Mesage-Level Signing AND Encrypting Web Services?

Similar Messages

• Using Encrypted Web Service connections within Xcelsius 2008 SP1 - FP3

  Hi all,
  I'm running the latest version of Xcelsius Server 2008 and have setup a simplistic dashboard that uses 4 web service connections to dynamically call queries within a SQL Server 2008 database. The dashboard has been exported to html and I can serve this to the WWW.
  I have since created a new https website (using a self signed certificate) and can now serve my Xcelsius dashboard via https. My problem is that I have had to run my old website in parallel (as it serves the said non-encrypted web service) which is linked within the swf source (that is running on the new https enabled website).
  Upon trying to alter my existing xlf file so that it references the encrypted web service URL (which works fine via the browser) it prompts me to accept the self signed certificate. Once I click yes, and then add the certificate to the certificate store the whole thing locks up and I am forced to close Xcelsius.
  Am I right in thinking that Xcelsius will not accept self signed certificates or encrypted web services at all? For me this is big security concern because if I want to share my dashboard via the WWW I have to accept the fact that I need to run an unsecure web service.
  Is this something that is only supported in Xcelsius Enterprise?
  TIA

  Hello Paul,
  Sorry not to have replied to this sooner.
  We have had experience of hosting Xcelsius Dashboards using Https: for one of our clients here at Flynet.
  We noticed a number of issues , we did have problems relating to the Firewall on our Gateway server for example. We also had issues with the number of active connections processed when the dashboard is running. I think the default for Https: is 2 , so the connections can be queued up. Have you retried with one connection open. The Dashboard we did however did have up to 12 connections, so Xcelsius can handle multiple connections.
  When developing the Dashboards using Xcelsius I did have to import using the Web Service URL of the remote server which was Https: However due to issues sometimes with our Gateway Firewall and the way our Local Network had to access the https: URL , what I tended to do was develop using a localhost Web service and then switch the URL to use the https: Web Service once the dashboard was exported to the server it was to be hosted on.
  What we did notice for example is that we could have a dashboard running locally quite happily using the https: web services which are actually on [http://www.flynetviewer.com]   then we would start getting #2 type flash errors. To solve this we had to restart our Windows Firewall on our gateway server. We could run the dashboard fine if run from our web site.
  I am not sure if the issues you have are related to this. I have had problems when I had to import the https: web service URL on my local machine  , I am prompted for the Username password for the Https: location , but when trying to import Xcelsius has a problem and exits. Due to these problems I tended to use a local Web service when developing. I know this isn't always practical.
  I was running on Vista 64 bit , but I also have XP and Server 2003 running on Virtual machines.  
  I will be happy to share information my experiences with you.
  Best Regards,
  Ian Learmonth
  Flynet
  Updated to add: I have just successfully imported an https: Web service. Mapped it to the dashboard , run it and invoked sucessfully. This was on Windows XP professional SP2. 
  I did the same thing on Windows Vista 64 bit and had an issue. So not sure what operating system you are using or whether it's a Certificate thing. I can try and find out a bit more on our Certificate if you need to find out what the issue is.
  The Vista issue seems to have been resolved by running Xcelsius as Administrator.
  When successfully importing I was prompted for the Username and Password for the URL but not the Certificate.
  Edited by: Ian Learmonth on Apr 23, 2009 12:18 PM
  Edited by: Ian Learmonth on Apr 23, 2009 12:30 PM

• SSO and ABAP Web Services

  I am opening this thread on behalf of my colleague Bala regarding SSO and ABAP Web Services.
  We have gone through single sign on options and found several options are available within 5.0.
  We would like to know the options available for SAP ABAP web services access from a Non-SAP system with user authorization but without Portal/ITS installation.
  Also I would like to avoid any hard coding of user id in Non-SAP system .
  Could you provide any information.
  Thanks,
  Bala

  We have gone through single sign on options and found several options are available within 5.0.
  Tell me what are the several options and what is your Non-SAP system?
  without Portal/ITS installation.
  ITS is now an integral part of ECC 5.0 system. So would not need a seperate installation, unlike earlier versions.
  AB

