SAML in PI7.0

Hi PI Experts,
we had a scenario where we need to integrate multiple SAP ECC Systems like R/3 3.1i, 4.7EE & ECC 6.0 using PI7.0. Now the Client need SAML Authentication, will this be achieved?
Can we use SOAP Adapter for this? Will we get WS Adapter in PI 7.0?
Please guide how to use principal propagation in SAP R/3 3.1i & R/3 4.7EE?
Thanks in advance,
Sriram

SAMLAuthentication in SOAP and WS adapter are available but with NW PI7.1and not with below versions.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b04408cc-f10e-2c10-b5b7-af11026b2393?quicklink=index&overridelayout=true

Similar Messages

  • Error while testing SAML service in PI7.1

    Hello all,
    I am creating a SAML secured service in PI 7.1
    I have used WS adapter in sender communication channel and reciever as RFC adapter to extract data from the system.
    I have done the necessary config in sender and receiver agreement and created the wsdl manually.
    Now to test that service i have created another component as the client.
    The sender is the SOAP channel and in the receiver, WS adapter is used.
    With these basic configurations, i have created another wsdl file which invokes my previous service.
    When i tested the new wsdl i get an error.
    <SAP:Code area="INTERNAL">WS_LOGICAL_PORT</SAP:Code>
      <SAP:P1 />
      <SAP:P2 />
      <SAP:P3 />
      <SAP:P4 />
      <SAP:AdditionalText />
      <SAP:Stack>Error while determining logical port Cannot find logical port for agreement 34CBAC01EBEC3F15813332AC002BD3CF and interface http://atl.tarpon.com/SAPGetAddressSAML_C.MI_Inbound_SAPGetAddSAML_C</SAP:Stack>
    Kindly guide me as to what is to be done for creation of logical port in *NWA as this tool is available for PI7.1 for me.
    Regards,
    Kevin

    Hi Kevin,
    What I meant to say is that there are multiple levels of settings required to enable SAML based communication. I wanted to ask you if you have already done those configurations.
    See the image given at following URL.
    http://help.sap.com/saphelp_nwpi71/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm
    As you can see there is multiple parties involved in the overall SAML authentication process.
    May be following blog will be helpful. 
    SAML Made Simple!
    Regards,
    Vandana.

  • Differences between XI 3.0 and PI7.0?

    Hi Experts,
    I want to know the major differences between XI 3.0 and PI7.0?
    can anyone suggest me some weblogs which explains the all the new features of PI7.0.....as i'm very much keen to learn PI7.0
    Thanks
    Faisal............

