Login Module configuration for soap adapter ?

Similar Messages

• HTTPS configuration for SOAP adapter

  Hi,
  We have a requirement where we need to send the request to the target URL with https protocol.
  We have raised a request to configure the XI server for HTTPS.
  HTTPS has been configured on both ABAP stack and J2EE stack.
  But we could not find the HTTPS option in the drop down list of transport protocol in receiver Soap adapter.
  For this do we need to do any setting changes on the XI server after the configuration?
  Thanks,
  Jyothsna .

  Hi,
  You need to setup SSL layer for HTTPS endpoint.
  Possible HTTP security levels are (in ascending order):
  HTTP without SSL
  HTTP with SSL (= HTTPS), but without client authentication
  HTTP with SSL (= HTTPS) and with client authentication
  Please go through below link for referance (above information is from below link)
  Step by step guide for SSL security
  step by step guide to implement SSL
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
  General guide
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
  Message level security
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Regarding message level you can encrypt the message using certificates.
  For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
  Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
  Check the following links.. you will get the information all about the securities...
  http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
  Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Also find soeminformation in these links
  http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
  /people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
  Thanks
  Swarup

• Adapter specific message attributes for SOAP adapter

  Hi all,
  I  have gone through the SAP Help Documents for configuring SOAP Communication Channel. I am unable to understand how to implement ASMA for Soap adapter.
  Please provide some links to help me understand the same
  Many Thanks,
  Neha

  Hi Neha,
  pls do chk the below links for SOAP adapter message attributes
  http://help.sap.com/saphelp_nwpi71/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/43/0a7d1be4e622f3e10000000a1553f7/content.htm
  http://publib.boulder.ibm.com/infocenter/wbihelp/v6rxmx/index.jsp?topic=/com.ibm.wbia_adapters.doc/doc/sap_xi/sapximst38.htm
  http://publib.boulder.ibm.com/infocenter/wbihelp/v6rxmx/index.jsp?topic=/com.ibm.wbia_adapters.doc/doc/webservices/webservices16.htm
  Regards
  Sampath

• Configuring the SOAP Adapter

  Hi Folks,
  I have a sceanrio where an AXIS client needs to talk to the XI SOAP Adapter.
  How do I configure the SOAP adapter?
  I tried to access the help docs for configuring the SOAP adapter. I understand that the adapter depends upon the plain J2SE Adapter Engine which should be available on port 8000.
  But when I try to access
  http://<hostname>:8000 I get an access denied error
  Please help!
  Thanks in advance,
  Shailesh

  Hi Shailesh,
  Maybe your 8000 Port is in Use. So you can chance the port to 8200 or something else.
  You Change port in "GUIBrowserEngine.properties" file.
  And try to patch the Plain J2SE Adapter Engine with "SP 10 for XI Connectivity SE 3.0"
  Regards,
  Robin

• The Post Office Agent might not be configured for SOAP.

  I have a virtual server with VMware ESXi 5 running SLES11 sp1, OES11 and GroupWise 12.
  The GroupWise system have one domain and one post office with several users.
  The users can access the mailbox with the GroupWise Windows Client, but when they try to login in the GroupWise Webaccess, they get the following error: "[9505] Your post office is unavailable. The Post Office Agent might not be configured for SOAP. Please contact your system administrator".
  1.- The post office agent have the SOAP option turned on.
  2.- I check the java environment variables and they are pointing to the right directory.
  3.- The Linux Firewall is turned off.
  4.- rcapache2 start and rctomcat6 start dont show errors.
  5.- I check the webacc.cfg file and all IPs address and ports (POA & DVA) are fine.
  Any help, comment or suggestion will be welcome.
  Thanks in advance.

