Problem consuming web service with basic authentication

Similar Messages

• Calling web service with basic authentication from EP "unauthorized"

  Hello,
  I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
  <b>com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
  Problem in server response: [Unauthorized].</b>
  I'm using the following code for calling the .NET web service:
  <b>...</b><i>Licence_GetList lParameter = new Licence_GetList();
  lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
  ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
  ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
  Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);</i><b>...</b>
  I've also configured a http system in the portal system landscape using the following parameters:
  <i>Authentication Method : Basic Authentication
  Authentication Type : Server
  User Mapping Type : admin,user</i>
  The user mapping is also personalized for this system!
  What's wrong? Please help! This is really urgent!
  Kind Regards
  Joerg Loechner

  Hello Renjith,
  here is a small cutout of my "portapp.xml";
  <services>
    <service alias="LicenceManager" name="LicenceManager">
      <service-config>
        <property name="className" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager"/>
        <property name="startup" value="false"/>
        <property name="WebEnable" value="false"/>
        <property name="WebProxy" value="true"/>
        <property name="SecurityZone" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager/
                 DefaultSecurity"/>
      </service-config>
      <service-profile>
        <property name="SystemAlias" value="LicMan_NET"/
      </service-profile>
    </service>
  </services>
  I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
  Regards
  Joerg Loechner

• Biztalk 2010 - Consume Web Service with Certificate

  Hi
  I have to consume a java web service with Biztalk that requires authentication via a client certificate. Until now I have not been able to consume any web service where any kind of authentication was needed. Simple web services without authentication are
  no problem. Also using SoapUI works perfectly fine.
  I am generating the XSDs and the port binding with the WCF wizard in VS2010. I've read several comments that it's not possible to consume web services with the WCF-WSHttp adapter when the message format should be SOAP 1.1. Therefore I'm trying with the WCF-BasicHttp
  and WCF-Custom adapters, but I did not suceed in receiving a positive response yet.
  The web service I want to consume uses a client certificate (with a private key) and two root certificates. When I use the BasicHttp adapter I choose either 'Transport' or 'TransportWithMessageCredential' but none of them work. I also have to supply a client
  and a service certificate. I always use the one with the private key for the client but I'm not sure which one I have to use for the service. Is there a possibility that I have to provide both root certificates and if so, how can I achieve this?
  Hope the question makes sense somehow... thanks for any input.
  Error message that I receive currently is that the server needs a client certificate. However I attached it in the send port properties under the tab "Security" => mode "TransportWithMessageCredential".

  Adapter: WCF-Custom
  Binding: customBinding
  Cannot send pictures (yet).
  <configuration>
  <enterpriseLibrary.ConfigurationSource selectedSource="ESB File Configuration Source" />
  <system.serviceModel>
  <client>
  <endpoint address="...." behaviorConfiguration="EndpointBehavior" binding="customBinding" bindingConfiguration="ReceiptBinding" contract="BizTalk" name="WebServicePort" />
  </client>
  <behaviors>
  <endpointBehaviors>
  <behavior name="EndpointBehavior">
  <clientCredentials>
  <clientCertificate findValue="..." x509FindType="FindByThumbprint" />
  <serviceCertificate>
  <defaultCertificate findValue="..." storeLocation="LocalMachine" storeName="AuthRoot" x509FindType="FindByThumbprint" />
  </serviceCertificate>
  </clientCredentials>
  </behavior>
  </endpointBehaviors>
  <serviceBehaviors>
  <behavior name="ServiceBehavior" />
  </serviceBehaviors>
  </behaviors>
  <bindings>
  <customBinding>
  <clear />
  <binding name="ReceiptBinding">
  <textMessageEncoding messageVersion="Soap11" />
  <security authenticationMode="MutualCertificate" />
  <httpsTransport proxyAuthenticationScheme="Basic" requireClientCertificate="true" />
  </binding>
  </customBinding>
  </bindings>
  </system.serviceModel>
  </configuration>

• UCM 11g web services with HTTP authentication

  Is it possible to setup UCM 11g web services with HTTP authentication?
  I did setup UCM 11g web services using OWSM policies and are working well.
  But my development team wants to consume web services with only HTTP authentication (simple user name and password), do not want to use Keystore files and encryption.
  Please help me guys.
  Thank you in advance

