Runtime Communication Channel Password
Hopefully, I am posting this in the correct Forum.
We have a new application, Password Vault, where the company would like to change all passwords on a daily basis. Password Vault has a Java API that will allow me to obtain the password for a specific account. What I would like to know is whether there is a way in PI to create a module that will be called by the Communication Channle when it requires the password which will aloow me to dynamically pass the password to the Communication Channel.
In short, I would like to step in front of all runtime password requests and push the current password to the Communication Channel.
Is this possible and/or where can I go to find more information?
>
Larry Martin wrote:
> I should have said that we will change all passwords used by PI...and some other applications...on a daily basis.
>
> Actually, it is a good idea because the passwords are managed by Password Vault so we would never have to worry about a password in PI. Everytime a Communication Channel needed a passwrod it would request it from Password Vault. We would not care if they changed them once a day or once a minute since we would no longer have any responsibility for managing passwords...we would simply use whatever password was the current one.
>
> It greatly improves our protection because the passwords would all be random, all have 15 characters (where possible) and would change so often that stealing a password would be of little value.
>
> The rules would not apply to user passwords in AD, in databases or to logon to PI or SAP because, as you mention, noone could keep track of a password that changes daily.
Well, an even better approach is not to use passwords at all - but use SNC or X.509 Client Certificates (SSL) for authentication.
As long as you are using passwords, there is the risk of password locks that will result from exceeding the number of permissible failed password logon attempts. Such failing attempts might not necessarily indicate a hacking attempt but could also result from a failure of your password provisioning solution. Especially in the case of inter-system communication the number of logon attempts per (small) time unit is fairly high. So, even if you run only shortly out of sync (regarding passwords) you might suffer from the resulting locks. So, better do not use passwords if it's avoidable.
Similar Messages
-
Runtime Update of Communication Channel Password
I posted this question in the Security Forum as well as here since I was not sure which was appropriate.
We have a new application, Password Vault, where the company would like to change all passwords on a daily basis. Password Vault has a Java API that will allow me to obtain the password for a specific account. What I would like to know is whether there is a way in PI to create a module that will be called by the Communication Channle when it requires the password which will aloow me to dynamically pass the password to the Communication Channel.
In short, I would like to step in front of all runtime password requests and push the current password to the Communication Channel.
Is this possible and/or where can I go to find more information?Ok, we have conceded that until SAP makes a change that allows some sort of hook into the Communication Channel so that we can handle the password we will not be able to implement a "pull" type of change.
We have code to extract and log Configuration Scenarios, Communications Channels and Interface Determinations. We also have some code modeled after what Bill Li has done to create a Change List and modify the Communication Channel.
Mostly we need to be able to set a Communication Channel Inactive/Active and change the password.
The part we are struggling with is the role of the Restricted Communication Channel and how to get the information from and existing Communication Channel into the Restricted Communication Channel which is the only thing we can add to the Change List.
It seems like there should be some relatively simple way to do the following:
1. Retrieve a Communication Channel using the API
2. Build a Restricted Communication Channel object with all of the information in the Communication Channel...we know the password is always returned as null and can handle that issue.
3. Modify whatever value we want modified
4. Create a Change List
5. Add the Restricted Communication Channel to the Change List
6. Activate the Change List.
We have no real problems with any of the above except for 2.. How do we build a complete Restricted Communication Channel from the retrieved Communication Channel? -
Communication channels are not exist in Runtime workbench
Hi gurus,
I did one file to file scenario. I have two problems.
1. I have created communication channel in the configuration step. I have activated my scenerio too. But when i check the communication channels in the runtime workbench im unable to see my communication channel. My communication channel doesnotexist.
2. How can i create the source directory and target directory
Kindly help me solve this problem.
Regards,
Ramalakshmi.GHi
Cache refresh : SXI_CACHE
Creating Source / Target Directory : U can use folder within XI landscape for (NFS)
If u r using FTP create folder in the FTP Server and use those : but select FTP as transport protocol
u will be asked for ftp ip / username / password
rgds
srini -
Password visibility in communication channel
Dear experts,
is it possible to show the passwords stored in the communication channels?
As the XI access is limited to employees who have the right to see the access data for the other systems, it would be useful to see the passwords in the communication channels instead of ******.
Best regards,
Davidis it possible to show the passwords stored in the communication channels?
Where you want to show the passwords?
