KeyStore functionality in SOAP adapter

Similar Messages

• Problema with Keystore entry in SOAP Adapter

  Hi all,
  I have a RFC to SOAP scenario wich uses a certicate X.509. I import the certificate in Visual Admin in Key Storage node following this steps:
  /people/varadharajan.krishnasamy/blog/2007/05/11/how-to-use-digital-certificates-for-signing-encrypting-messages-in-xi
  In Integration Directory, in SOAP Adapter receiver, I want to place the certificate in Keystore view but does'nt appear, there are two entries, service_ssl an TicketStore but I dont find my certificate.
  Any suggestions???
  Regards,
  Pablete

  Hi.
  Look this links below:
  PI 7.1 SOAP scenario with SSL certificate
  SOAP adapter - digital signature
  Digital signed File Upload to XI (PI)
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/40f6fee6-9316-2a10-d2a9-954d4df7dd33
  I hope it helps you.
  Regards.
  Bruno

• Missing keystore views in SOAP Adapter configuration

  All,
  We added few certificates to the "TrustedCA" view in the visual admin. But when we come to the XI config and see the keystore views only the following 2 are visible - "service_ssl" & "TicketKeystore". We dont see any trusted CA's over there.
  Is there a setting we need to do - to make this appear on XI config?
  Thanks.

  Thanks for the reply.. you said.
  <i><b>"If you do have a trusted CA certificate which is also to be used as a end-user certificate, you'll also need to put it into another view."</b></i>
  Yes. we do have a certificate that is both the issuer's as well as end users. If i understand you correctly - we need to add it to the Trusted CAs (for the issuer's side verification) and also to another view (for using in the end user verification)?
  Is that right?
  Thanks.

• KeyStore functionality

  Hi All,
  Exploring KeyStore functionality to be implemented in File Adapter.
  As per the info, SOAP , Mail adapters support this functionality.
  Pls let me know whether the KeyStore functionality can be implemented in File Adapter using EJB or any other method?
  1) Can we implement KeyStore functionality in File adapter using Adapter Module configuration?
  2) If you have any details on how to implement the KeyStore functionality in any of the adapters including File adapter, request to share the details.
  thanks in advance.
  Regards,
  Ganesh

  Exploring KeyStore functionality to be implemented in File Adapter.
  Check if this discussion helps you in some way:
  Re: Steps for File Transfer through FTPS...!!!
  Regards,
  Abhishek.

• Sender SOAP Adapter

  Hi,
  Scenario is Sender SOAP and Receiver (Server Proxy) .
  Integrated the ESS applications on .net portal using soap adapter..example salary slip, ctcview....
  If we give input as empno to soap adapter it will give you salary details back to .net portal.
  All this functional;ity are working fine..
  Now i need to check the authorization to acess this soap request. As this webservice works for all the employess in the organazation. but i need to restrict for few employees. Is there any authorization check in XI as it is there in ESS.
  If so how to use that . Now in .net portal they are useing the same user name and pwd for all the soap requests.
  Regards
  Vijay
  Edited by: vijay Kumar on May 25, 2010 11:18 AM

  Michal
  Hopefully I can help you for once!
  You can set the SOAP action to debug in the Java Admin Console.
  Set com.sap.aii.af.mp.soap and com.sap.aii.messaging set to DEBUG
  Set location
  &#61680;     Services
  &#61680;     Log Configurator
  &#61680;     Locations
  &#61680;     Choose com.sap.aii.messaging
  &#61680;     Assign Severity Debug
  See https://service.sap.com/sap/support/notes/856597 for more info...
  This note has a an attachment: tcpgw.zip for tracing the whole message...