    Hi,
    There is no different between XI3.0 and PI 7.0 but there is a lot difference in XI3.0/PI 7.0 and PI 7.1.
    Refer the below thread for Xi and PI difference:
    PI 7.0 and XI 3.0
    there are many threads with sme topics
    New highlights for SAP NetWeaver Process Integration 7.1 are:
    • Enterprise Services Repository as a central storage location for enterprise service definitions and lifecycle management data for all enterprise services
    • Universal Description, Discovery, and Integration (UDDI) 3.0–compliant services registry for runtime management of enterprise services
    • Improved support for standards such as Web Service Reliable Messaging (WS-RM), WS Policy, Security Assertion Markup Language (SAML)
    • Extended support for high volume scenarios
    • Business Activity Monitoring for process definition of milestone monitoring (event correlation)
    • Improved SAP NetWeaver Administrator support for central configuration and administration of both mediated and point-to-point scenarios.
    • XML payload validation
    • Process editor modeling enhancements: step groups, integrated alert management, configurable parameters
    • Integration of human interaction (generic user decision)
    • WS-BPEL 2.0 preview.
    • Message Packing.
    • Local Processing in Adapter Engine.
    • Reusable UDF’s.
    • Lookup function with multiple results.
    Refer the below link form where the most of the above information has been taken:
    1) Capability and Enhancements of SAP NetWeaver Process Integration 7.1:
    https://www.sdn.sap.com/irj/sdn/wiki?path=/display/community/capabilityandEnhancementsofSAPNetWeaverProcessIntegration7.1&
    2) New SAP NetWeaver Process Integration:
    /people/udo.paltzer/blog/2007/04/26/new-sap-netweaver-process-integration-release-planned-for-2007
    3) Enhancement in PI 7.1:
    https://www.sdn.sap.com/irj/sdn/wiki?path=/display/profile/2007/07/27/briefdescriptionaboutEnhancementinPI7.1&focusedCommentId=40564
    4) SAP NetWeaver Process Integration 7.1 - Overview of New Capabilities:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/706005a3-3bd6-2910-91ae-a2016239bdcf
    5) SAP NetWeaver PI 7.1
    /people/daniel.bianchin/blog/2007/12/19/all-you-wanted-to-know-about-sap-netweaver-pi-71-and-more
    This section has all the relevant links for each topics:
    • Enterprise Services Repository:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4073b4c4-7137-2a10-a5a9-abb618b7a5e7
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e0301486-758c-2a10-9d84-a195556df422
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/903a4127-5403-2a10-0a96-e9452c3ab1de
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/c0f90f22-678c-2a10-91a0-f1f1bf7ff191
    • Usability Features in SAP NetWeaver PI 7.1 Development and Configuration Times
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a0e7734f-e969-2a10-24b6-df58a710941c
    • Advance adapter engine:
    /people/william.li/blog/2008/01/10/advanced-adapter-engine-configuration-in-pi-71
    /people/william.li/blog/2008/02/07/display-adapter-synchronous-message-content-in-rwb-of-pi-71
    • Preview on New Features of the Integration Directory in SAP NetWeaver Process Integration 7.1
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/10c0de4b-7876-2a10-e286-8412668643a8
    • Usability Features in SAP NetWeaver PI 7.1 Development and Configuration Times:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a0e7734f-e969-2a10-24b6-df58a710941c
    • SAP Network Blog: Share User-Defined Functions in Message Mappings of PI 7.1
    /people/william.li/blog/2008/01/02/sap-pi-71-mapping-enhancements-series-share-user-defined-functions
    • Preview on New Features of the Integration Directory in SAP NetWeaver Process Integration 7.1
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/10c0de4b-7876-2a10-e286-8412668643a8
    • SAP Network Blog: Mapping Enhancements in SAP NetWeaver Process Integration (PI) 7.1
    /people/jin.shin/blog/2008/01/11/sap-pi-71-mapping-enhancements-series-mapping-enhancements-demo
    • New Business Process Engine Features in SAP NetWeaver Process Integration
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e0068bc1-6f8c-2a10-52bb-c6ee3562feb2
    • Folders for more flexible and organized way of development.
    /people/william.li/blog/2007/08/07/using-folders-in-pi-71 -- Folders in PI 7.1
    • High Volume support in PI 7.1
    /people/holger.faulhaber/blog/2007/12/12/high-volume-support-in-pi-71
    • Upgrade to SAP NetWeaver PI 7.1
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/8085e299-718c-2a10-de94-928f62b763ce

  • Should I select PI7.0 ?

    Hello,
    I'd like to know the differences between "PI7.0" and "PI7.1".
    I'm developing some functions in PI7.0 as a ESB,
    but I'm wondering selecting "PI7.1".
    Please let me know the differences and,
    let me know your recommendations.
    Best regards,
    Koji

    Hi,
    Refer the below link for new featurs of PI 7.1 which are not there in PI7.0
    New highlights for SAP NetWeaver Process Integration 7.1 are:
    Enterprise Services Repository as a central storage location for enterprise service definitions and lifecycle management data for all enterprise services
    Universal Description, Discovery, and Integration (UDDI) 3.0–compliant services registry for runtime management of enterprise services
    Improved support for standards such as Web Service Reliable Messaging (WS-RM), WS Policy, Security Assertion Markup Language (SAML)
    Extended support for high volume scenarios
    Business Activity Monitoring for process definition of milestone monitoring (event correlation)
    Improved SAP NetWeaver Administrator support for central configuration and administration of both mediated and point-to-point scenarios
    Further functional enhancements include:
    XML payload validation
    Process editor modeling enhancements: step groups, integrated alert management, configurable parameters
    Integration of human interaction (generic user decision)
    WS-BPEL 2.0 preview
    Features of PI 7.1
    /people/udo.paltzer/blog/2007/04/26/new-sap-netweaver-process-integration-release-planned-for-2007
    Advance adapter engine:
    /people/william.li/blog/2008/02/07/display-adapter-synchronous-message-content-in-rwb-of-pi-71
    /people/william.li/blog/2008/02/07/display-adapter-synchronous-message-content-in-rwb-of-pi-71
    Plesae go through below links to know the advaced features of PI 7.1
    SAP NetWeaver Process Integration 7.1 - Overview of New Capabilities
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/706005a3-3bd6-2910-91ae-a2016239bdcf
    Usability Features in SAP NetWeaver PI 7.1 Development and Configuration Times
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a0e7734f-e969-2a10-24b6-df58a710941c
    SAP Network Blog: Share User-Defined Functions in Message Mappings of PI 7.1
    /people/william.li/blog/2008/01/02/sap-pi-71-mapping-enhancements-series-share-user-defined-functions
    Preview on New Features of the Integration Directory in SAP NetWeaver Process Integration 7.1
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/10c0de4b-7876-2a10-e286-8412668643a8
    SAP Network Blog: Mapping Enhancements in SAP NetWeaver Process Integration (PI) 7.1
    /people/jin.shin/blog/2008/01/11/sap-pi-71-mapping-enhancements-series-mapping-enhancements-demo
    New Business Process Engine Features in SAP NetWeaver Process Integration
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e0068bc1-6f8c-2a10-52bb-c6ee3562feb2
    ESOA:
    Please go through the below links, it will give you the idea about the key role of PI7.1 in E-SOA.
    Enterprise Services Repository: Importance in Enterprise SOA Architecture
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4073b4c4-7137-2a10-a5a9-abb618b7a5e7
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e0301486-758c-2a10-9d84-a195556df422
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/903a4127-5403-2a10-0a96-e9452c3ab1de
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/c0f90f22-678c-2a10-91a0-f1f1bf7ff191
    Thnx
    Chirag