  Hi ,
  If you are looking to use the WSDL to execute ucm services then use SoapUI IDE on development , there it requires only the http authentication method .
  Let me know if this is the actual requirement which you were looking for or if I have missed the point .
  I use this to quickly test WSDL and verify if the service being invoked is actually correct or not .
  Thanks,
  Srinath
  Edited by: Srinath Menon on Apr 26, 2013 11:32 AM

• Problem when consuming web service on WIndows authentication applcation

  Hi,
  I am having a tough time in consuming web services on a
  Windows authentication IIS server.
  In one of my application I have created web services and
  consuming those web services from my another application.
  If I turned off the Windows authentication everything works
  fine, but If I turned on the Windows authentication web services
  stop working.
  Has anyone encountered such error while working with web
  services on Windows authentication server.
  Attach Code
  Could not perform web service invocation "funGetCustomer".
  Here is the fault returned when invoking the web service
  operation:
  AxisFault
  faultCode: {
  http://xml.apache.org/axis/}HTTP
  faultSubcode:
  faultString: (401)Unauthorized
  faultActor:
  faultNode:
  faultDetail:
  {}:return code: 401
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "
  http://www.w3.org/TR/html4/strict.dtd">
  <HTML><HEAD><TITLE>You are not authorized
  to view this page</TITLE>
  <META HTTP-EQUIV="Content-Type" Content="text/html;
  charset=Windows-1252">
  <STYLE type="text/css">
  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt verdana }
  A:link { color: red }
  A:visited { color: maroon }
  </STYLE>
  </HEAD><BODY><TABLE width=500 border=0
  cellspacing=10><TR><TD>
  <h1>You are not authorized to view this page</h1>
  You do not have permission to view this directory or page
  using the credentials that you supplied because your Web browser is
  sending a WWW-Authenticate header fi...

  You could try switching the HTTP transport provided in the
  Apache Axis embedded in ColdFusion to "CommonsHTTPSender".
  See this blog post:
  http://tjordahl.blogspot.com/2007/03/apache-axis-and-commons-httpclient.html

• How to consume Web Service with Password digest from PLSQL

  We have Oracle 10g (10.2.0.3.0) 64 bit. We have a situation where we need to consume web service whose security header looks like as follow,
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-50">
  <wsse:Username>weblogic</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">d2enK45chjBPVvvukbYU6OX56kI=</wsse:Password>
  <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">YAhEtLJfp4lzycLd3hZYjQ==</wsse:Nonce>
  <wsu:Created>2013-01-22T06:28:38.897Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  Here we need passowrd digest, Nonce and Timestamp.
  How to create password digest from PLSQL? or if any other alternatives available please response soon.

  I do not see why it will not be possible to do digest authentication with a web server using PL/SQL.
  As for the digest password - the web server supplies a token (a nonce) which you need to use for creating the hashed authentication token (the digest password). The URL I posted explains this authentication process.
  As for the technical how-to in PL/SQL - as I mentioned, never had to do this (only dealt with Basic and NTLM authentication thus far). But as other auth methods (such as Microsoft's NTLM) can be implemented, I do not see why digest authentication could not.
  Suggest you spend some time googling for technical articles/sample code on the subject - and try to find specific PL/SQL related sample code too.

