Remove authentication in sender soap adapter pi 7.1

Similar Messages

• How to use Basis Authentication in Sender SOAP Adapter

  We implemented one Sender SOAP Adapter and we had to implement the modified WEB.XML method to remove the security specification.  We have now asked the developer to correct this situation so we can remove this modification.  The Interface developer would like to use Basic Authentication. If you have an automated interface sending in a SOAP Message, how do you do Basic Authentication? 
  I've tried using:
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  When I do this, I still get the Authentication Pop-Up Window.
  How does the Sending Interface either supply the ID and Password on the incoming SOAP Message or respond to the Authentication Pop-Up?
  Thanks,
  Anne

  By Defualt the web service exposed by you will use Basic Authentication mode only.
  But the way you do Basic Authentication in the web client is platfrom dependent.
  This is not the way to do Basic authentication
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  I am providing you a code snippet on how to Basic Authentication in Java when making the Web Service Call.
  If the client is on some other platform just look for the corresponding api.
  Please award points if you find this answer useful.
  Code Snippet
  URL url = new URL(URL);
  URLConnection connection = url.openConnection();
  if( connection instanceof HttpURLConnection )
  ((HttpURLConnection)connection).setRequestMethod("POST");
       //connection.setRequestProperty("Content-Length",Integer.toString(content.length()) );
       connection.setRequestProperty("Content-Type","text/xml");
       connection.setDoOutput(true);
       String password = User + ":" + Password ;
        //Where con is a URLConnection 
       connection.setRequestProperty ("Authorization", "Basic " + encode(User + ":"+ Password));
       connection.connect();
  Encode Method
  public static String encode (String source) {
  BASE64Encoder enc = new sun.misc.BASE64Encoder();
  return(enc.encode(source.getBytes()));

• Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

  Hello All,
  We are currently building up a HTTPS message exchange with an external client.
  Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
  The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
  Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
  Now we have to configure the addtional Client Authentication.
  At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
  But what are the next steps to get this scenario successfully in place?
  Many thanks in advance!
  Jochen

  Hi Colleagues,
  following Steps still have to be done:
  - Mapping public key to technical user at Java Stack
    As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
  - Be sure CA root certivicate at Database under STRUSTSSO2
  - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
  - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
  Many thanks to all for support!
  Regards,
  Jochen

• Regarding authentication in sender soap adapter

  how to do basic authentication in case of sender side soap adapter

  Hi
  To do the Basic Authentication in the sender soap adapter u have to provide the user name and the password of ur XI server.
  Thanks
  Rinku

• Certificate based authentication with sender SOAP adapter. Please help!

  Hi Experts,
     I have a scenario where first a .Net application makes a webservice call to XI via SOAP Adapter. Then the input from the .Net application is sent to the R/3 system via RFC adapter.
  .Net --->SOAP -
  >XI -
  >RFC -
  R/3 System
  Now as per client requirement I have to implement certificate based authentication in the sender side for the webservice call. In this case the .Net application is the "client" and XI is the "server". In other words the client has to be authenticated by XI server. In order to accomplish this I have setup the security level in the SOAP sender channel as "HTTPS  with client authentication". Additionally I have assigned a .Net userid in the sender agreement under "Assigned users" tab.
  I have also installed the SSL certificate in the client side. Then generated the public key and loaded it into the XI server's keystore.
  When I test the webservice via SOAPUI tool I am always getting the "401 Unauthorized" error. However if I give the userid/password for XI login in the properties option in the SOAPUI tool then it works fine. But my understanding is that in certificate based authentication, the authentication should happen based on the certificate and hence there is no need for the user to enter userid/password. Is my understanding correct? How to exactly test  certificate based authentication?
  Am I missing any steps for certificate based authentication?
  Please help
  Thanks
  Gopal
  Edited by: gopalkrishna baliga on Feb 5, 2008 10:51 AM

  Hi!
  Although soapUI is a very goot SOAP testing tool, you can't test certificate based authentication with it. There is no way (since I know) how to import certificat into soapUI.
  So, try to find other tool, which can use certificates or tey it directly with the sender system.
  Peter

