SEcurity settings for sender SOAP adapter

Similar Messages

• Alias for Sender SOAP Adapter URL

  When I create a web service for an o/b interface using the wizard, I need to give the URL of the pattern
  http://<host:<port>/XISOAPAdapter/MessageServlet?channel=<party>:<service>:<channel>
  Looking at the URL, I think there is servlet that is processing the incoming SOAP messages based on the parameter (channel) and adding the SOAP Header for Sender Service, Sender Interface from that channel before sending it to IE.
  Is there anyway to create aliases for these URLs so that I can have distinct URL for each interface eg. http://<host:<port>/DeliveryConfirmation, http://<host:<port>/InvoiceCheck etc?
  I need to publish web services in custom-built UDDI tool which expects the URLs to be unique. (This uniqueness should not based on the parameter 'channel'). UDDI tool expects the part of the URL before '?' to be unique, which is not in my case. So, I'm thinking of aliases.
  Did anyone create Alias for sender SOAP adapter URL?
  I appreciate your inputs on this.
  thx
  praveen

  Stefan,
  Creating an alias like (http://<host:<port>/DeliveryConfirmation) for each web service makes the end Point URL (http://<host:<port>/DeliveryConfirmation?channel=<party>:<service>:<channel>) unique and my custom-built UDDI server would allow it.
  In this case, all the aliases would be for the same context path '/XISOAPAdapter/MessageServlet', right?
  I see the following on the help page.
  Prerequisites
  You must first have the J2EE Web applications deployed so that their aliases are added to the list of available application aliases. Then you can decide which one to remove from it.
  Do I need to deploy any J2EE Web Application here?
  I'm thinking that since 'XISOAPAdapter/MessageServlet' is already deployed, I just have to create a various aliases for it.
  I highly appreciate your inputs.
  thx
  praveen

• Failed in Message Mapping for Sender SOAP Adapter

  I am using a synchronous Sender SOAP adapter for sending SOAP messages using HTTP security protocol. I am trying to send SOAP messages to XI and then to RFC-R/3. And Responses back from RFC to XI and then to SOAP. I am getting an error for failed in message mapping in SXMB_MONI for converting SOAP messages to RFC. When I debug it in Message Mapping in Integration Repository, it works fine.
  Any help is appreciated.
  Thanks in advance!
  Mrudula

  Hi,
  try to do a full cache refresh
  regards,
  Jakub

• Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

  Hello All,
  We are currently building up a HTTPS message exchange with an external client.
  Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
  The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
  Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
  Now we have to configure the addtional Client Authentication.
  At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
  But what are the next steps to get this scenario successfully in place?
  Many thanks in advance!
  Jochen

  Hi Colleagues,
  following Steps still have to be done:
  - Mapping public key to technical user at Java Stack
    As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
  - Be sure CA root certivicate at Database under STRUSTSSO2
  - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
  - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
  Many thanks to all for support!
  Regards,
  Jochen

• SOAP message size limitation for sender soap adapter

  Hi All,
  We are facing critical production issue in case of sender SOAP Adapter,
  If the sender soap message is having 114359 Bytes than the Third party is getting exception and SOAP request is not reaching XI.
  If the message size is less then 100kbytes then no exception will come.
  Is this a limitation that SOAP message size should not exceed 100kbyte?
  Thnaks in advance
  Best Regards,
  Harleen Kaur Chadha

  Hi ,
  Thanks for your inputs,Could you please tell me which hardware configurations are you talking about?
  Are you people talking about harware configurations for XI?
  Best Regards,
  Harleen Kaur Chadha

• Error in applying security settings in Receiver SOAP Adapter

  Hi,
  I've used Web Services Security (Oasis standard) and the digital signature and encryption certificate in receiver SOAP adapter and the corresponding Sender Agreement, for adding digital signature and encrypting the message. While sending the message we are getting an error in the adapter engine as below. If anyone can throw light on this it'll be highly appreciated :
  2008-07-18 17:00:21 Error SOAP: error occured: com.sap.aii.af.ra.ms.api.RecoverableException: java.security.PrivilegedActionException: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityException in Method: ApplyMessageLevelSecurity.run(). AccessControlException. Please check that your Code has the XiSecurityRuntimePermission.Context: com.sap.aii.af.security.impl.exception.MessageSecurityException: Exception in Method: apply( Message, CPALookupObject ). General exception, no further informations. Message: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: SAXException in Method: run().; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: SAXException in Method: run().. To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: SAXException in Method: run().; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: SAXException in Method: run()..
  2008-07-18 17:00:21 Error Exception caught by adapter framework: java.security.PrivilegedActionException: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityException in Method: ApplyMessageLevelSecurity.run(). AccessControlException. Please check that your Code has the XiSecurityRuntimePermission.Context: com.sap.aii.af.security.impl.exception.MessageSecurityException: Exception in Method: apply( Message, CPALookupObject ). General exception, no further informations. Message: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: SAXException in Method: run().; To-String: com.sap.aii
  2008-07-18 17:00:21 Error Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: java.security.PrivilegedActionException: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityException in Method: ApplyMessageLevelSecurity.run(). AccessControlException. Please check that your Code has the XiSecurityRuntimePermission.Context: com.sap.aii.af.security.impl.exception.MessageSecurityException: Exception in Method: apply( Message, CPALookupObject ). General exception, no further informations. Message: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: SAXExce.
  Thanks,
  Dipankar

