI 7.0. In the runtime workbench, under self test for integration engine, there is this error/warning:
""Details for 'Is Web service security available?'
Communication error: Proxy calls are not permitted on sender or receiver side on the IS (client)""
What exactly is the problem? Is there any additional configuration needed within PI to use proxies? We do not have the cryptographic toolkit installed. Is that nesseccary to work with proxies? We have done several other scenarios with RFC, MAIL, HTTP, etc and they work fine. If anyone else had this problem and managed to fix it, please let me know..
Thanks,
Lasya

You can ignore this error. It is simply a warning that says message level security has not been configured. Without message security too, you can do proxy communication.
But, if you want to configure messag level security, go through XI Config guide section 12.4.
Message was edited by: Jay

Issue with Web Service Security

Similar Messages

Maybe you are looking for