• Authentication in Sender SOAP Adapter

  Hi experts,
  We have a scenario were EP sends SOAP Message to XI. We have created the WSDL from XI and it has been consumed by EP. When EP tries to send the SOAP Request to XI we get UnAuthorized Exception.
  Below is the Exception
  #1.5#001372E937FC00670000012000000D8C0004298100849F8B#1171533943519#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#CLASP#6953####18f1d310bcdc11db9500001372e937fc#SAPEngine_Application_Thread[impl:3]_29##0#0#Warning#1#/System/Server#Java###Call failed
  [EXCEPTION]
  #1#com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Problem in server response: [Unauthorized].
       at com.sap.engine.services.webservices.jaxm.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:207)
       at com.sap.engine.services.webservices.jaxm.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:163)
       at com.sap.engine.services.webservices.jaxm.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:325)
       at com.sapportals.portal.prt.service.soap.SOAPService.call(SOAPService.java:152)
       at com.sapportals.portal.prt.service.soap.PRTSOAPCall.invokeMethod(PRTSOAPCall.java:209)
       at service.XIUserCreateCall.IOS_UserCreate(XIUserCreateCall.java:168)
       at service.XIUserComp.doContent(XIUserComp.java:46)
  I tried to send the basic authentication details in my URL. But it didn't work.
  Pl. help me resolve this.

  HI,
  for XI EP
  Please see the below links so that you can have clear Idea..
  /people/saravanakumar.kuppusamy2/blog/2005/02/07/interfacing-to-xi-from-webdynpro
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/java/integrating%20web%20dynpro%20and%20sap%20xi%20using%20jaxb%20part%20ii.article
  Consuming XI Web Services using Web Dynpro – Part II-/people/riyaz.sayyad/blog/2006/05/08/consuming-xi-web-services-using-web-dynpro-150-part-ii
  Consuming XI Web Services using Web Dynpro – Part I -/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
  /people/sap.user72/blog/2005/09/15/creating-a-web-service-and-consuming-it-in-web-dynpro
  /people/sap.user72/blog/2005/09/15/connecting-to-xi-server-from-web-dynpro
  Regards
  Chilla..

• SMIME in sender soap adapter

  Hi,
  I'd like to know the proper format of the POST request to a sender soap adapter with SMIME activated. I've found almost no documentation about it.
  I'm trying to send a document ciphered to PI via soap adapter (HTTP POST). I've done the following steps
  1. I activate SMIME in the sender soap adapter, and I specify "Decrypt" as the security procedure in the sender agreement. I also incorporate the private key in the keystore DEFAULT and reference to it in the sender agreement.
  2. I use OpenSSL to cipher an xml document like this (I use the public certificate associated to the previous private key) :
  --> openssl smime -encrypt -in fich.txt -out fich_encrypted.txt certTesting.pem
  What I get is:
  MIME-Version: 1.0
  Content-Disposition: attachment; filename="smime.p7m"
  Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
  Content-Transfer-Encoding: base64
  MIIC....[base64 content of the file encrypted]
  3. I use CURL to send the HTTP POST request to PI. Previously I get the binary file from the base64 content.
  > POST /XISOAPAdapter/MessageServlet?senderParty=&senderService=BC_1[...]
  > Authorization: Basic c2U[...]
  > Host: pi.[...].com:50000
  > Accept: /
  > Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=fich_encrypted.der
  > User-Agent: Jakarta Commons-HttpClient/3.1
  > Accept-Encoding: text/xml
  > Content-Disposition: attachment; filename=fich_encrypted.der
  > Content-Length: 620
  > Expect: 100-continue
  but I get this error from the SOAP Adapter:
  --> java.io.IOException: invalid content type for SOAP: APPLICATION/PKCS7-MIME.
  I also get the same error if I remove the header Content-Disposition.
  4. If I send the xml file without ciphering (header Content-Type: text/xml;charset=UTF-8) I get the error:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: call failed: java.lang.SecurityException: Exception in Method: VerifySMIME.run(). LocalizedMessage: SecurityException in method: verifySMIME( MessageContext, CPALookupObject ). Message: IllegalArgumentException in method: verifyEnvelopedData( ISsfProfile ). Wrong Content-Type: text/xml;charset=UTF-8. *Expected Content-Type: application/pkcs7-mime or application/x-pkcs7-mime*. Please verify your configuration and partner agreement
  PROBLEM --> I really don't know what the SOAP sender channel is expecting when SMIME is activated. I've tried to send the binary file encripted as an attachment and also directly, but the soap adapter complains.
  Thanks

  HI,
  for XI EP
  Please see the below links so that you can have clear Idea..
  /people/saravanakumar.kuppusamy2/blog/2005/02/07/interfacing-to-xi-from-webdynpro
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/java/integrating%20web%20dynpro%20and%20sap%20xi%20using%20jaxb%20part%20ii.article
  Consuming XI Web Services using Web Dynpro – Part II-/people/riyaz.sayyad/blog/2006/05/08/consuming-xi-web-services-using-web-dynpro-150-part-ii
  Consuming XI Web Services using Web Dynpro – Part I -/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
  /people/sap.user72/blog/2005/09/15/creating-a-web-service-and-consuming-it-in-web-dynpro
  /people/sap.user72/blog/2005/09/15/connecting-to-xi-server-from-web-dynpro
  Regards
  Chilla..