  • Erroe while invoking a process (could not validate SAML)

    Hi,
    I am getting the following error while invoking a process from
    Weblogic  Portal Server.The invocation happens properly always but
    after frequent  intervals(approx 1-1.5 hrs) this error comes.Then if
    the Portal Server(the  client which is invoking the process) is
    restarted again it works properly.
    This is very urgent to resolve.Any pointers to this will be very 
    helpful.
    Thannks in advance,
    Leena Jain
    Stack Trace of the error:
    ALC-DSC-215-000:  com.adobe.idp.dsc.DSCAuthenticationException: None of
    the Auth Provider  could authenticate the user. Authentication Failed
            at 
    com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.authenticate 
    (AbstractMessageReceiver.java:157)
            at 
    com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.invoke 
    (AbstractMessageReceiver.java:312)
            at 
    com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invokeCall 
    (SoapSdkEndpoint.java:138)
            at 
    com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invoke 
    (SoapSdkEndpoint.java:81)
            at  sun.reflect.GeneratedMethodAccessor377.invoke(Unknown
    Source)
            at  sun.reflect.DelegatingMethodAccessorImpl.invoke 
    (DelegatingMethodAccessorImpl.java:25)
            at  java.lang.reflect.Method.invoke(Method.java:585)
            at  org.apache.axis.providers.java.RPCProvider.invokeMethod 
    (RPCProvider.java:397)
            at  org.apache.axis.providers.java.RPCProvider.processMessage 
    (RPCProvider.java:186)
            at  org.apache.axis.providers.java.JavaProvider.invoke
    (JavaProvider.java:323) 
            at org.apache.axis.strategies.InvocationStrategy.visit 
    (InvocationStrategy.java:32)
            at  org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:
    118)
            at  org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
            at  org.apache.axis.handlers.soap.SOAPService.invoke
    (SOAPService.java:454) 
            at org.apache.axis.server.AxisServer.invoke(AxisServer.java: 
    281)
            at org.apache.axis.transport.http.AxisServlet.doPost 
    (AxisServlet.java:699)
            at  javax.servlet.http.HttpServlet.service(HttpServlet.java:
    727)
            at  org.apache.axis.transport.http.AxisServletBase.service 
    (AxisServletBase.java:327)
            at  javax.servlet.http.HttpServlet.service(HttpServlet.java:
    820)
            at  weblogic.servlet.internal.StubSecurityHelper 
    $ServletServiceAction.run(StubSecurityHelper.java:226)
            at  weblogic.servlet.internal.StubSecurityHelper.invokeServlet 
    (StubSecurityHelper.java:124)
            at  weblogic.servlet.internal.ServletStubImpl.execute
    (ServletStubImpl.java:283) 
            at weblogic.servlet.internal.TailFilter.doFilter 
    (TailFilter.java:26)
            at  weblogic.servlet.internal.FilterChainImpl.doFilter
    (FilterChainImpl.java:42) 
            at 
    com.adobe.idp.dsc.provider.impl.soap.axis.InvocationFilter.doFilter 
    (InvocationFilter.java:43)
            at  weblogic.servlet.internal.FilterChainImpl.doFilter
    (FilterChainImpl.java:42) 
            at weblogic.servlet.internal.WebAppServletContext 
    $ServletInvocationAction.run(WebAppServletContext.java:3393)
            at  weblogic.security.acl.internal.AuthenticatedSubject.doAs 
    (AuthenticatedSubject.java:321)
            at  weblogic.security.service.SecurityManager.runAs(Unknown
    Source)
             at
    weblogic.servlet.internal.WebAppServletContext.securedExecute 
    (WebAppServletContext.java:2140)
            at  weblogic.servlet.internal.WebAppServletContext.execute 
    (WebAppServletContext.java:2046)
            at  weblogic.servlet.internal.ServletRequestImpl.run 
    (ServletRequestImpl.java:1366)
            at  weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
            at  weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
    Caused by: |  [com.adobe.idp.um.api.impl.AuthenticationManagerImpl]
    errorCode:16421  errorCodeHEX:0x4025 message:Could not validate SAML
    Token --- Assertion is  not valid. Current time is greater than
    NOTonOrAfter time specified in the  Assertion| [IDPLoggedException]
    errorCode:12804 errorCodeHEX:0x3204  message:Could not validate SAML
    Token --- Assertion is not valid. Current  time is greater than
    NOTonOrAfter time specified in the Assertion
             at com.adobe.idp.um.api.impl.ManagerImpl.handleException 
    (ManagerImpl.java:246)
            at  com.adobe.idp.um.api.impl.ManagerImpl.handleException
    (ManagerImpl.java:192) 
            at 
    com.adobe.idp.um.api.impl.AuthenticationManagerImpl.validateAssertionCheck 
    (AuthenticationManagerImpl.java:587)
            at 
    com.adobe.idp.um.api.impl.AuthenticationManagerImpl.validateAssertion 
    (AuthenticationManagerImpl.java:552)
            at 
    com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.authenticate 
    (AbstractMessageReceiver.java:132)
            ... 33 more