• Sap PI-xml Digital Signing and encryption in PI-ehp1

  Hi Experts,
  Our Business scenario is sap R/3 (sender)>rfc data to PI and to webservice(receiver) using rfc and soap adapters
  The communication channels are secured by snc/ssl.
  Now the issue is PI have to send digitally sign and encrypt xml messages to receiver and I got no clue how to do this.
  Experts please advise.
  We have to Digitally sign and encrypt xml messages in PI
  1)can we use SAML or Ssfdata xml..if so how to use them,can you send me some documents with screen shots so that i can configure the same in PI
  We used adepative tool but it does not support Dsigning
  2)Please advise the correct procedure
  3)how to develop a adapter user module and how to call it for testing purpose...please advise
  O/s:windows
  PI EHP1 7.1
  DB:oracle
  PLEASE HELP
  Thanking you
  Pooja

  Hi Experts,
  Please Advise for my above querys
  1)I tried to develop a EJB project and generate EAR file and depoly it in J2ee server and create adapter modules to call It..however I tried to use a document provided my sdn http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c0b39e65-981e-2b10-1c9c-fc3f8e6747fa?quicklink=index&overridelayout=true................however I am unable to see the options provided ,unable to create EAR project and unable to see deploy option,please can you share a correct document irrespective of nwds SP level
  2)Apart from giving JNDI name in module tab,what else should be mentioned for a small test message request/response
  3)How to call the adapter for testing purpose apart from monitoring audit logs
  Please Advise Experts
  Thanking you
  Pooja

• Simple question involving data signing and encryption

  What is exactly mean by signing and encrypting data?
  And how would it apply to the case of a web browser..where I have to sign and encrypt data to and from a web browser? In this case it is an output and input stream.
  Does every byte have to be signed or just the starting bytes? Singing every byte would make the process slow and inefficient

  I know if you you sign and encrypt the data to the
  web browser, it will obviously not be recognized but
  this is my scenario:Your ASCII art didn't come across at all, I'm afraid - I'm not sure what you were going for, but I can't seem to recreate it. I think I can follow the explanation, though.
  P is the program i am developing. It is supposed to
  encrypt and sign data to and from the web browser.
  P1 get the web browser request, encrypts the data
  a and is supposed to sign the data...send it
  to P2 which decrypts and verifies the signing which
  then forwards it to the proxy or the server as seen.
  Vice versa from the server response.So you're working on a web-proxy that encrypts it's transmissions, and you want to add signature verification as well.
  My question still remains...how do you sign a stream?I answered your question, actually. You don't sign "streams" - you sign "messages". In your case, you sign the entire transmission, and then you transmit it.
  Right now I am using RSA keys to send a symmetric key
  across safely for the decryption etc I have the
  encryption/decryption process covered and the browser
  works..but i didn't do signing of any sort...how to
  implement this..for every byte? Is signing necessary?Given your requirements, I have to ask - why are you re-creating SSL? If you have P1 and P2 talk SSL to each other, you get everything you've described here, including signing. I don't understand why you feel the need to recreate an existing protocol.
  Grant

• ANN: Contest open, new tutorial and new Web services software

  The OTN Web Services Challenge is now open and accepting entries. Read the details, rules and requirements at:
  http://otn.oracle.com/tech/webservices/htdocs/challenge/content.html
  You could win a Dell Notebook worth USD$5,000 :-) First 500 real entries (that is one with source code and works) will get an Oracle Press book (my understanding is that it is one on Oracle9iAS).
  There are also a number of new things also available on the OTN Web Services Center:
  - A new Oracle9i Reports tutorial at:
  http://otn.oracle.com/tech/webservices/htdocs/series/reports/content.html
  - The Oracle9iAS Containers for J2EE Developer Preview (9.0.3) now supports document style Web Services and asynchronous Web services. Read all the content off the main page in the center:
  http://otn.oracle.com/tech/webservices/
  - A new paper talking about the Java XML Pack from Sun which Oracle is iterating its Oracle9iAS implementation towards:
  http://otn.oracle.com/tech/webservices/htdocs/standards/jax.html
  Mike.