• Problem consuming web service created by ABAP via standalone java client

  I'm trying to consume web service created by ABAP in R3 system via standalone java client. I should be getting a string reply after consumed the web service (ZSMS_INBOUND), but so far i received null. I cant find any exception or log to trace the problem. Any help would be appreciated. Is there anything wrong with my client calling the web service?
  public void myMethod{
            // TODO : Implement
            try{
                 Stub stub = (Stub)new ZSMS_INBOUNDServiceImpl().getLogicalPort();
                 stub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY,"http://mytest:8080/sap/bc/srt/rfc/sap/ZSMS_INBOUND?sap-               client=100&wsdl=1.1&mode=sap_wsdl");
                 inboundService = (ZSMS_INBOUND) stub;
                 BAPIRET2 str = inboundService.ZSMS_INBOUND(date, message, modemId, smsId, tel, time);
                 ackDeliveryArray<i> = str.toString();
            }catch (Exception e) {
                 e.printStackTrace();
  Generated following SAP help standalone proxy creation steps.
  ***files fr SEIs
  ZSMS_INBOUND.java   (interface)
  ZSMS_INBOUNDService.java  (interface)
  ZSMS_INBOUNDServiceImpl.java
  ZSMS_INBOUNDSoapBindingStub.java
  ***files fr Proxy classes
  ZSMS_INBOUND.java
  ZSMS_INBOUNDResponse.java
  BAPIRET2.java
  .... many more files
  the wsdl is as below (generated by ABAP):
  <?xml version="1.0" encoding="utf-8" ?>
  - <wsdl:definitions targetNamespace="urn:sap-com:document:sap:rfc:functions" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:n0="http://www.sap.com/webas/630/soap/features/authentication/" xmlns:sap="http://www.sap.com/webas/630/wsdl/features" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="urn:sap-com:document:sap:rfc:functions" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  - <wsdl:types>
  - <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="urn:sap-com:document:sap:rfc:functions" targetNamespace="urn:sap-com:document:sap:rfc:functions" elementFormDefault="unqualified" attributeFormDefault="qualified">
  - <xsd:simpleType name="char1">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="1" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char10">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="10" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char17">
  + <xsd:restriction base="xsd:string">
    <xsd:maxLength value="17" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char170">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="170" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char20">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="20" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char220">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="220" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char30">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="30" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char32">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="32" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char50">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="50" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="date">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="10" />
    <xsd:pattern value="\d\d\d\d-\d\d-\d\d" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="numeric3">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="3" />
    <xsd:pattern value="\d*" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="numeric6">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="6" />
    <xsd:pattern value="\d*" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="time">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="8" />
    <xsd:pattern value="\d\d:\d\d:\d\d" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:complexType name="BAPIRET2">
  - <xsd:sequence>
    <xsd:element name="TYPE" type="tns:char1" />
    <xsd:element name="ID" type="tns:char20" />
    <xsd:element name="NUMBER" type="tns:numeric3" />
    <xsd:element name="MESSAGE" type="tns:char220" />
    <xsd:element name="LOG_NO" type="tns:char20" />
    <xsd:element name="LOG_MSG_NO" type="tns:numeric6" />
    <xsd:element name="MESSAGE_V1" type="tns:char50" />
    <xsd:element name="MESSAGE_V2" type="tns:char50" />
    <xsd:element name="MESSAGE_V3" type="tns:char50" />
    <xsd:element name="MESSAGE_V4" type="tns:char50" />
    <xsd:element name="PARAMETER" type="tns:char32" />
    <xsd:element name="ROW" type="xsd:int" />
    <xsd:element name="FIELD" type="tns:char30" />
    <xsd:element name="SYSTEM" type="tns:char10" />
    </xsd:sequence>
    </xsd:complexType>
  - <xsd:element name="ZSMS_INBOUND">
  - <xsd:complexType>
  - <xsd:sequence>
    <xsd:element name="DATE" type="tns:date" />
    <xsd:element name="MESSAGE" type="tns:char170" />
    <xsd:element name="MODEMID" type="tns:char10" />
    <xsd:element name="SMSID" type="tns:char17" />
    <xsd:element name="TEL" type="tns:char20" />
    <xsd:element name="TIME" type="tns:time" />
    </xsd:sequence>
    </xsd:complexType>
    </xsd:element>
  - <xsd:element name="ZSMS_INBOUNDResponse">
  - <xsd:complexType>
  - <xsd:sequence>
    <xsd:element name="RETURN" type="tns:BAPIRET2" />
    </xsd:sequence>
    </xsd:complexType>
    </xsd:element>
    </xsd:schema>
    </wsdl:types>
  - <wsdl:message name="ZSMS_INBOUND">
    <wsdl:part name="parameters" element="tns:ZSMS_INBOUND" />
    </wsdl:message>
  - <wsdl:message name="ZSMS_INBOUNDResponse">
    <wsdl:part name="parameters" element="tns:ZSMS_INBOUNDResponse" />
    </wsdl:message>
  - <sap:Feature name="design_0" uri="http://www.sap.com/webas/630/soap/features/authentication/">
  - <sap:Property qname="n0:AuthenticationLevel">
    <sap:Option value="n0:None" />
    </sap:Property>
    </sap:Feature>
  - <wsdl:portType name="ZSMS_INBOUND">
    <sap:useFeature feature="tns:design_0" />
  - <wsdl:operation name="ZSMS_INBOUND">
    <wsdl:input message="tns:ZSMS_INBOUND" />
    <wsdl:output message="tns:ZSMS_INBOUNDResponse" />
    </wsdl:operation>
    </wsdl:portType>
  - <wsdl:binding name="ZSMS_INBOUNDSoapBinding" type="tns:ZSMS_INBOUND">
    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
  - <wsdl:operation name="ZSMS_INBOUND">
    <soap:operation soapAction="" />
  - <wsdl:input>
    <soap:body use="literal" />
    </wsdl:input>
  - <wsdl:output>
    <soap:body use="literal" />
    </wsdl:output>
    </wsdl:operation>
    </wsdl:binding>
  - <wsdl:service name="ZSMS_INBOUNDService">
  - <wsdl:port name="ZSMS_INBOUNDSoapBinding" binding="tns:ZSMS_INBOUNDSoapBinding">
    <soap:address location="http://mytest:8080/sap/bc/srt/rfc/sap/ZSMS_INBOUND?sap-client=100" />
    </wsdl:port>
    </wsdl:service>
    </wsdl:definitions>