You can write ABAP program to retrieve the password as it is stored in the PI DB. I am not too sure if you can use the Directory API to retrieve passwords, although I have used it to retrieve configuration data from the channels but never tried for passwords -
Communication channel doesn't show in runtime workbench
Hi,
In Integration monitoring Runtime Workbench does not show communication channel list in communication channel monitoring. It shows empty but we have created lot of communication channels. This is problem in XI adapter or any other problem? Please can anyone tell the solution for that.
Regards
VijayHi,
If ur searching for Xi and Receiver IDOC adapter in RWB.U cant find them in RWB then run in IS.try to check ur sender adapter and u can find the complete flow of it.
Thanks and Regards,
Phani Kumar -
Party communication channel for multiple stores with multiple user id and passwords in sap pi
Hi Exeperts,
I have a scenario proxy to SAOP . where i am sending some information from my stores to third party company with single user id and password in communication channel.
but requirement is changed now i have 20 stores with 20 user id and password for communication channel.how can i achieve this requirement?
Can i create 20 communication channels for 20 stores or can handle through the party based communication ?
Please help us achieve the requirement.
Regards
Ravinder.sHi,
In the SOAP Receiver adapter, you can only store 10 userid/password combinations via Authorization Keys. These are called via Dynamic Configuration via technical name TAuthKey. In your case, for it to work, you need:
1. 2 business components/2 SOAP receiver communication channels.
2. 1 receiver determination with xPath for username to determine correct business component
3. 1 interface determination
4. 2 receiver agreements (one for each cc)
Hope this helps,
Mark -
Change the host name of communication channel at runtime
Hi,
I am connecting to an SQL server using a JDBC receiver communication channel.
The vendor who is managing this SQL server says that he has a primary server with the ip <IP1> and a secondary server with ip <IP2>.
He wants me to switch to IP2 when IP1 is down.
Is there any possibility of to achieve this ?
regards,
PiyushI dont think there is any options available in JDBC adapter to change the host name dynamically...
what u can do is - u create a dummy scenario which will just check whether the database is up or not and store the flag values in PI ABAP stack..
Now before u send data to JDBC u do look up and check which server is up...and based on that u divert ur message to required system.
thats what I can think of now...
chirag -
Error got in Communication channel monitoring ( component monitoring)
Hi Experts,
When i executed the RFC from R3, i got the below error in runtime work bench.
please help me out if any one knows, i already gone through some of sdn line, but i am not able to get exact solution.
com.sap.aii.af.rfc.RfcAdapterException: error initializing RfcServerPool:com.sap.aii.af.rfc.core.repository.RfcRepositoryException: can not connect to destination system due to: com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to SAP gateway failed
Connect_PM TYPE=A ASHOST=qa2.syec.sshe.ed SYSNR=13 GWHOST=qa2.syec.sshe.ed GWSERV=sapgw13 PCS=1
LOCATION CPIC (TCP/IP) on local host with Unicode
ERROR max no of 100 conversations exceeded
TIME Thu Mar 20 15:44:08 2008
RELEASE 700
COMPONENT CPIC (TCP/IP) with Unicode
VERSION 3
RC 466
MODULE r3cpic_mt.c
LINE 10713
COUNTER 1
1) Registered Server Program has been created in RFC destination in R3, and RFC destination has been tested successfully, in R3 System we have 9 clients, but i have created one client independent RFC detonation type TCP/IP. is it right way to create client independent single RFC destination for multiple clients?? ( 3 unit test clients, 3 development clients, 3 configure clients), but in SLD only 3 business are created ( which are for 3 unit test clients), i have imported business system for client 300 and i have created communication channel under this business system, but when i run the RFC in this client i am gettin above error in component monitoring.
2) I have created incremented 100 to 300: Set the following environment variable CPIC_MAX_CONV=300
3) In sender RFC communication channel i have all correct parameters like: gateway service,Program ID, client number, password, userid etc
Pleas help me out.
thanks
siva grandhiHi,
This solved this issue for me:
Setting Maximum Database Connections
Perform this step only if you want to check or change the values.
1. Open the Visual Administrator tool.
○ j2ee admingo.bat if you also use SAP WAS ABAP.
2. Log on as an administrator.
3. Choose Server ® Services ® JDBC Connector.
4. Choose the Properties tab strip and select sysDS.maximumConnections.
Regards,
Hugo Mendoza -
FTP communication channel generating logs in NWA Logs and Traces
Dear all
Wishihg you all a very happy new year. I have a peculiar issue, where I am using a FTP adapter, and files are deposited in an FTP location. This processing is runnign succesfully. However, my NWA logs says that there is communication issues while putting htis file in the server.