  Currently the patch is only available on MetaLink (metalink.oracle.com) which requires a support account with Oracle. The patch number is 2367149 - see this post for instructions of how to get it from MetaLink:
  Re: Database or Client Level?
  Mike.

• Front End internal and external web services

  Hi all,
  Can someone explain the purpose of internal and external web services URL in front end server. what does it do and what is it used for? and why the external traffic goes directly to it and not through reverse proxy?
  Thanks,

  They're for multiple purposes.  Address books, autodiscovery, meeting urls, mobile clients, etc.  There are two because they respond slightly differently based on whether the client is internal or external.  External traffic should always reach
  it through a reverse proxy, that reverse proxy should proxy traffic received on port 443 to port 4443 on your front end pool.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Standard Web Service and Customized Web Services with or without PI?

  Hi All,
  I want to know how I can use Standard Web Service available in SAP  and customized Web Services
  without PI Interface?
  And what is the best practice to expose services ,via PI Interface or directly?
  Thanks in advance!!
  Pushkar

  This is purely based on your requirement. If you use PI middleware to expose web services, you get standard functionalities such as certificate authentication, logging, message reprocessing for the failed messages etc.  If your requirement is so simple, then you might not need PI. In this case you can develop simple webdynpro for abap program to create webservice and expose the webservice in ECC webservice runtime. You can let anyone to consume within your network. other ways like exposing BAPI/RFC as webservice.  I would recommend going with PI.

• Signing and Encryption Error PI 7.0

  Hi All,
  The scenario is
  1) Two XI boxes are connecting with each other using XI adapter. Earlier there was signing and encryption  certificate used
  for data transfer and was working successfully.
  2) From last 2-3 weeks source XI system is getting error in Call adatper as mentioned below. Then we tried to remove signing and encryption certificate so we disable both end the security check.  And tried to send normal message but then also we are getting following error in Call adapter in SXI_MONITOR
  Signature error Error while valdiating the digital signature. Theerror was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the
  Error during message security handling in inbound channel: Security profile 'Check Signature and Decrypt Message'
  3) The SM59 connection is working fine. We have tried cache refresh. But still issue is not resolved.
  Please guide

  Hi Abhay
  Probably the issue is with the public keys which are stored in both the XI boxes , as both the keys will be same .
  Also check digital signatures which are maintained .
  Regards
  Ninad

• Issue while Signing and Encrypting the PDF Document.

  Hello,
  I am developing one component in VC++(MFC) which signs and encrypts the pdf documents.
  When i sign and encrypt pdf document using my component, I am getting following error while opening the document in Adobe Acrobat
  Error during signature verification
  Unexpected byte range values defining scope of signed data.
  Details: The signature byte range is invalid
  But if i open that document in binary mode and calculate the byte range its looking correct.
  The Process for signing and encrypting the PDF document is as follows :
  1)Prepare the PDF document for signing (Add Annotation objects,n0,n2
  layers,create blank signature field,new xref section etc.)
  2)Encrypt the whole document(Password based encryption).
  3)Put the ByteRange values.
  4)Write the signature in blank signature field.
  If i just perform encryption(128 bit RC4 Algorithm) on the pdf document its working fine.Only after adding the signature objects i am getting above error.I think it means something is wrong in signature related objects,but i am not able to recognize the exact problem.
  So what can be the issue?
  Please Help
  Thanks in Advance
  Priyanka

  I am sending the Sample Files
  blank.pdf file is a original file
  http://www.2shared.com/file/4677649/3f341d92/blank.html
  step 1: I am adding Signing object(without data in Contents<> key) in
  blank.pdf file.
  Output File is Prepared-blank.pdf
  http://www.2shared.com/file/4677648/48332d04/Prepared-blank.html
  step 2: Sending Prepared-blank.pdf file for encryption.
  Output File is SignednEncrypted-blank.pdf which is Encrypted and Signed.
  http://www.2shared.com/file/4677647/d88c3095/SignednEncrypted-blank.html
  Password for opening SignednEncrypted-blank.pdf is : "a".
  Please help.
  Thanks.