  Check to see if the port is being used by SLES...
  --El
  Originally Posted by crivera
  I have a virtual server with VMware ESXi 5 running SLES11 sp1, OES11 and GroupWise 12.
  The GroupWise system have one domain and one post office with several users.
  The users can access the mailbox with the GroupWise Windows Client, but when they try to login in the GroupWise Webaccess, they get the following error: "[9505] Your post office is unavailable. The Post Office Agent might not be configured for SOAP. Please contact your system administrator".
  1.- The post office agent have the SOAP option turned on.
  2.- I check the java environment variables and they are pointing to the right directory.
  3.- The Linux Firewall is turned off.
  4.- rcapache2 start and rctomcat6 start dont show errors.
  5.- I check the webacc.cfg file and all IPs address and ports (POA & DVA) are fine.
  Any help, comment or suggestion will be welcome.
  Thanks in advance.

• Changing login module stack for Netweaver Portal?

  G'day,
  I want to change the login stack for Netweaver Portal (at http://<host:50100/irj).
  Currently portal is configured in Visual Administrator to use the "ticket" authentication template. I can change this authentication template and change how I authenticate to portal.
  But changing "ticket" authentication template also changes how other applications perform authentication. So I changed the login module stack for the "com.sap/irj*irj" component to not use an authentication template, and added my own login modules.
  But when I access portal again, the "ticket" authentication is still used. I restarted the cluster to be sure but no matter what login modules I configure for "com.sap/irj*irj", only changes to "ticket" have any effect.
  So: how do modify the login module stack for portal, without modifying the "ticket" authentication template?
  --Geoff

  Hi,
  If you'd like to change the authentication stack only for the EP but not for all applications that use UME authentication, then you have to modify the descriptor authschemes.xml. You have to change the scheme "default" to point to another LM stack instead of "ticket" as it is shipped.
  Kind regards,
  Tsvetomir

• How to write won WSDL file for SOAP adapter ?

  Hi experts
    Can any one expalin me how to write WSDL file  for SOAP adapter ?
    What and all things i need to know ? i have no idea on this....
    I got the business but to WSDL ...i am very new to this
  Adv...thanks
  Rakesh

  HI,
  Please see the below links,
  Consuming XI Web Services using Web Dynpro – Part II-/people/riyaz.sayyad/blog/2006/05/08/consuming-xi-web-services-using-web-dynpro-150-part-ii
  Consuming XI Web Services using Web Dynpro – Part I -/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0d7349b6-0901-0010-ddbe-ec43178a61ff
  /people/sap.user72/blog/2006/01/16/xi-propagation-of-meaningful-error-information-to-soap-client
  /people/kevin.liu/blog/2006/04/12/wsdl-11-binding-extension-for-soap-12
  Regards
  Chilla..

• Configuration for JMS Adapter Sensor action and JMS Queue sensor action..!!

  Hi,
  Id like my BPEL process to send an XML message to JMS on Websphere,I was able to do this through a JMS adapter.But I would more like to add sensors into my process which would really do the same thing - send an XML message to JMS Q.
  Now I understand that there are two ways to do this,JMS Queue and JMS Adapter - thorugh bpel sensor action.
  I am able to use JMS Queue and it works fine , but adds its own xml tags to the message,Is there any way I could send only my xml payload as a message to the queue??
  Also could any1 tell me what is the configuration for JMS Adapter sensor action?
  Any suggestions how do I go about it??