    This happens due to expiry of the SAML assertion that the client has. Have a look at the Renew Assertion Recipe at the cookbook site

  • Need help on SAP SSO with SAML & SSO2

    Dear expert,
    We met an SSO issue on launchpad.
    Here is our scenario and SSO structure. We use fiori launchpad to display all SAP apps.
    1. When  an user visit launchpad URL, URL will redirect user to identity provider (IDP) for SAML authentication.
    2. Then IDP authenticate with SAML2.0 token back to gateway.
    3. Gateway accept the SAML2.0 token and issue SSO2 logon ticket.
    4. Use logon ticket to backend ABAP ERP system for transaction apps.
    5. Use logon ticket to HANA system for factsheet.
    Now the first step above is OK as SAML token can be authenticated back to gateway. But after that, the basic form authentication pop-up for user credential on both backend system and HANA, which should not. We found out that launchpad was stucked with error message "/sap/es/ina/GetServerInfo HTTP/1.1 401 Unauthorized" at ERP backend service "GetServerInfo". By checking the cookies, we found out that after SAML token accepted by gateway, gateway did not issue any MYSAPSSO2 ticket.
    However, when we disabled SAML and use form authentication for launchpad, SSO2 logon ticket works perfectly among GW, ERP and HANA.  So, there should be no issue configuration regarding SSO2 logon ticket in SAP GUI.
    here is the system information:
    GW: NW740 SP5
    ERP: ECC6 on NW740 SP5
    HANA: v70
    Please kindly help us out on this issue. Please ask if other information is needed. thanks.
    Best regards,
    Xian' an

    This discussion thread belongs to the SAP Gateway space. For generic SSO related queries where portal is not involved the correct space is SAP NetWeaver Application Server. This space is for NetWeaver Single Sign-On (NWSSO, the separately purchasable product) topics only.

  • Is it possible to implement SSO by setup SAML on weblogic with IIS?

    Hi! We have IIS as front-end web server talking to weblogic. Is there anything specific to IIS when configuring SAML on weblogic9.1? Thanks.

    Hi! We have IIS as front-end web server talking to weblogic. Is there anything specific to IIS when configuring SAML on weblogic9.1? Thanks.

  • How to pass credentials/saml token access sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication

    How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication 
    Identity provider here is Oracle identity provider 
    harika kakkireni

    Hi,
    The following materials for your reference:
    Consuming List.asmx on a claims based sharepoint site
    http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
    Sharepoint Claims based authentication and Single Sign on
    http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
    Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
    Best Regards
    Dennis Guo
    TechNet Community Support

  • Single Sign on using SAML between JWS application and Web Application

    Hi,
    We have two applications one is swing based Java Web Start application and other is a normal web application. We are trying to enable single sign on between both the applications. Can SAML be used to enable single sign on? If yes, can some one let us know how to do this?
    Thanks,
    Rama

    Thanks. But it is based on two WEB applications deployed on two different weblogic domains. What I am looking for is one application which is launched using Java Web Start(JNLP) and other a web application. The Java Web Start application uses its proprietary authentication implementation and the web application used DefaultAuthenticator of weblogic. Hope this detail will help you to answer my question better. I should have given this information earlier.
    Thanks.
    Rama

  • E-sourcing Single sign on and SAML 1.1

    Does anyone have experience of using SAML token 1.1 to authenticate external users in e-sourcing?
    We have an external IdP u201CIdentity Provideru201D or u201CSource Siteu201D in the SAML-based exchange.
    We have a Portal that plays the role of u201CIdentity Asserteru201D or u201CService Provideru201D or u201CDestination Siteu201D in the SAML-based exchange, SAP e-sourcing would be Assertion Consumer Service.