  hi dipanker,
  check the note 856597
  its usefull
  regards
  kummari

• Security settings in Receiver SOAP adapter

  Hey guys
  i m trying to incorporate some security features in my receiver SOAP adapter and taking help from help.sap.com,it mentions some entries in  'Security setting frame' but i cant find it even though i have checked the message security checkbox in my communication channel.
  i m on SP9,is it not available in SP9?
  my message protocol is XI 3.0
  thanx
  ahmad

  Ahmad,
  SOAP adapter supports SSL and Digital Certificates and you need to configure your SSL on the J2EE stack before you can use the same on your SOAP adapter.
  Look into this blog to understand what needs to be done.
  /people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
  Regards
  Bhavesh

• Error in accesing the URL for Sender SOAP Adapter

  Hi Experts,
  I am wrkiing on SOAP-XI-Proxy Scenario. i have completed IR, ID and WSDL generation process.
  While Generating the WSDL File I used following URL. (No Party in my case)
  http://domain name:Port no/XISOAPAdapter/MessageServlet?channel=:SYS_BS1:CC_SOAPSender_Test1
  When i run this same URL on the browser, it asks me the username/password.
  After entering the username/password i am gettnig the Following Error.
  Message Servlet is in Status OK
  Status information:
  Servlet com.sap.aii.adapter.soap.web.MessageServlet (Version $Id: //tc/xpi.adapters/NW07_06_REL/src/_soap_application_web_module/webm/api/com/sap/aii/adapter/soap/web/MessageServlet.java#4 $) bound to /MessageServlet
  Classname ModuleProcessor: null
  Lookupname for localModuleProcessorLookupName: localejbs/ModuleProcessorBean
  Lookupname for remoteModuleProcessorLookupName: null
  ModuleProcessorClass not instantiated
  ModuleProcessorLocal is Instance of $Proxy123_10000
  ModuleProcessorRemote not instantiated
  I have confimed that SOAP sender channel is active and configuration object is also tested in ID.
  I have searched the similar threads but not found proper solution.
  Please suggest.
  Regards
  Jagesh

  Hi Prateek,
  I am trying to access the Web service through the following URL and giving the same Error as mentioned above.
  http://Domain Name:Port No/XISOAPAdapter/MessageServlet?channel=:SYS_BS1:CC_SOAPSender_Test1
  I have also confirmed that my login id consist of all the roles of PIAPPLUSER.
  Is there any further settings required or WSDL file needs to be published first???
  Please suggest.
  Thanks & Regards

• Client Certification for Sender SOAP Adapter

  I am trying to configure an incoming SOAP call to allow client certification for autentication and not ask for username/pwd. I already tried changing the configuration of the SOAP adater in visual admin to have the client certification module with no luck.
  Please let me know if anyone has already done this before.

  Hi,
  Check the link for Client Certificate authentication...
  [http://www.i-barile.it/SDN/EnablingSSL&ClientCertificatesOnTheSAPJ2EEEngine.pdf]
  Regards,
  Prakasu.M

• Sender SOAP Adapter Modules!

  Hi Can anyone guide me how to write a Sender SOAP adapter module ?

  Hi Pooja, thanks for the reply I have seen that.
  Please look at the below forum.
  SOAP Adapter and plain HTTP
  It  says "When you write a module for sender SOAP adapter, you have to deal with the incoming message, as the SOAP adapter first calls the customer module, then creates the XI message."

• Sender SOAP Adapter issue with webservices for authorization.

  Hi All
  Issue:
  As we are developing a Web Service to fetch account balance from SAP(upon receiving the account no from client) and have given the wsdl file to J2EE application  to call or make use of the service.  But as a part of that service they expect userid/password to be entered manually from client  pop-up.  At this point of time, we don't want to enter userid/password manually but  we want this to be hardcoded/embedded in Webservice so that  there is no need of manual intervention upon calling this service.
  Actual Requirement:
  From Webservices to R/3-ECC6.0-IS-Banking-RFC (Synchronous Interface)
  Sender: SOAP Adapter synchronous
  Receiver: RFC Adapter synchronous
  Note: Requesting a account number and getting response from RFC is account Balance and Date to webservice
  Regards
  Kiran kumar.s

  Hi praveen,
  Thanks for ur  reply.What you said is exactly right but for time being i have to make the client not get the authorization(password--Username and password(pop-up)) when he invokes the WSDL into webservice for that u told that to write some hardcode in J2EE application,but i don't know that where to write and what to write.so, if possible can u give me the code and procedure.
  This is the URL:
  http://hcl3sap:50000/XISOAPAdapter/MessageServlet?channel=:BS_WEBSERVICE:CC_SOAPSENDER
  Regards,
  kiran kumar.