  Hey Anirudh,
  Thanx for the response :-)
  All these hold good when I have an AQ adaptor right,But the thing is I want to send a message to a 'JMS' queue with out actually using an adapter configuration wizard and everythng..So I resolved to JMS queue Sensor action..Heres the xml snippet from the sensorAction.xml files which is generated..
  <actions targetNamespace="http://xmlns.oracle.com/Test_JMS_Logging" xmlns="http://xmlns.oracle.com/bpel/sensor" xmlns:tns="http://xmlns.oracle.com/Test_JMS_Logging" xmlns:pc="http://xmlns.oracle.com/bpel/sensor">
  <action name="JMS_LogEntry" publishName="" publishType="JMSQueue" enabled="true" filter="" publishTarget="jms/L_Queue">
  <property name="JMSConnectionFactory">jms/L_QueueCF</property>
  <sensorName>ActivitySensor_JMS</sensorName>
  </action>
  </actions>
  This works grt and adds messages to the queue..But adds its own header info according to the sensor.xsd loacted at the Oracle_home\bpel\system\xmllib\ folder.
  Right now the XML message added to the Queue is:-
  <actionData xmlns="http://xmlns.oracle.com/bpel/sensor">
  <header>
  <sensor sensorName="ActivitySensor_JMS" classname="oracle.tip.pc.services.reports.dca.agents.BpelActivitySensorAgent" kind="activity" target="AddLEntr
  y" xmlns:pc="http://xmlns.oracle.com/bpel/sensor" xmlns:ns2="http://www.ulrhome.com/2008/10/L_Entry" xmlns:tns="http://xmlns.oracle.com/Test_JMS">
  <activityConfig evalTime="completion">
  <variable outputDataType="string" outputNamespace="http://www.w3.org/2001/XMLSchema" target="$WriteL_Produce_Message_InputVariable/L_Entry/ns2:L_Entry/ns2:LCName"/>
  </activityConfig>
  </sensor>
  <instanceId>950016</instanceId>
  <processName>Test_JMS</processName>
  <processRevision>v2009_04_15__40833</processRevision>
  <domain>default</domain>
  <timestamp>2009-04-15T11:21:23.596-04:00</timestamp>
  <midTierInstance>app01.ulrhome.com:9700</midTierInstance>
  </header>
  <payload>
  <activityData>
  <activityType>scope</activityType>
  <evalPoint>completion</evalPoint>
  <durationInSeconds>0.011</durationInSeconds>
  <duration>PT0.011S</duration>
  </activityData>
  <variableData>
  <dataType>12</dataType>
  <data>
  <ns0:LCName xmlns:ns0="LC_Test1http://www.ulrhome.com/2008/10/L_Entry">LC_Test1</ns0:LCName>
  </data>
  <queryName/>
  <target>$WriteL_Produce_Message_InputVariable/L_Entry/ns2:L_Entry/ns2:LCName</target>
  <updaterName>AddL_Entry</updaterName>
  <updaterType>scope</updaterType>
  </variableData>
  </payload>
  </actionData>
  My requirement is that I need to add a sensor to the BPEL process which posts 'Only my payload message to the JMS queue'..
  What I would want the message in the Queue to be is : -
  <data>
  <ns0:LCName xmlns:ns0="LC_Test1http://www.ulrhome.com/2008/10/L_Entry">LC_Test1</ns0:LCName>
  </data>
  Also while creating a Sensor action I get another option as JMS Adaptor,I am not sure of what value to type in this wizard..Heres what I keyed in..M sure this is not right..Cos it dosnt work :-)
  <action name="SensorAction_JMS" publishName="" publishType="JMSAdapter" enabled="true" filter="" publishTarget="jms/LoggingQueue">
  <property name="JMSConnectionName">Log</property>
  </action>
  </actions>
  Could any 1 tel me what values are the right values..And does JMS Adapter mean that I have to create a JMS Apator in the project and give that connection name as a Value..
  I am not finding sufficiant Documentation for 'JMS Adapter' so M clueless and right now any help will be appriciated :-)
  Regards,
  Akshatha.

• Enabling https for SOAP adapter

  Hello all,
  Can anyone suggest how to  enable https for SOAP adapter in PI system?
  Thank You,
  Regards,
  Hasan

  Hi Hasan,
  CHeck the blog :/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter which guides you clearly
  Also check SAP Note#891877 for reference.
  Thanks and Regards,
  Naveen