  I'm now able to consume the web service, but with the error as below:
  Warning ! Protocol Implementation [com.sap.engine.services.webservices.jaxrpc.wsdl2java.features.builtin.MessageIdProtocol] could not be loaded (NoClassDefFoundError) !
  Error Message is :com/sap/guid/GUIDGeneratorFactory
  BAPIRET2 mappingInfo:
    TYPE   TYPE   false   false   11
    ID   ID   false   false   11
    NUMBER   NUMBER   false   false   11
    MESSAGE   MESSAGE   false   false   11
    LOG_NO   LOG_NO   false   false   11
    LOG_MSG_NO   LOG_MSG_NO   false   false   11
    MESSAGE_V1   MESSAGE_V1   false   false   11
    MESSAGE_V2   MESSAGE_V2   false   false   11
    MESSAGE_V3   MESSAGE_V3   false   false   11
    MESSAGE_V4   MESSAGE_V4   false   false   11
    PARAMETER   PARAMETER   false   false   11
    ROW   ROW   false   false   11
    FIELD   FIELD   false   false   11
    SYSTEM   SYSTEM   false   false   11
  My java code is :
  public class MyTest {
       public static void main(String[] args){
            try{
                           Stub stub = (Stub)new ZSMS_INBOUNDServiceImpl().getLogicalPort();
                           stub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY,"http://mytest:8080/sap/bc/srt/rfc/sap/ZSMS_INBOUND?sap-client=100");
                           ZSMS_INBOUND inboundService = (ZSMS_INBOUND) stub;
                           BAPIRET2 str = inboundService.ZSMS_INBOUND(param1,param2,param3,param4,param5,param6);
                           System.out.println(str.toString());
                           }catch (Exception e) {
                                e.printStackTrace();

• Consume Web Service with SSL

  Hi expert!!!
  I have a problem!!
  I need consume a web service with ssl autentification in PI to call from SAP.
  That web services is of AFIP (Argentina ).
  i don`t know how do that!!
  How and where configure the certificate for signature??
  Thxz in advance!!!
  Sorry my bad english..

  thxz for all!!!!1
  I will be to resume my problem
  i need sign xml file with a certificate!!1
  i have xml file build in ABAP,  i try do with openssl in windows or unix to sign with private key file and certificate file .Crt
  that generate a new file with sign, i put this in other web service and work....
  i need do that in abap or pi..... i abap i could create xml file, but i can`t execute open ssl.....
  thxz for u help!!!