Whenever there is a transaction happening this error gets generated in NWA log.
Does any one have any idea why this is happening.
Many thanks & Regards : Bobby Bal
Below mentioned is the error message.
Message: Error during disconnect from ftp server ediftp-pw09.colpal.com, ignored: com.sap.aii.adapter.file.ftp.FTPEx: 421 Unexpected reply codeTerminating connection.
Severity: Error
Date: 2012-01-10
Time: 09:18:12:191
Category: /Applications/ExchangeInfrastructure/AdapterFramework/Services/ADAPTER/ADMIN/File
Location: com.sap.aii.adapter.file.File2XI.disconnectFTPServer
Application:
Thread: XI File2XI[XXX_WMS_SENDER_CC/SYS321/XX_ChinaWMS]_34877
Data Source: j2ee/cluster/server1/log/applications_01.log
Arguments:
Passport User Activity ID: 7f0f0ddd38fd11e1b099c68806a4be02
Message ID: com.sap.SOA.apt_file.0058
Session: 0
Transaction:
User: J2EE_GUEST
Time Zone: 0-500
Customer Message Component: BC-XI-CON-AFW
Runtime Component: com.sap.aii.af.lib
Correlation ID: 144518351000001784
Passport Session: 7F0F0DDD38FD11E1B099C68806A4BE02
Passport Connection: 7f0f0ddd38fd11e1b099c68806a4be02
Passport Connection Counter: 0
Log ID: C000A7E404320DFE00000000013600A4
Host: xppapp14
System: XPP
Instance: DVEBMGS14
Node: server1Hi Bobby,
1. Check whether the user you are using has access control i.e Read/Write Access from the folder in FTP server..
2. Check it at OS level by directly pasting or pick the files..
3. From SAP end check the user credientials provided in the file adapter i.e username of the FTP server and the Password of the FTP server it is case-sensitive.
4. Try to give the exact path from where the file is to be picked and reactivate the scenario.
5. what is the file size of the file that is going to be picked from the ftp server.
6. Then finally check in Communication channel monitoring detailed log what is the error it was coming and check the log in XI server you can clearly notice the error.
Even some times it will access at OS level but not through the server for this reactivate the adapter and provdie the user credentials and the path once again..
Regards,
Ravi -
Calling a communication channel externally
Hi Experts
I want to dynamically call the communication channel from bpm during runtime.For this i am using a transformation step and writing a java code to call the url.But how to pass the username and password required to login into the adapter framework.Below is the java code i am using :
URL channelurl = new URL("http://hostname:port/AdapterFramework/ChannelAdminServlet?party=&service=\"NP_DEV_3RD_POC1\"&channel=\"CC_Sender_File_FiletoMail\"&action=\"start\"");
URLConnection channelconn = channelurl.openConnection();
channelconn.connect();
Edited by: Sabyasachi Mohapatra on Nov 23, 2009 3:30 PMok
-
Using a variable in communication channel
Hi,
I have a lot of Communication Channels looking for files in the same directory. This directory's path will be changed soon and so I assume I'll have to change all my Communication Channels.
I was wondering whether there was a means of using a variable for the Source Directory in order to just have to change its value where it is defined and not every where it is used...
Regards
YannHi,
Is this a sender file adapter? or a receiver file adapter?
You can make a change / make the receiver file adapter's directory dynamic by setting the value during runtime in the mapping.
Use this blog and the code in the blog to acheive this,
/people/michal.krawczyk2/blog/2005/11/10/xi-the-same-filename-from-a-sender-to-a-receiver-file-adapter--sp14
Sender File adapter, I dont think this is possible.
Regards,
Bhavesh -
How to set up the communication channel for third party idoc
Hello,
I am trying to send an idoc from an sap 4.6c system to an third party system. The third party system is supporting idcos with trfc.
My problem is to set up the communication channel in the integration builder (configuration) for the third party system. The idoc is waitung in XI to transport.
My settings are:
adapter type: idoc
transport protocol: idoc
message protocol: idoc
adapter engine: integration engine
rfc destination: xyz (is working fine)
interface version: sap release 4.0 or higher
port: ??
sap release 46c
My problem is the port. should i set up a port in idx1? But the third party is not an sap system and so i dont have a client.
On the xi i have defined a port in transaction we21 (transactional rfc) for the third party with my rfc destination xyz. But if i enter that port in communication channel i got error messages.