• How to configure Login Modules Stack for Kerberos/LDAP

  Hello collegues,
  currenty we are working on UME configuration for the following use case.
  Clustered portal instance NW2004s running on AIX should be able to authenificate two groups of users.
  The first one is described by LDAP Data Source (Sun Directory Server) and using some artificial unique userID. Based on this userID, the SSO Ticket is created to get acces to the backend R/3 system. The LDAP schema has an "userdomain" attribute in it.
  The new group using ADS. These users are happy using it, because they have windows-based authentification and don't forced to type any credentials during login.
  There are plenty of blogs decribing how to connect ADS (even as a second DataSource) to UME.
  There are two unsolved problems: 
  1. ADS account attributes does not have the userID needed to get an SSO Ticket
  2. LDAP DataSource has no ADS password and can not be used for Kerberos authentification.
  What could be a solution for this case? I am sure we need an extra login module which enrich the Subject (user, which is already authentificated by SPNego module) with userID, selected from LDAP DataSource based on user attributes.
  Is there any other solution? May be I can mix some attributes in a DataSource configuration file?
  Best regards
  Sergej Naimark

  Hi Frank,
  did you configure the SSO for an individual policy configuration or did you edit and save the changes the ticket policy config? I ask, b/c if you applied the changes to the individual policy config then the SSO with certificates will be used <b>only</b> when you access the applications for that policy config.
  You can also double check the login module flags - perhaps the authentication check doesn't reach the ClientCertLM at all.
  Since you followed the help portal instruction I assume you've enabled strong crypto - it is required for client cert SSO. Ano easily committed mistake is to also not use the HTTPS port in the access URL.
  Let me know if this helps...
  Yonko

• Problems using access control in sender agreement for SOAP adapter 7.1

  I am trying to use Access Control Lists to restrict user access to web services/interfaces which are exposed via PI. This can be configured via the Integration Builder Directory using the u201CAssigned Usersu201D tab of both Communication Components (Business System) and Sender Agreements.
  The configuration is via the above mentioned components. However, I understand that itu2019s the adapters which at runtime are responsible for actually applying these checks.
  I have been having problems getting the access control to work using a setup involving a SOAP adapter of type SAP BASIS 7.10.
  The symptom of the problem is that although the access control works as expected at the Business System level, any settings at the Sender Agreement level appear to have absolutely no effect whatsoever.
  I have confirmed that I have no problems if I use an adapter of type SAP BASIS 7.00. However, I really need to get this working on 7.1.
  I have looked on the SAP support portal but can not find any notes that relate to this.
  Has anyone else had a similar problem? And have you found a fix for it?
  Any suggestions would be welcome.
  Edited by: Malcolm Dingle on Jun 17, 2009 1:08 PM

  Hi Shai,
  Please have a look at the following link and see if it helps you .
  It deals with SOAP adapter installation and activation 
  Re: SOAP adapter installation and activation
  Best Regards
  Edited by: Prakash Bhatia on May 8, 2009 11:51 AM

• HTTPS Port for SOAP Adapter PI 7.1 (XI)

  Hello Colleagues,
  we plan to configure an Sender SOAP Adapter (without SOAP envelope) as HTTPS message receiver with HTTP Security Level "HTTPS with Client Authentication".
  Does anyone know if this works and which port will be used. For my understanding it must be 443.
  If not, it's possible to change the port to 443?
  Regards,
  Jochen

  Hi Prateek,
  many thanks!
  Where can i do the port change?
  Many thanks in advance!
  Regards,
  Jochen

• Custom JAAS login module configuration in Oracle application server

  I have a LDAP login module implementing javax.security.auth.spi.LoginModule. This login module works well with tomcat and weblogic, if I configure the JVM arguments -Djava.security.auth.login.config and -Djava.security.policy to point to the login.conf and access.policy files. The login.conf file has the below content
  FREEWAY_SERV
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=false;
  FREEWAY_PORT
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=true;
  The access.policy file has contains content like below:
  grant Principal com.wipro.freeway.security.RolePrincipal "UserAdministration" {
       permission com.wipro.freeway.security.URLPermission "/createOtherUser.frw";
       permission com.wipro.freeway.security.URLPermission "/createDealer.frw";
  The application uses these login modules by passing Name of the JAAS configuration (FREEWAY_SERV or FREEWAY_PORT).
  I would like to use the same login module and code in Oracle application sever 10.1.3 and I haven't got any success yet. I am not getting how to set these JVM properties and make my application identify this custom login module. I have tried configuring the custom login module via oc4j admin console and I couldn't give a name to my configuration. I also set the system properties for
  -Djava.security.auth.login.config and -Djava.security.policy with no success.
  Could anybody please help me to get this right?
  Thanks in advance.