• SMIME in sender soap adapter

  Hi,
  I'd like to know the proper format of the POST request to a sender soap adapter with SMIME activated. I've found almost no documentation about it.
  I'm trying to send a document ciphered to PI via soap adapter (HTTP POST). I've done the following steps
  1. I activate SMIME in the sender soap adapter, and I specify "Decrypt" as the security procedure in the sender agreement. I also incorporate the private key in the keystore DEFAULT and reference to it in the sender agreement.
  2. I use OpenSSL to cipher an xml document like this (I use the public certificate associated to the previous private key) :
  --> openssl smime -encrypt -in fich.txt -out fich_encrypted.txt certTesting.pem
  What I get is:
  MIME-Version: 1.0
  Content-Disposition: attachment; filename="smime.p7m"
  Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
  Content-Transfer-Encoding: base64
  MIIC....[base64 content of the file encrypted]
  3. I use CURL to send the HTTP POST request to PI. Previously I get the binary file from the base64 content.
  > POST /XISOAPAdapter/MessageServlet?senderParty=&senderService=BC_1[...]
  > Authorization: Basic c2U[...]
  > Host: pi.[...].com:50000
  > Accept: /
  > Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=fich_encrypted.der
  > User-Agent: Jakarta Commons-HttpClient/3.1
  > Accept-Encoding: text/xml
  > Content-Disposition: attachment; filename=fich_encrypted.der
  > Content-Length: 620
  > Expect: 100-continue
  but I get this error from the SOAP Adapter:
  --> java.io.IOException: invalid content type for SOAP: APPLICATION/PKCS7-MIME.
  I also get the same error if I remove the header Content-Disposition.
  4. If I send the xml file without ciphering (header Content-Type: text/xml;charset=UTF-8) I get the error:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: call failed: java.lang.SecurityException: Exception in Method: VerifySMIME.run(). LocalizedMessage: SecurityException in method: verifySMIME( MessageContext, CPALookupObject ). Message: IllegalArgumentException in method: verifyEnvelopedData( ISsfProfile ). Wrong Content-Type: text/xml;charset=UTF-8. *Expected Content-Type: application/pkcs7-mime or application/x-pkcs7-mime*. Please verify your configuration and partner agreement
  PROBLEM --> I really don't know what the SOAP sender channel is expecting when SMIME is activated. I've tried to send the binary file encripted as an attachment and also directly, but the soap adapter complains.
  Thanks

  HI,
  for XI EP
  Please see the below links so that you can have clear Idea..
  /people/saravanakumar.kuppusamy2/blog/2005/02/07/interfacing-to-xi-from-webdynpro
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/java/integrating%20web%20dynpro%20and%20sap%20xi%20using%20jaxb%20part%20ii.article
  Consuming XI Web Services using Web Dynpro – Part II-/people/riyaz.sayyad/blog/2006/05/08/consuming-xi-web-services-using-web-dynpro-150-part-ii
  Consuming XI Web Services using Web Dynpro – Part I -/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
  /people/sap.user72/blog/2005/09/15/creating-a-web-service-and-consuming-it-in-web-dynpro
  /people/sap.user72/blog/2005/09/15/connecting-to-xi-server-from-web-dynpro
  Regards
  Chilla..

• How to setup SOAP Adapter in order to include BinarySecurityToken element

  Hi,
    I am building an integration scenario where I need to configure a SOAP receiver that will include the BinarySecurityToken element (as described in http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf). The value of the element must be the hash value of the canonicalisation on the XML using SHA-1 hash algorithm and encode it in Base64. Is there a way to configure the SOAP adapter receiver channel to perform such a task? I have see the security settings in the channel and the setting in the receiver agreement but I am not sure how to produce the value as above. Any help is appreciated.
  Regards,
  S.Socratous