• EBS11i to provide Web services and receive Web services

  Our corporate direction is to have all major systems internal has to communicate to each other using web services. No more using pl/sql, dblink, FTP to communicate.
  we are using EBS 11i.
  1) Is that possible to have our EBS 11i able to receive web service call and make web service call to other systems?
  2) Will 'Oracle AS Adapter for Oracle Applications' is the solution for this? is this adapter install at EBS box to receive web service call and make web service call to other systems?

  Hi,
  WebDynPro Java/ABAP are primarily User Interface technologies. Webservices are faceless (without UI ) components that provide certain functionality. Using UI technologies like WebDynPro Java/ABAP etc, we can build a face( UI ) to the webservices.
  DnyPro itself means a screen & WebDynPro is for building web based applciations.
  Hope this resolves your question.
  Well, if you still want to use it as provider & if you have an existing web-service, the way to do it is, Right click on your WebDynPro ABAP component & select CREATE->Service Call. Build a Custom Controller or use the Component Controller to get the service using service type = Webservice proxy for your webservice. You can use this Component as a Used component in any other webdynpro components & use this to access webservices.
  Thanks,
  Phani
  Edited by: Phani Rajesh Mullapudi on Oct 8, 2009 10:41 PM

• Lync control panel and internal web Services

  Hi,
  In our Lync 2013 deployment for web services we have set override  FQDN for internal Web Services asialyncpool.corp.contoso.com and External web services as web.contoso.com. The Control Panel URL has been set to https://admin.contoso.com
  When i launch Control panel, in the IE https://admin.contoso.com the control panel opens and but the url get changed to internal web services ie sialyncpool.corp.contoso.com. When i enter https://admin.contoso.com/cscp in the IE it ask for logon
  credentials and doen't accept the credentials at all, how many times i may try.

  Thanks for the response.
  https://admin.contoso.com,
  it will redirect to the URL of: https://asialyncpool.corp.contoso.com/cscp -
  This is exactly what is happening.
  When i use - https://asialyncpool.corp.contoso.com/cscp,
  it doesn't accept the credentials, it keep asking for right credentials, when i use Lync control panel, it does accept the credentials.

• Can't digitally sign and encrypt email any longer.

  I used to sign and encrypt my emails digitally and then send them to people. I had two email certificates from Comodo, and it's been a while they're expired. so I renewed my certificates and deleted the old ones from my keychain, then downloaded and added the new ones. The trouble is I no longer get the digitally sign the message and encrypt the message button when I compose a new email. What could be the problem? how can I fix this?

  I am now having the same problem.  Have you seen a resolution yet?

• How to Create and Deploy Web Services Using Oracle 9i JDeveloper

  Hi,
  My Question is how to create and deploy Web Services using Oracle 9i JDeveloper.Anybody please give me a detailed Reply.Please Reply to [email protected]
  Hopr to Hear From you,
  Regards,
  G Sreekumar

  You could use datasources. You should do this in your BC4J Configuration. Then when deploying your applicaiton use the command -installDataSource (from admin.jar) to create the right datasource.
  You could probably use the name of your connection + "DS" so you can also use it locally in JDeveloper as JDev seesm to create this automaticly for your Connections.

• Signed and encrypted message

  I am working on a applicaion that can load a message from a third party software.
  The message is signed and encrypted and will be sent via https.
  My application is running on the Tomcat 5.0.24
  And I have certificate from the third party software
  However, I don't know **how** to use the certificate to decrypted the message.
  For example, do I need to write Java code to decrypted the message or does Tomcat take care of the decryption?
  If I need to write the code to decrypted the message, what API I should use?
  If Tomcat cares of the decryption, how does it work? Do I need to modify the configuration file and how?
  Thanks.

  Jenny_Run wrote:
  However, I don't know **how** to use the certificate to decrypted the message.You don't use a certificate to decrypt since certificates are public so anyone could decrypt.
  As for the rest, the devil is in the detail and you don't give any.