Thanks for any help.Hi Christian,
yes, you have to mainztain that port in idx1.
First ypi load the rfc-metadata from an SAP referenzsystem and afterwards copy this metadata to the third party port.
For further details check the onlinedocumentation "IDoc Processing with the IDoc Adapter" XI -> runtime -> adapter
Good luck,
Holger -
How to select a communication channel based on a field in the message?
Hi All,
In my scenario - Sending system will send one country field in the message ,I have one receiver system which has different folders for different countries.
I have created separate communication channels for separate countries.
Now at runtime based on the country field in sender message I need use the channel respective to that country.
How should i achieve this?
Please help.Hi,
Say you have 3 countries - I would suggest:
1) Create 3 services - each for one country
2) Create 1 CC's under each of these services
3) In your Receiver Determination ->Configured Receivers -> Condition field --- put in the condition (by choosing the field from the input that has the country code)
4) Against each condition, choose the respective service for that country
5) Complete the Interface Determination - (by calling the same mapping in all three Interface Determination)
6) Complete the Receiver Agreement by choosing the appropriate CC created as in Step 2)
1) and 2) are basically for ease of use. If you need to identify the Service or CC - this would be user-friendly.
If you dont want to create 3 different services - you can still not do Step 1 and continue from Step 2.
Regards,
Balaji.M -
Error in Recever Mail Adapter (Communication Channel)
Hello Experts,
I am getting below error in recever Adapter Communication Channel. I have given SMTP, XIALL,PLAIN parameters, i have given proper: SMTP://compnay.com & correct user id and password, i browse throug all most all related links.
Exception caught by adapter framework: java.io.IOException: server does not support PLAIN or LOGIN authentication
Mail: error occured: com.sap.aii.af.ra.ms.api.RecoverableException: java.io.IOException: server does not support PLAIN or LOGIN authentication
Delivery of the message to the application using connection Mail_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: java.io.IOException: server does not support PLAIN or LOGIN authentication.
Thanks,
SivaHI Siva
Are you trying to send Email from any file send by system or Read by PI and send as Email.
Please describe your Scenario.
If your email is generated from the content provided by Integraton engine use Message protocol XI PAYLOAD instead of XIALL.
Using Authentication you change from Plain to CRAM-MD5. then it might not give any error
Your URL should be SMTP://mailhost.company.com
For reference check Help URL
http://help.sap.com/saphelp_nw04/helpdata/en/23/c093409c663228e10000000a1550b0/frameset.htm
Thanks
Gaurav Bhargava -
Dynamic File name in FTP Communication Channel
Hi All,
We have requirement where ,we create a filenames dynamically ( runtime).These filenames whihc do change for every execution needs to be added in FTP communication channel.
1. How can we add the this generated file name in FTP CC Communication Channel.
2. Does this file needs to part of target structure during graphical mapping ?
3. Can we also dynamically append the Directory name to file names aswell ?
Please provide your valuable sugestions.
Thanks for your support.1. How can we add the this generated file name in FTP CC Communication Channel.
3. Can we also dynamically append the Directory name to file names aswell ?
to get the FileName:
DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/File","FileName");
To get the Directory:
DynamicConfigurationKey key1 = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/File","Directory");
Then append:
key+key1
And then in the CC select the Directory checkbox under the ASMA properties...
2. Does this file needs to part of target structure during graphical mapping ?
The file which is sent using the CC will have the FileName as configured in the UDF of the graphical mapping....and if i am not wrong then the target structure resembles the file (if there is no FCC done)....
Regards,
Abhishek.
Maybe you are looking for
-
Airplay rented movies to apple tv
I have a macbook pro 13 inch (non-retina). I have a apple tv third generation that is connected to panasonic 65 inch plasma tv - TC-P65ST60 via HDMI. Through itunes, I rented a HD movie. I tried to stream the movie to my TV thorugh airplay on my a
-
Please tell how to do, that when I want to forward a message, a message opens in new tab, not in a new message window in thunderbird. Thanks.
-
Question reads as above...no catches, no add-ons. I just want the download window/manager to open as a tab and NOT a separate window.
-
Idvd failure track initialization
Have made a keynote from PDF files and then exported it to idvd via quicktime. At the burn portion it says error track initialization. Before that it was saying delete encoding...which I did and then the next burn was error with track initialization.
-
Trying to install my new Adobe Photoshop Elements 10 dvd but all that is happening is a box is appearing with what the dvd contains but is then doing nothing else. Please help