  Kiran look into this
  As per my knowledge any RFC - enabled function can be exposed as a webservice which can be consumed by any application written in any language directly..
  an XI message interface can also be exposed as a Webservice.
  RFC is function-oriented webservice.
  XI interface is integration webservice
  Check the following blogs for webserivces
  /people/shabarish.vijayakumar/blog/2006/03/23/rfc--xi--webservice--a-complete-walkthrough-part-1
  /people/michal.krawczyk2/blog/2005/06/28/xipi-faq-frequently-asked-questions
  /people/sap.user72/blog/2005/11/22/xi-faqs-provided-by-sap-updated
  /people/shabarish.vijayakumar/blog/2006/03/28/rfc--xi--webservice--a-complete-walkthrough-part-2
  /people/siva.maranani/blog/2005/09/03/invoke-webservices-using-sapxi
  /people/siva.maranani/blog/2005/03/01/testing-xi-exposed-web-services
  /people/michal.krawczyk2/blog/2005/03/29/configuring-the-sender-rfc-adapter--step-by-step
  https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2131 [original link is broken] [original link is broken] [original link is broken] [original link is broken]
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/336365d3-0401-0010-9884-a651295aeaa9
  Webservice Development
  Consuming webservice
  /thread/122211 [original link is broken]
  Regards
  Sreeram.G.Reddy

• SOAP adapter: port, logging/tracing, http/https

  Hi,
  several questions concerning SOAP adapter:
  SAP XI 3.0 SP19 used.
  <b>Scenario 1:</b>
  SOAP request adressing J2EE port
  http://host:8000/XISOAPAdapter/MessageServlet?channel=Partner:Service:SOAPSenderChannel
  <b>Scenario 2:</b>
  SOAP request adressing ABAP port
  http://host:50000/XISOAPAdapter/MessageServlet?channel=Partner:Service:SOAPSenderChannel
  <b>Question 1:</b>
  What happens with a SOAP request adressed to the ABAP port?
  Obviously it is forwarded to the J2EE port but where is this forwarding function documented
  and is it allowed in every case to send SOAP messages to ABAP port?
  <b>Question 2:</b>
  What logging and tracing functionalities do i have in both scenarios before the message enters (before RWB)?
  E.g. where can i see unsuccessful requests (e.g. if there is mistyping in SenderChannel).
  Then it not visible in Runtime Workbench but whereelse?
  If the ABAP port is adressed i see something in SMICM trace file, but very cryptic and not conclusive.
  Do you know further trace/log files for both scenarios (Visual Admin?) ?
  <b>Question 3:</b>
  What is the difference if https is used concerning logs and traces?
  Do i have more or less possibilities?
  Thank you very much in advance for comments.
  Michael

  Hi
  The URL sent to the ABAP port and the J2EE port are different.
  The URL to the ABAP port is documented in this blog by Stefan,
  /people/stefan.grube/blog/2006/09/21/using-the-soap-inbound-channel-of-the-integration-engine
  http://<server>:<ABAP-port>/sap/xi/engine?type=entry&version=3.0&Sender.Service=<YourService>&Interface=<YourNamespace>%5E<YourInterface>
  Answering question 1 --> As the URL are different, the Request in case of the ABAP stack hits the Integration Engine directly - into the pipeline of XI and bypassed the Adapter Engine competely.
  As stefan's blog states - you cannot post multipart SOAP request to the IE directly.
  Question 2  - If the URL is incorrect, if the request hits XI then you will have the log in XI  ( in MONI in case of ABAP port ) and in RWB -Message Monitroing ( in case of J2EE port)
  Regards
  Bhavesh

• Receiver SOAP adapter -Async

  Hi  All,
  My scnario is SAP -PI--webService (SOAP adapter)  Asynchronous.
  In case of any error while processing the data into webservice, I think webservice  will pass back a relevant message to thePI through SOAP.  I am able to see only the error descrtion in the CC monitoring.
  How does PI interpret the XML which SOAP passes back in the event of an error during processing?Where we can find the XML message of the error?
  What is the functionality is in place in SAP-PI to get the returned information from the webservice in the event of an issue?
  Thanks in Advance
  Kartikeya