• Sender SOAP adapter error 401

  Hello All,
  Here the scenario is SOAP -> XI -> SAP ECC.
  When the webservice is seding the message I am getting error in Sender SOAP channel.
  Message is not going to Integration Engine.
  Its failing with 401Un Authorized in sender soap adapter channel.My sender soap channel is plain channel with no authentication check and certificated etc.When webservice is seding request to XI its sending wit some usernmae which was there on XI box.I am facing this issue in Quality Env. The same is working fine in Dev box.
  Please give me the list of points that I need to check here.
  Thanks,
  Regards,
  Naresh

  Hi,
  I am facing this issue in Quality Env. The same is working fine in Dev box.
  Once the scenario is transported from Dev to QA the location where the Webservice is hosted will also change
  Hence you will have to change the target URL .....just the HostName / IP address and the port for all the webservices (that you transported to QA)
  Once you are in QA and with no change to the URL the sender (which I suppose is also in QA env) will be still trying to ping the same old Dev-URL....in such situation the sender is bound to get UnAuthorized error....
  So one in all change the URL in your WebService to point to QA and then test....
  Same logic applicable to QA --> PROD
  Regards,
  Abhishek.

• Sender SOAP Adapter - XMLAnonymizerBean

  Hi All,
  I am trying to use XMLAnonymizerBean in " sender SOAP Adapter " with out much luck .
  Even though I have enter the bean in the module chain , the xml o/p to the mapping program is still
  continuing to have namespaces which I was trying to remove.
    If some body has tried this out , could you kindly confirm if XMLAnonymizerBean could be used or
  not in a Sender SOAP Adapter.
  Many thanks
  KLK

  This blog says - "It is not possible to use this module in the sender SOAP adapter as this adapter type does not support any additional modules. "
  /people/stefan.grube/blog/2007/02/02/remove-namespace-prefix-or-change-xml-encoding-with-the-xmlanonymizerbean
  Regards,
  Ravi

• Dynamic sender SOAP Adapter

  Hi,
  i need to define a web service that could be consumed by any sender system, how could i do this if i need to define the BS in the URL when i create the WSLD undel menu tool-->Define web service
  http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel
  in case its migth be possible, how could i identify which system consume the service, is there any system information where i could get at least the host name or the IP???
  Thanks
  Rodrigo

  >> how could i do this if i need to define the BS in the URL when i create the WSLD undel menu tool-->Define web service
  http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel in case its migth be possible
  Create Webservice using Sender SOAP adapter. Go to sender agreeement, click display wsdl. Save the file . That is your wsdl and it contains all your webservice details that includes sender business system, interface, URL etc.
  >>how could i identify which system consume the service, is there any system information where i could get at least the host name or the IP???
  You create valid service users of PI to communicate and distribute for different consuming systems. When they invoke your webservice they have to use your login credentials. Also you can go with client authentication certifcate(SSL) so that only trusted partners with client certificate can communicate your webservice.
  >>where i could get at least the host name or the IP???
  You dont get those informations. You allow only trusted trading partners to consume your webservice using client authentication and certificate credentials.

• HTTPS sender soap adapter

  Hi,
  I want to use HTTPS port for one of our SOAP -->RFC sync interface .
  currently we are using  http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel this url and its working fine,
  Here  we want to use  HTTPS  ( HTTPS with client authentication as security level) ,but in our current PI system ( 7.31) is  not enabled https/ports.
  Please let me know how we can enable  HTTPS  port ,let me know the process.
  once HTTPS port is enabled  please let me know the process to use  HTTPS with client authentication as security level)
  Thanks
  Surya

  Hi Surya,
  Base on your requirement ports like 433, 4022 etc as per availability to Trading partners.
  Port mapping should be done in the firewall configuration as your web dispatcher port(This information can be obtained from your basis team / will be managed at the installation time / netweaver administration.)
  80* series is for ABAP ports and 50* series i sfor JAVA port.
  Also check the below link for more information.
  http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/09/20/sender-soap-adapter-https-with-client-authentication
  Thanks and Regards,
  Naveen