    Thanks. But it is based on two WEB applications deployed on two different weblogic domains. What I am looking for is one application which is launched using Java Web Start(JNLP) and other a web application. The Java Web Start application uses its proprietary authentication implementation and the web application used DefaultAuthenticator of weblogic. Hope this detail will help you to answer my question better. I should have given this information earlier.
    Thanks.
    Rama

  • SAML 1.1 - Possible to configure NetWeaver Server to allow SSO to Non-SAP ?

    We have NetWeaver 7 and would like to use SAML 1.1 to SSO into a vendors website.  Can we send SAML Assertions from NetWeaver by configuration or do we have to write an application? 
    Thanks!
    BK

    Please check this link on How To Configure SAML Authentication for SAP NetWeaver Process Integration 7.1
    http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/b04408cc-f10e-2c10-b5b7-af11026b2393&overridelayout=true
    Thank you,
    Shyam

  • SSO and SAML issue with Fiori

    Hi
    I have set up a Fiori system based on 7.4 and it is working fine.
    I attempted to use Single Sign using SAML based on ADFS as an identity provider which we are already using in our environment.
    I have followed this guide by Chris Wealy on  Using SAML 2.0 Authentication to Access Fiori Apps from the Public Internet
    However when I am trying to login to the FIori launchpad, I am redirected to the Idp site where I enter my credentials and I am not able to login. Checking the diagnostic tool I am getting the following error
    SAML20 SP (client 410 ): Exception raised:
    SAML20 SAML20 CX_SAML20_CORE: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1. Long text: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1. Diagnosis System Response Status 401 was returned. Access denied. Procedure Contact the administrator of the entity, to which access was attempted. The logon data prevent communication. Use an HTTP destination and configure the logon data and the SSL client values as needed. Procedure for System Administration
    SAML20     at CL_SAML20_ABSTRACT_PROFILE->SOAP_SEND(Line 160)
    SAML20     at CL_SAML20_ARTIFACT->RESOLVE_ARTIFACT(Line 61)
    SAML20     at CL_SAML20_ABSTRACT_MSG->PARSE_MESSAGE(Line 216)
    SAML20     at CL_SAML20_RESPONSE->CREATE_FROM_MSG(Line 46)
    SAML20     at CL_SAML20_ABSTRACT_PROFILE->CREATE_MSG_OBJECT(Line 46)
    SAML20     at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 32)
    SAML20     at CL_HTTP_SAML20->PROCESS_LOGON(Line 303)
    SAML20     at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
    SAML20     at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2491)
    However checking the possible solution to the above error I came across this
    Problem: You are performing SAML 2.0 authentication and you get the following error:
    CX_SAML20_CORE: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1. Long text: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1.
    Reason: SSL server certificate of identity provider is not imported in “SSL Client Standard” PSE.
    Solution: Import SSL server certificate of the identity provider in “SSL Client Standard” PSE.
    I have imported the the SSL server certificate along with the root certificate of the the Identitiy provider which is ADFS and still I am getting the same error.
    The ICM trace is showing this
    Thr 140736331941632] *** ERROR during SecuSSL_SessionStart() from SSL_connnect()==SSL_ERROR_CONNECTION_LOST
    Thr 140736331941632]    session uses PSE file "/usr/sap/UI5/DVEBMGS00/sec/SAPSSLC.pse"
    Thr 140736331941632] No LastError / ErrorStack available!
    Thr 140736331941632]   SSL_get_state()==0x2120 "SSLv3 read server hello A"
    Thr 140736331941632]   SSL NI-hdl 193: local=10.2.32.85:52039  peer=10.2.32.43:443
    Thr 140736331941632] <<- ERROR: SapSSLSessionStart(sssl_hdl=7fff90003a60)==SSSLERR_SSL_CONNECT
    Thr 140736331941632] *** ERROR => SSL handshake with adfs.sbm.com.sa:443 failed: SSSLERR_SSL_CONNECT (-57)
    Thr 140736331941632] SAPCRYPTO:SSL_connect() failed
    Thr 140736331941632]
    Thr 140736331941632] SapSSLSessionStart()==SSSLERR_SSL_CONNECT
    Thr 140736331941632] SSL_connnect() failed  (0/0x00) Huh??
    Thr 140736331941632]   SSL:SSL_get_state()==0x2120 "SSLv3 read server hello A"
    Thr 140736331941632]   SSL NI-hdl 193: local=10.2.32.85:52039  peer=10.2.32.43:443
    Thr 140736331941632]   cli SSL session PSE "/usr/sap/UI5/DVEBMGS00/sec/SAPSSLC.pse"
    Thr 140736331941632]   Target Hostname="adfs.sbm.com.sa"
    Can anybody help out.
    Do you need any other logs or configurations to check?