• Consuming web services with a java application

  Hello,
  I want to consume an ABAP generated web service with a stand-alone Java application. I am very new to this topic and need some hints how this functionality could be achieved.
  How is the web service accessed by the Java application? What about security issues?
  Thank you in advance for your replies! They will be appreciated.
  Kindest regards

  Hi
  See this Help and Examples
  http://help.sap.com/saphelp_nw2004s/helpdata/en/e2/36a53dc1204c64e10000000a114084/frameset.htm
  Kind Regards
  Mukesh

• Consuming Web Services with ABAP - WSDL

  Hi All,
  I Want to consume web service in abap, i found lot of documents,Here i am having data in the internal table i need to pass
  it to wsdl file, The Web Service or Proxy generates a WSDL file. So this WSDL file can be consumed on ABAP Front and Encrypt the Data that is to be sent to the Banks.
  I found the input and output, Where i can find the method generated or we need to create it
  CALL METHOD io_clientproxy->XXXXXXXXXXXX
  please let me have your valuable ideas
  Thanks in advance,
  Arun.

  Hi Miguel,
  I have not heared about SPROXY, Here i found some code,which calls a web service method and where it is from.
  when i double click on my proxy it shows me some method.IF_PROXY_BASIS_INTERNAL~CREATE_FRAMEWORK
  this is the one web service method. and i meed to pass the internal table data to WSDL file.
  *-- create web service proxy class instance
  TRY.
      CREATE OBJECT io_clientproxy
        EXPORTING
          logical_port_name = 'LP4'.
    CATCH cx_ai_system_fault.
  ENDTRY.
  *-- call web service methods
  TRY.
      CALL METHOD io_clientproxy->get_airport_information_by_is
        EXPORTING
          input  = input
        IMPORTING
          output = output.
    CATCH cx_ai_system_fault.
    CATCH cx_ai_application_fault.
  ENDTRY.
  *-- text processing
  output_string = output-get_airport_information_by_is.
  REPLACE ALL OCCURRENCES OF
      '<' IN output_string WITH '<' .
  REPLACE ALL OCCURRENCES OF
  '>' IN output_string WITH '>' .
  REPLACE ALL OCCURRENCES OF
  'xmlns=' IN output_string WITH 'xmlns:xsl=' .
  *-- parsing
  TRY .
      CALL TRANSFORMATION ('Y_AIRPORT_XML2ABAP')
              SOURCE XML output_string
              RESULT     outtab = outtab.
    CATCH cx_xslt_exception INTO xslt_err.
      DATA: s TYPE string.
      s = xslt_err->get_text( ).
      WRITE: ': ', s.
      STOP.
  ENDTRY .
  Regards,
  Arun.

• Consuming web services with Attachments

  Hello,
  I need to consume a web service with attachements (mime type) from sap was j2ee 7.0 (nw2004s).
  When I try to generate the web service deployable proxy using nwds (version 7.0.06), I get the following error message
  "Invalid WSDL or WSDL not found, please specify different WSDL.."
  Removing references to"wsi:swaRef" from wsdl, above error is not displayd and wsdl is correctly processed
  <complexType name="ArrayOf_tns2_swaRef">
  - <sequence>
    <element maxOccurs="unbounded" minOccurs="0" name="swaRef" nillable="true" type="wsi:swaRef" />
    </sequence>
    </complexType>
  Unfortunately, we have not been able to find any SAP documentation (online help, oss note,,,) describing if SAP WAS Java 7.0 supports this standard.
  Has anybody already worked with Web Services with attachments ?
  Thanks in advace,
  Regards
  Berta

  hi berta,
  http://help.sap.com/saphelp_nw04/helpdata/en/5e/ea656273b74cf386a1f29fc55721fd/frameset.htm
  HTTP error 406 when consuming a Web Service with attachment
  let me know u need any further info
  bvr

• OSB : Restful proxy service with basic authentication

  Hi,
  We want to expose a restful webservice from OSB with Basic authentication (username and password). Let us know what is the procedure for the same.
  THanks,

  Hi Vinoth,
  The users/groups are picked up from the LDAP configured in Security Realms->myRealm->Providers
  You basically have 2 options:
  - You can configure your LDAP in Providers
  - Use the DefaultAuthenticator that weblogic provides you by default.
  If you do not want to configure an LDAP, and want to use weblogic's default, then all you have to do is add users and groups in Security Realms->myRealm->Users and Groups
  Do mark this as useful or answered, if this has helped.