• Alias for Sender SOAP Adapter URL

  When I create a web service for an o/b interface using the wizard, I need to give the URL of the pattern
  http://<host:<port>/XISOAPAdapter/MessageServlet?channel=<party>:<service>:<channel>
  Looking at the URL, I think there is servlet that is processing the incoming SOAP messages based on the parameter (channel) and adding the SOAP Header for Sender Service, Sender Interface from that channel before sending it to IE.
  Is there anyway to create aliases for these URLs so that I can have distinct URL for each interface eg. http://<host:<port>/DeliveryConfirmation, http://<host:<port>/InvoiceCheck etc?
  I need to publish web services in custom-built UDDI tool which expects the URLs to be unique. (This uniqueness should not based on the parameter 'channel'). UDDI tool expects the part of the URL before '?' to be unique, which is not in my case. So, I'm thinking of aliases.
  Did anyone create Alias for sender SOAP adapter URL?
  I appreciate your inputs on this.
  thx
  praveen

  Stefan,
  Creating an alias like (http://<host:<port>/DeliveryConfirmation) for each web service makes the end Point URL (http://<host:<port>/DeliveryConfirmation?channel=<party>:<service>:<channel>) unique and my custom-built UDDI server would allow it.
  In this case, all the aliases would be for the same context path '/XISOAPAdapter/MessageServlet', right?
  I see the following on the help page.
  Prerequisites
  You must first have the J2EE Web applications deployed so that their aliases are added to the list of available application aliases. Then you can decide which one to remove from it.
  Do I need to deploy any J2EE Web Application here?
  I'm thinking that since 'XISOAPAdapter/MessageServlet' is already deployed, I just have to create a various aliases for it.
  I highly appreciate your inputs.
  thx
  praveen

• Change Queue Name in Sender Soap Adapter (or make it dynamic)

  Hello SDN!!!!
  We have a scenario where we want to make a message EOIO and I have set the Queue Name in the Sender Soap Adapter and this works great. BUT it is needed to have a more specific queue name (based on order numbers not interface name) So with this being said, Is there any way to change the queue name or append to it from the Soap Sender Adapter. I see it is possible to write a Module Bean, but the Message object returned from the ModuleContext is a scaled down version of the normal message object. Any help would be greatly appreciated
  Cheers
  Devlin

  Is this the only way to change the queue name for Soap Sender? I don't think it is possible for them to do this, as their urls are static when calling us

• Special characters in sender soap adapter provoke HTTP 500 error

  Hi,
  SAP R3 is sending a SOAP message to PI through SOAP adapter.
  When the payload does NOT contain german characters like ü, it works fine.
  However, when the payload DOES contain special characters, the SOAP adapter replies with an HTTP 500 code error.
  If I use SoapUI to send the soap message, and setting UTF-8 as the encoding in the program options, it will go through fine. If I change to ISO-8859-1 it will fail.
  I'm thinking in two options:
  - Make sure that SAP R3 sends the message in UTF-8 format (I think this is happening currently), as if SoapUI works, then probably R3 is not using UTF-8.
  - Force the adapter to use UTF-8. Is this possible? In the sender SOAP adapter I've added AF_Modules/MessageTransformBean (type local EB), and then Transform.ContentType for parameter name and --> text/plain;charset=utf-8 for parameter value. The sender adapter will fail then for every message, with or without special characters.
  Anyway, in this link (http://help.sap.com/saphelp_nwpi71/helpdata/EN/a4/f13341771b4c0de10000000a1550b0/frameset.htm) it seems to say that the sender soap adapter cannot be extended with modules, so maybe that's the reason why it fails when trying to add a module.
  Thanks

  If I use SoapUI to send the soap message, and setting UTF-8 as the encoding in the program options, it will go through fine. If I change to ISO-8859-1 it will fail.
  I'm thinking in two options:
  Check the use of option 1 ..... the URL which SAP is using to send the data can containe the encoding information.
  Check this SAP note: https://service.sap.com/sap/support/notes/856597
  From the above note:
  Q: What character encoding is supported by the SOAP sender adapter?
  +you can supply the encoding information with the xmlenc variable in the request URL as in+
  Regards,
  Abhishek.

• XI 3.0 Sender SOAP Adapter Default XI Parameters

  Hi all,
  I've noticed when posting to an inbound comm channel using the sender SOAP adapter that unless I specify a namespace and interface under the 'Default XI Parameters', an error is returned indicating I need to specify default values for the namespace and interface.
  This doesn't make sense.  I don't want to set up a new inbound comm channel for every interface for the same sender service.  As long as the SOAP address location is correct, i.e. sender service and interface are specified correctly, why should I need to set a default namespace and interface?  Also, what is the expected behavior of the default XI parameters?  Should it override what's passed in the SOAP location string?

  Hi,
  I think you have to add:
  Optional: xml.addHeaderLine 0
  Obligatory: try to put the ; between quotation marks like:
  Hope this helps.
  Cheers,
  Paul