    Hi Simon,
    Thanks for your response.
    I am able to access the Netweaver Gateway Service URl's placed on the same DMZ using reverse proxy from internet.
    I have tried using the FQDN as well but no luck, do we need to do some configurations at the backend server in order to use Fiori Launchpad with reverse proxy?

  • Jsessionid - weblogic 10.3.5, saml 2.0 & adfs 2.0 with peopletools 8.5x

    We have set up SAML 2.0 to enable sso into peoplesoft (idp is adfs 2.0).
    On a simple sample web application SAML is working correctly.
    However when we tried to enable this for one of our Peoplesoft systems we ran into the issue that after the final
    redirect to the target access is denied.
    Peoplesoft is using a non-standard cookie name:
    from weblogic.xml
    <session-param>
    <param-name>CookieName</param-name>
    <param-value>PSDev2-0-PORTAL-PSJSESSIONID</param-value>
    </session-param>
    According to http://download.oracle.com/docs/cd/E12840_01/wls/docs103/secmanage/saml.html
    \quote
    Use of Non-default Cookie Name
    When the Assertion Consumer Service logs in the Subject contained in an assertion, an HTTP servlet session is created using the default cookie name JSESSIONID. After successfully processing the assertion, the ACS redirects the user’s request to the target web application. If the target web application uses a cookie name other than JSESSIONID, the Subject’s identity is not propagated to the target web application. As a result, the servlet container treats the user as if unauthenticated, and consequently issues an authentication request.
    To avoid this situation, do not change the default cookie name when deploying web applications in a domain that are intended to be accessed by SAML 2.0 based single sign-on.
    \endquote
    This is exactly the issue we encounter. SAML itself is working properly. However, on redirect to the target application access is denied.
    Now, if we disable the non-default cookie name in the peoplesoft application we get the error message 'cookies must be enabled' when trying to access i.e. \signon.html.
    What can we do to make SAML 2.0 work with Peoplesoft?
    Is there a way to change the cookie name for SAML or share the SAML session with the peoplesoft application?
    Any help in this matter is greatly appreciated.
    Thank you
    Karl Weber
    Systems Analyst
    NAIT - Department of Information Services

    Hi Karl,
    I have reproduced your issue in my environment:
    <session-descriptor>
         <cookie-name>HELLO_WORLD_SSO</cookie-name>
    </session-descriptor>What I am seeing is that Weblogic is not able to fix the user session (JSESSIONID), so it sends again the authentication request. Actually, in my case, it performs 5-6 retries. If you take a look at THE ADFS2 log you will see an exception like this: "The same client browser has made 6 request in the last 4 seconds..." At the end the IdP sends you a SAMLResponse with the status urn:oasis:names:tc:SAML:2.0:status:Responder. Weblogic +"translates"+ that message in a *403 Forbidden Error*.
    Maybe you could feed that cookie, PSDev2-0-PORTAL-PSJSESSIONID, by yourself, i.e. implementing a filter:
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;
    httpServletResponse.addCookie(new Cookie("PSDev2-0-PORTAL-PSJSESSIONID", yourValue));
    .../...Hope it helps,
    Luis

  • What is the difference between SAP NW PI7.1 and PI7.1 EHP1

    We have a customer using SAP PI7.1 EHP1. The application to be deployed
    isdeveloped on SAP Netweaver PI 7.1 SP06.
    We need to know if application developed and transported from PI7.1 is
    compatible with EHP1?
    Below are the Components used by the application .
    1) SSL communication using SOAP adapter
    2) Java mapping , Graphical mapping , XSLT mapping
    3) Customised EJB modules
    4) Adapter framework
    5) ALE layer for IDoc communication from ERP to PI
    6) RFC lookups to PI system and ERP system.
    Questions
    1)Will PI EHP1 be able to communicate with PI7.1 using SOAP adapter ?
    2) What is the difference between SAP NW PI7.1 and PI7.1 EHP1 ?
    Regards,
    Sneha

    Hi,
    EHP Pi7.1 new
    IPv6 Support in SAP Systems (new)
    Async/Sync and Sync/Async Bridge in the JMS Adapter (New)
    High Availability (New)   Locate the document in its SAP Library structure
    Use
    A new concept is available for setting up a high availability environment for SAP NetWeaver Process Integration (PI). To do this, you need SAP Web Dispatcher for load balancing, and you must reconfigure your HTTP, RFC, and RMI connections so that they can be used for load balancing. You must also make various configuration steps in other components of your PI environment.
    [Level 4: Document: XML to Text Conversion Module (New)] XML to Text Conversion Module (New)
    Message Packaging (New)
    Monitoring Milestones (New)   Locate the document in its SAP Library structure
    Use
    You can use the new scenario variant Monitoring Milestones of the Business Process Management scenario to define a monitoring process that can monitor events from different applications. A monitoring process can subscribe to events from SAP or non-SAP systems.
    check  given Link
    http://help.sap.com/saphelp_nwpi711/helpdata/en/61/8c3842bb58f83ae10000000a1550b0/frameset.htm
    Regards,
    Amit