  Karthik,
  Asynchronous / synchronous  is decided by the sender system /adapter
  > I think webservice will pass back a relevant message to thePI through SOAP
  If it is Async the SOAP adapter will not  get the response back from the webservice
  Cheers
  Agasthuri Doss

• Sender SOAP Adapter with HTTPs call

  Hello,
  Our scenarion is ..  we will have a sender SOAP adater .. but it needs to be called using HTTPs(SSL).
  Now considering we have the certificate generated and installed ..and that integration server is HTTPs enabled....What URL should the sending system call..?
  For normal HTTP call the inbound address for inbound Adapter is: http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel
  For the case of HTTPs just changing the htttp to https and the port number in in the calling system will suffice? Or is there other configurations that needs to be done??
  Thanks and Regards,
  Himadri

  Hi Himadri,
  Firstly as suggested by others you can call using https and give the https port in the soap adapter servler URL. Secondly you need to do the following configurations:
  1) If its PI 7.0/3.0, deploy the latest version of the SAP Java cryptography toolkit.
  2) Configure SAP PI as the server for HTTPS calls. In short
        Using the SSL Provider service:
                              a.      Select whether the J2EE Engine should:
                                 ■      Request (but not require) that the user presents a client certificate for authentication.
                                 ■      Require that client certificates are to be used for authentication.
                              b.      Import the CAu2019s root certificate into the Trusted Certification Authorities list. (Choose Add.) using the following For all the steps, link is mentioned below for XI 3.0, you can find similar ones for PI 7.0
  http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/content.htm
  3) If you want to enable client authentication then you would need to add the client certificate in the TrustedCA keystore view of the SAP J2EE engine.
  4) In the SOAP Adapter sender channel, configure Inbound Security level as HTTPS or HTTPs with client authentication based on your scenario.
  Best Regards,
  Pratik

• Sender SOAP Adapter with Https

  Hi,
  can any one give me information on  how my Sender SOAP adapter to be configured with HTTPS port.
  please give me the what are all different ways to make my Sender SOAP Adapter secure and give me the steps to achieve the functionality.
  Thank You,
  Madhav

  check this section:
  http://help.sap.com/saphelp_nw70/helpdata/EN/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  Also some help from SAP note:
  https://service.sap.com/sap/support/notes/891877
  Regards,
  Abhishek.
  Edited by: abhishek salvi on May 29, 2009 1:59 PM

• Error using Sender SOAP adapter over HTTPS

  Hi experts,
  Few weeks ago, i developed an interface as follows: SOAP <-> XI <-> RFC.
  I tested the functionality using Altova and everything went well, with HTTP.
  However, when i use HTTPS it fails throwing these error messages (pop ups):
  <i>"HTTP error: could not post file"......
  "Error sending the soap data"</i>
  I have reviewed the SSL certificates installation and everything seems to be ok, but currently i am stuck and do not know how to fix this.
  I have also change the ID comm channel from HTTP to HTTPS with client aut.
  Is there any special service i have to activate? (XI services and SPIGATE are already done)
  Could you please assist?
  Thanks in advance and best regards,
  David

  David,
  have a look @ these threads...u may get some help!!!
  Sender Soap with HTTPS
  https Soap Adapter
  Regards
  Biplab

• Certificate based authentication with sender SOAP adapter. Please help!

  Hi Experts,
     I have a scenario where first a .Net application makes a webservice call to XI via SOAP Adapter. Then the input from the .Net application is sent to the R/3 system via RFC adapter.
  .Net --->SOAP -
  >XI -
  >RFC -
  R/3 System
  Now as per client requirement I have to implement certificate based authentication in the sender side for the webservice call. In this case the .Net application is the "client" and XI is the "server". In other words the client has to be authenticated by XI server. In order to accomplish this I have setup the security level in the SOAP sender channel as "HTTPS  with client authentication". Additionally I have assigned a .Net userid in the sender agreement under "Assigned users" tab.
  I have also installed the SSL certificate in the client side. Then generated the public key and loaded it into the XI server's keystore.
  When I test the webservice via SOAPUI tool I am always getting the "401 Unauthorized" error. However if I give the userid/password for XI login in the properties option in the SOAPUI tool then it works fine. But my understanding is that in certificate based authentication, the authentication should happen based on the certificate and hence there is no need for the user to enter userid/password. Is my understanding correct? How to exactly test  certificate based authentication?
  Am I missing any steps for certificate based authentication?
  Please help
  Thanks
  Gopal
  Edited by: gopalkrishna baliga on Feb 5, 2008 10:51 AM