• Consuming  a Web Service with PasswordDigest Authentication in ABAP

  Hello,
  I need to consume a web service in ABAP from a non-SAP application. The web service uses wsse:UsernameToken with PasswordDigest in the SOAP Header for authentication. However, I havent seen any documentation for using Password Digest in ABAP.
  Is it possible to use Password Digest in ABAP?
  Thanks
  Ajay

  Hi Marc,
  Here is the ABAP Code to build the SOAP header.
  FUNCTION Z_GET_SOAP_REQUEST_HEADER.
  *"*"Local Interface:
  *"  EXPORTING
  *"     VALUE(ER_SECURITY_ELEMENT) TYPE REF TO  IF_IXML_ELEMENT
  *date and time data
    data: lv_sys_date like sy-datum,
          lv_sys_time like sy-uzeit,
          lv_year(4) type c,
          lv_month(2) type c,
          lv_date(2) type c,
          lv_hour(2) type c,
          lv_min(2) type c,
          lv_sec(2) type c.
    data : lv_created type string,
          lv_snonce type string,
          lv_b64nonce type string,
          lv_webservice_password type string,
          lv_webservice_userid type string,
          lv_spassword type string,
          lv_xpassword type xstring,
          lv_hpassword type hash160x,
          lv_b64password(255) type c,
          lv_xpasslen type i,
          lv_hpasslen type i.
  *xml declartions
    data : lv_sheader type string,
          lv_xheader type xstring,
          xml_document TYPE REF TO if_ixml_document,
          xml_root TYPE REF TO if_ixml_element,
          xml_element TYPE REF TO if_ixml_element,
          xml_node TYPE REF TO if_ixml_node.
  *get the c-link password.
  CALL METHOD ZCL_CDB_SYNC_CFG_READER=>GET_USERID_PASSWORD
    IMPORTING
      EV_USER_ID  = lv_webservice_userid
      EV_PASSWORD = lv_webservice_password
  *Evaluate created date time
    lv_sys_date = sy-datum.
    lv_sys_time = sy-uzeit.
    lv_year = lv_sys_date(4).
    lv_month = lv_sys_date+4(2).
    lv_date = lv_sys_date+6(2).
    lv_hour = lv_sys_time(2).
    lv_min = lv_sys_time+2(2).
    lv_sec = lv_sys_time+4(2).
    CONCATENATE lv_year '-' lv_month '-' lv_date 'T' lv_hour ':' lv_min ':' lv_sec '.000Z' into lv_created.
  *Create and encode the nonce
    CALL FUNCTION 'GENERAL_GET_RANDOM_STRING'
      EXPORTING
        NUMBER_CHARS  = 24
      IMPORTING
        RANDOM_STRING = lv_snonce.
    CALL METHOD cl_http_utility=>ENCODE_BASE64
      EXPORTING
        UNENCODED = lv_snonce
      RECEIVING
        ENCODED   = lv_b64nonce.
  *create the password to be sent to web service
    CONCATENATE lv_snonce lv_created lv_webservice_password into lv_spassword.
  *encode password to xstring
    CALL FUNCTION 'SCMS_STRING_TO_XSTRING'
      EXPORTING
        TEXT   = lv_spassword
      IMPORTING
        BUFFER = lv_xpassword.
    lv_xpasslen = xstrlen( lv_xpassword ).
    CALL FUNCTION 'CALCULATE_HASH_FOR_RAW'
      EXPORTING
        ALG      = 'SHA1'
        DATA     = lv_xpassword
        LENGTH   = lv_xpasslen
      IMPORTING
        HASHX    = lv_hpassword
        HASHXLEN = lv_hpasslen.
    CALL FUNCTION 'SCMS_BASE64_ENCODE'
      EXPORTING
        INPUT            = lv_hpassword
        INPUT_LENGTH     = lv_hpasslen
      IMPORTING
        OUTPUT           = lv_b64password
      EXCEPTIONS
        OUTPUT_TOO_SMALL = 1
        OTHERS           = 2.
    IF SY-SUBRC <> 0.
  * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
  * build the header
    CONCATENATE
  '<soap-env:Header xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">'
  '<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">'
  '<wsse:UsernameToken wsu:Id="########" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'
  '<wsse:Username>'
  lv_webservice_userid
  '</wsse:Username>'
  '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'
  lv_b64password
  '</wsse:Password>'
  '<wsse:Nonce>'
  lv_b64nonce
  '</wsse:Nonce>'
  '<wsu:Created>'
  lv_created
  '</wsu:Created>'
  '</wsse:UsernameToken>'
  '</wsse:Security>'
  '</soap-env:Header>'
  INTO lv_sheader.
  *Build the xml header element
    lv_xheader = cl_proxy_service=>cstring2xstring( lv_sheader ).
    TRY.
        CALL FUNCTION 'SDIXML_XML_TO_DOM'
          EXPORTING
            xml           = lv_xheader
          IMPORTING
            document      = xml_document
          EXCEPTIONS
            invalid_input = 1
            OTHERS        = 2.
        IF sy-subrc = 0 AND NOT xml_document IS INITIAL.
          xml_root = xml_document->get_root_element( ).
          er_security_element ?= xml_root->get_first_child( ).
          gr_soap_security_header = er_security_element.
        ENDIF.
      CATCH cx_ai_system_fault .
    ENDTRY.
  ENDFUNCTION.