  Hello,
  In OracleAS 10g R3 (10.1.3.x) you can register your login module in your application (and server) using Enterprise Manager, and config file. That is easier and more flexible that the parameter.
  I would invite you to take a look to the security how-to:
  - 10.1.3 How-tos, and How to integrate a custom login module
  You can also take a look to the 10.1.3 Documentation and the LDAP/Login Module integration.
  - Security guide: Login Modules

• JAAS login module configuration in Oracle application server

  I have a LDAP login module implementing javax.security.auth.spi.LoginModule. This login module works well with tomcat and weblogic, if I configure the JVM arguments -Djava.security.auth.login.config and -Djava.security.policy to pont to the login.conf and access.policy files. The login.conf file has the below content
  FREEWAY_SERV
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=false;
  FREEWAY_PORT
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=true;
  The application uses these login modules by passing Name of the JAAS configuration (FREEWAY_SERV or FREEWAY_PORT).
  I would like to use the same login modules and code in Oracle application sever 10.1.3 and I haven't got any success yet.
  Could anybody please help me to get this right?
  Thanks in advance.
  Message was edited by:
  vinayalva

  Hi,
  in OracleAs bet is to use Enterprise Manager to configure the login module. The LoginModule needs to be configured in the system-jazn-data.xml file, which is located in teh j2ee/home/config directory of the OC4J you use. Enterprise Manager does this all for you.
  In your application deployment the orion-application.xml file needs to specify that a custom LoginModule should be used. Again ENterprise Manager does it for you.
  To use the LoginModule e.d. for J2EE authentication, just make sure that the application name of the J2EE deployment matches the name of the LoginModule configuration
  If you want to use pure JAAS you may have to change the OC4J properties file in the j2ee/home/config directory. Best suggestion to give is to get the online documentation for OC4J security
  Frank

• Setting interface name dynamically from client for SOAP Adapter...

  Hi,
  does anyone have experience in setting the sender interface name in the HTTP-SOAP request dynamically? I have followed the instructions in "How To Use the XI 3.0 SOAP Adapter" on page 17 (see also SAP Note 856597) which say:
  "If you select Use Encoded Headers and Use Query String,
  [...]The sender SOAP adapter creates the XI message header according to the
  information provided in the query string. [...] In the sender SOAP adapter, you can use only some of the parameters, but the first
  parameter must always be the version. For example, you send from the Web service client to the following URL: http://<host>:<j2ee-port>/XISOAPAdapter/MessageServlet?channel=<party>:<service>:<channel>&version=3.0&Interface=http%3A
  %2F%2Fsap.com%2Ftest%5ETest
  This will overwrite the default interface and namespace of the sender channel."
  This is exactly what I need! However, what I actually get as a response following this description is a SOAP:Fault with a java.lang.StringIndexOutOfBoundsException: String index out of range: -1.
  Has anyone got this to work properly?
  Thanks in advance.

  Thank you for your input. I am using the following format for the call (with "x" standing for one letter each):
  http://xix.xxx.xx.xxx:5xx00/XISOAPAdapter/MessageServlet?channel=:xx_xxx_xxx_xxxx:xx_xxx_x_SOAP_S&version=3.0&Interface=http%3A%2F%2Fxxxxxxxx.xx%2Fxxxxxx%2Fxxxxxxxxxxxxxxxxxxxxxxxx%5Exxxxxxxxxxxxxxxxxxxxxx
  Anything wrong with that? With unchecked "Use Encoded Headers" and "Use Query String" it works fine (default interface) but as soon as I set these flags I get the SOAP-Fault response.
  We are on XI 3.0 SPS18.