  Hi!
  Although soapUI is a very goot SOAP testing tool, you can't test certificate based authentication with it. There is no way (since I know) how to import certificat into soapUI.
  So, try to find other tool, which can use certificates or tey it directly with the sender system.
  Peter

• SOAP Adapter:  Content Type Issue in WebServices via HTTP

  Hi,
  I have configured a Receiver SOAP adapter. When i had to test the message i had an HTTP 415 error.
  i found that the sender SOAP adpater that received this message is not capable of handling Content-Type: Application/XML i.e. which is being transmitted by the Receiver SOAP Adapter.
  Please let me know how to configure in the Receiver SOAP adapter so that the HTTP Content-Type would be TEXT/XML instead of Application/XML .
  Thanks in Advance,
  Venkatesh

  Hi Michal,
  I have created a Web service for a RFC function Module. The webservice is available in SOAMANAGER.
  It got activated also .  But whenever I tried to test, I am getting the below error,
  "Message Envelope not found. Probably Empty SOAP message"
          Request:
          POST /sap/bc/srt/rfc/sap/yotci_i015_linkp8sap/100/yotci_i015_linkp8sap/yotci_i015_linkp8sap HTTP/1.1
  Host: sapkrftewd01.krft.net:8030
  Content-Type: text/xml; charset=UTF-8
  Connection: close
  Authorization: <value is hidden>
  Content-Length: 657
  SOAPAction: ""
  <?xml version="1.0" encoding="UTF-8" ?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema"><SOAP-ENV:Header><sapsess:Session xmlns:sapsess="http://www.sap.com/webas/630/soap/features/session/"><enableSession>true</enableSession></sapsess:Session></SOAP-ENV:Header><SOAP-ENV:Body><ns1:YotciI015Linkp8sap xmlns:ns1='urn:sap-com:document:sap:soap:functions:mc-style'><IvParam1>POD</IvParam1><IvParam2>00006095</IvParam2><IvParam3>01/14/2009</IvParam3><IvParam4>PDF</IvParam4></ns1:YotciI015Linkp8sap></SOAP-ENV:Body></SOAP-ENV:Envelope>
           Response:
          HTTP/1.1 500 Message E 1S 406 cannot be processed in plugin mode HTTP
  content-type: text/xml; charset=utf-8
  content-length: 0
  accept: text/xml
  sap-srt_id: 20090224/141936/v1.00_final_6.40/49A4677A2D0736EDE10000000A3597E9
  server: SAP Web Application Server (1.0;700)
  Is this because of "do not use SOAP envelope" check?
  I didn't check this check box.
  If that is the error could you please tell me how to see the "do not use SOAP envelope"?
  Where can I find SOAP channel?
  I am very new to SOAP concept. 
  One JAVA application is going to invoke this Webservice from SAP.
  Please help me.
  Thanks,
  Bala.

• How To use certificate in SOAP-Adapter

  Hi, well because the invoked external WebService needs a certification in SOAP-Adapter the option <i>Configure Certificate Authentication</i> exists.
  I know that i have to put some values in keystore via VisualAdmin but i only got a certificate key. Do i need to generate some other values?!
  Can somebody provide me with some links or a blog on this issue?!
  br

  See this
  /people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter
  Regards,
  Prateek