  • Interface determination Issue in PI7.1

    Hi ,
    I am working on PI 7.1
    Problem 1:
    I am not able create any interface determination objects. There is a lock object created everytime I use the wizard. Unlocking the object and run the cache refresh has not helped..
    I am able to create the interface determination manually after removing the lock. But now I am not able to associate a operation/interface mapping to the Interface determination . After I selected a message/service interface in the Interface determination, I clicked on the mapping option. The possible mapping was showed up on the list. But once I select one option from the list it does not show up in the interface determination. The field remains blank.
    Problem 2:
    I am unable to open the existing interface determination also. These interface determinations are present in the DEV environment.I have taken the system copy of the dev environment on the UAT environment.I am getting the below error when i try to open the interface determination
    ====================================================================
    = Root Exception ===================================================
    ====================================================================
    Thrown:
    com.sap.aii.utilxi.swing.toolkit.ServerCallCancelledException: Unexpected exception.
         at com.sap.aii.ib.clsif.gen.BeanAccessHandler.handleRuntimeExInBusinessMethod(BeanAccessHandler.java:87)
         at com.sap.aii.ib.clsif.oa.ObjectAccess.read(ObjectAccess.java:112)
         at com.sap.aii.ib.client.oa.ObjectHandler.read(ObjectHandler.java:119)
         at com.sap.aii.ib.gui.editor.DefaultPersistenceHandler.load(DefaultPersistenceHandler.java:94)
         at com.sap.aii.ib.gui.editor.XiDocument.load(XiDocument.java:249)
         at com.sap.aii.utilxi.swing.framework.cmd.OpenCommand.load(OpenCommand.java:353)
         at com.sap.aii.utilxi.swing.framework.cmd.OpenCommand.localOpen(OpenCommand.java:273)
         at com.sap.aii.utilxi.swing.framework.cmd.OpenCommand.execute(OpenCommand.java:211)
         at com.sap.aii.utilxi.swing.framework.ExecutionContext.execute(ExecutionContext.java:198)
         at com.sap.aii.utilxi.swing.framework.ExecutionContext.executeSafe(ExecutionContext.java:154)
         at com.sap.aii.ib.gui.operations.OperationsServiceProvider.executeDefaultOperation(OperationsServiceProvider.java:295)
         at com.sap.aii.ib.gui.nav.HierarchyNode.executeDefaultOperation(HierarchyNode.java:59)
         at com.sap.aii.utilxi.swing.framework.navigation.tree.DefaultTreeCard.handleHierarchyEvent(DefaultTreeCard.java:198)
         at com.sap.aii.utilxi.swing.framework.navigation.tree.ThreadedTree.fireHierarchyActionEvent(ThreadedTree.java:542)
         at com.sap.aii.utilxi.swing.framework.navigation.tree.ThreadedTree.executeStandardOperation(ThreadedTree.java:2264)
         at com.sap.aii.utilxi.swing.framework.navigation.tree.ThreadedTree$DblClickHandler.mouseReleased(ThreadedTree.java:2196)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.Component.processMouseEvent(Unknown Source)
         at javax.swing.JComponent.processMouseEvent(Unknown Source)
         at java.awt.Component.processEvent(Unknown Source)
         at java.awt.Container.processEvent(Unknown Source)
         at java.awt.Component.dispatchEventImpl(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
         at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
         at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Window.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.EventQueue.dispatchEvent(Unknown Source)
         at com.sap.aii.utilxi.swing.toolkit.Guitilities$EventProcessor.dispatchEvent(Guitilities.java:319)
         at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.run(Unknown Source)
    ====================================================================
    == Content from the LogHandler =====================================
    ====================================================================
    #300 11:56:48 [AWT-EventQueue-2] WARNING com.sap.aii.utilxi.swing.toolkit.ButtonPanel: Special button of type 4 was not added in order (class com.sap.aii.utilxi.swing.toolkit.ButtonPanel)
    #299 11:56:48 [AWT-EventQueue-2] ERROR com.sap.aii.utilxi.swing.toolkit.ExceptionDialog: Throwable
    Thrown:
    com.sap.aii.utilxi.swing.toolkit.ServerCallCancelledException: Unexpected exception.
         at com.sap.aii.ib.clsif.gen.BeanAccessHandler.handleRuntimeExInBusinessMethod(BeanAccessHandler.java:87)
         at com.sap.aii.ib.clsif.oa.ObjectAccess.read(ObjectAccess.java:112)
         at com.sap.aii.ib.client.oa.ObjectHandler.read(ObjectHandler.java:119)
         at com.sap.aii.ib.gui.editor.DefaultPersistenceHandler.load(DefaultPersistenceHandler.java:94)
         at com.sap.aii.ib.gui.editor.XiDocument.load(XiDocument.java:249)
         at com.sap.aii.utilxi.swing.framework.cmd.OpenCommand.load(OpenCommand.java:353)
         at com.sap.aii.utilxi.swing.framework.cmd.OpenCommand.localOpen(OpenCommand.java:273)
         at com.sap.aii.utilxi.swing.framework.cmd.OpenCommand.execute(OpenCommand.java:211)
         at com.sap.aii.utilxi.swing.framework.ExecutionContext.execute(ExecutionContext.java:198)
         at com.sap.aii.utilxi.swing.framework.ExecutionContext.executeSafe(ExecutionContext.java:154)
         at com.sap.aii.ib.gui.operations.OperationsServiceProvider.executeDefaultOperation(OperationsServiceProvider.java:295)
         at com.sap.aii.ib.gui.nav.HierarchyNode.executeDefaultOperation(HierarchyNode.java:59)
         at com.sap.aii.utilxi.swing.framework.navigation.tree.DefaultTreeCard.handleHierarchyEvent(DefaultTreeCard.java:198)
         at com.sap.aii.utilxi.swing.framework.navigation.tree.ThreadedTree.fireHierarchyActionEvent(ThreadedTree.java:542)
         at com.sap.aii.utilxi.swing.framework.navigation.tree.ThreadedTree.executeStandardOperation(ThreadedTree.java:2264)
         at com.sap.aii.utilxi.swing.framework.navigation.tree.ThreadedTree$DblClickHandler.mouseReleased(ThreadedTree.java:2196)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
         at java.awt.Component.processMouseEvent(Unknown Source)
         at javax.swing.JComponent.processMouseEvent(Unknown Source)
         at java.awt.Component.processEvent(Unknown Source)
         at java.awt.Container.processEvent(Unknown Source)
         at java.awt.Component.dispatchEventImpl(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
         at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
         at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Window.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.EventQueue.dispatchEvent(Unknown Source)
         at com.sap.aii.utilxi.swing.toolkit.Guitilities$EventProcessor.dispatchEvent(Guitilities.java:319)
         at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.run(Unknown Source)