• From CC&B, consume web service with Integrated Windows Authentication

  Most of the web services to be consumed from CC&B are exposed by external applications under Integrated Windows Authenticaton. Our CC&B 2.3 is running on Bea Weblogic on AIX 6.1.
  We need to find out, how CC&B can obtain a ticket (kerberos) in this context. Already checked documentation : XAI Best Practices, OUAF Framework Security Overview.Thanks.

  For the system to function properly you would need to configure both your Web Server and your Application (CC&B) Server. Since the authentication is done by your webLogic, you would first need to configure your Windows AD to recognise the WebLogic Server to accept the communication and transfer of tokens (TGS, TGT) betwen user,weblogic and AD.
  Kerberos authentication in a Microsoft AD enviroronment is dependant on a SPN (Service Principal Name). Therefore your Weglogic host must have a user account and enabled for Kerberos within your AD.
  The following link provides detailed steps for SSO for Weblogic (Windows & Unix) with AD
  [http://download-llnw.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/sso.html]
  Secondly, since the authroization is done by your application server, you will need to import the user accounts using LDAP and configure their rghts.

• Problem consuming Web Service from ECC 6.0 using dual certificates

  Hi, I am trying to consume a secure web service on ECC 6.0 - so far without much luck.
  When I try to connect to the ws server, it seems there are three certificates in action: a CICS certificate for establishing the SSL connection, a 'root' certificate from the PKI certificate issuer, and a private certificate issued by the above issuer (please forgive me if a have the syntax wrong - certificates are not my primary line of work). So, using Trust Manager (STRUST), I have created a PSE named 'OES' and imported all three certificates into it.
  In SOAMANAGER I have set up the end-point using the WSDL-file and set the following parameters:
  - Authentication Method = X.509 Client Certificate
  - Trustworthiness Method = Holder of Key
  - Issuer = <issuer from the root certificate>
  - Name of Attester = <blank>
  - Validity of SAML Assertion = 180
  - Caching of SAML Assertions = False
  - Attester System Destination = <blank>
  - Name of Attester = <blank>
  - User = SRxxxWS
  - Password = <blank>
  - Client PSE = OES
  When I try to consume the web service, I can see in the log files that the CICS certificat is used for establishing the SSL connection but all I receive back is an HTTP 403 "Client Authentication Error". If I remove the CICS certificate from the PSE, the connection is not made.
  How do I make the client certificate available for the connection? Have I approached the problem from the wrong side? Has anybody experienced something similar? Any help will be highly appreciated.
  Thanks,
  Bo

  Hi,
  I am not Certificate expert either but you can get plenty of help from "Security" forum on SDN. I can help you bit with some related SAP notes and forum answers:
  See following notes :
  1324884 - Analysis of ABAP Web Service SOA Configuration
  1318906 - Trace analysis of SSL problems
  1319507 - Overview: Analysis of ABAP Web Service Configuration
  See this forum discussed about consuming secured ws in webdynbpro:
  Problem in Calling Secure Webservice.
  Articles:
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/92914af6-0d01-0010-3081-ded3a41be8f2&overridelayout=true -
  Web Services Security Configuration Guide (discussed IBM and NW WS security but you can find some examples and hints there)
  Regards,
  Gourav