    Hi Shilpa,
    Ask your basis guys to check the SP level of JAVA components in system component information of your PI7.1 system............ask them to check for patches for your SP level of PI7.1 or upgrade to a higer SP level...........
    Also try this from your PI IB webpage, go to Administration - JAVA web start administration - then click on execute link in the status window and do a reinitialization of your JAVA web start...........then close your ID and reopen your ID........then create your interface determination again in ID...........
    Regards,
    Rajeev Gupta
    Edited by: RAJEEV GUPTA on Apr 29, 2009 9:05 AM
    Edited by: RAJEEV GUPTA on Apr 29, 2009 9:25 AM

Maybe you are looking for

  • Error when starting Java(TM) ME Platform SDK 3.0

    hey guys, I get this error when starting Java(TM) ME Platform SDK 3.0. When I installed it it installed 'successfully' and then I double clicked the file on the desktop (I'm using Windows Vista 32bit Home premium) and it gave me the following error w

  • Issue related to preparing Internal table from 3 more Internal tables

    Hi All, I have 3 internal tables declared as below. DATA : i_header TYPE STANDARD TABLE OF zexport_header                 INITIAL SIZE 0 WITH HEADER LINE. DATA : i_class TYPE STANDARD TABLE OF zexport_class                 INITIAL SIZE 0 WITH HEADER

  • Server Exception during PPR, #1 ... Problem...

    Hi, I am having the current exception... <RegistrationConfigurator><handleError> Server Exception during PPR, #1 java.lang.NullPointerException This exception present in a method in my bean that i invoke with a "<af:serverListener type="handleCommand

  • Cannot start Wiley interscope

    Hello all! Here's the scenario, WIley Interscope is not starting due to Out of memory issue/Permission issues... because of this Solution manager is having trouble with updating it's password for J2EE_ADMIN. nohup ./runem.nohup.sh & [1] 643220 (pl6ad

  • ITunes 7 is the bane of my music video existence

    I started this as part of someone else's thread and decided to be "courteous" and start my own. I'm not an Apple fan & I don't own an iPod - I have the 30GB Creative Zen M:Vision mp3 player. I bought iTunes so I could purchase and watch videos, which