• IOException: invalid content type for SOAP: TEXT/ using Sender SOAP adapter

  Hi all,
  When I am using Sender SOAP adapter, i am getting (MessagingException: Could not parse XMBMessage. Reason: java.io.IOException: invalid content type for SOAP: TEXT/HTML using connection SOAP_http://sap.com/xi/XI/System) exception.
  From my RWB I can see:
  2009-05-25 16:18:39 Information The message was successfully retrieved from the call queue.
  2009-05-25 16:18:39 Information The message status was set to DLNG.
  2009-05-25 16:18:39 Error Failed to parse the XI system response.
  2009-05-25 16:18:39 Error The message was successfully transmitted to endpoint com.sap.engine.interfaces.messaging.api.exception.MessagingException: XIMessage creation failed (inbound). Reason: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Could not parse XMBMessage. Reason: java.io.IOException: invalid content type for SOAP: TEXT/HTML using connection SOAP_http://sap.com/xi/XI/System.
  2009-05-25 16:18:39 Error The message status was set to FAIL.
  2009-05-25 16:18:39 Error Returning to application. Exception: com.sap.engine.interfaces.messaging.api.exception.MessagingException: XIMessage creation failed (inbound). Reason: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Could not parse XMBMessage. Reason: java.io.IOException: invalid content type for SOAP: TEXT/HTML
  Please help if possible! Thanks!
  Mayank

  Hi,
  Check in SLD your integration engine business system have the following
  pipeline url : http://server:httpport/sap/xi/engine?type=entry
  check Http port also
  After that go to TCODE - SXMB_ADM - integrationn engine configuration and check if your server is configured as HUB with the same url or not.
  Thanks
  Kasturika Phukan

• Communication using Sender soap adapter using secured certificates

  Hi All,
  For sender soap scenario,
  We have installed 3rd party certificate on XI and we have give them XI SSL certificate to 3rd party.
  We are getting handshake error when they send message using XI URL.Can you please tell me in which location on webserver where 3rd party has to install certificate and what all settings
  I need to give in communication channel and sender agreement?
  thanks a lot.
  Best Regards,
  Harleen Kaur Chadha

  Can you please tell me in which location on webserver where 3rd party has to install
  certificate and what all settings I need to give in communication channel and sender agreement?
  Check this link to know more:
  http://help.sap.com/saphelp_nwpi71/helpdata/en/32/1c1041a0f6f16fe10000000a1550b0/frameset.htm
  Also there is a Blog by Alexander on Principal Propagation....you can refer it to know more on how, where to include the certificates..
  Regards,
  Abhishek.

• SMIME in sender soap adapter

  Hi,
  I'd like to know the proper format of the POST request to a sender soap adapter with SMIME activated. I've found almost no documentation about it.
  I'm trying to send a document ciphered to PI via soap adapter (HTTP POST). I've done the following steps
  1. I activate SMIME in the sender soap adapter, and I specify "Decrypt" as the security procedure in the sender agreement. I also incorporate the private key in the keystore DEFAULT and reference to it in the sender agreement.
  2. I use OpenSSL to cipher an xml document like this (I use the public certificate associated to the previous private key) :
  --> openssl smime -encrypt -in fich.txt -out fich_encrypted.txt certTesting.pem
  What I get is:
  MIME-Version: 1.0
  Content-Disposition: attachment; filename="smime.p7m"
  Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
  Content-Transfer-Encoding: base64
  MIIC....[base64 content of the file encrypted]
  3. I use CURL to send the HTTP POST request to PI. Previously I get the binary file from the base64 content.
  > POST /XISOAPAdapter/MessageServlet?senderParty=&senderService=BC_1[...]
  > Authorization: Basic c2U[...]
  > Host: pi.[...].com:50000
  > Accept: /
  > Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=fich_encrypted.der
  > User-Agent: Jakarta Commons-HttpClient/3.1
  > Accept-Encoding: text/xml
  > Content-Disposition: attachment; filename=fich_encrypted.der
  > Content-Length: 620
  > Expect: 100-continue
  but I get this error from the SOAP Adapter:
  --> java.io.IOException: invalid content type for SOAP: APPLICATION/PKCS7-MIME.
  I also get the same error if I remove the header Content-Disposition.
  4. If I send the xml file without ciphering (header Content-Type: text/xml;charset=UTF-8) I get the error:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: call failed: java.lang.SecurityException: Exception in Method: VerifySMIME.run(). LocalizedMessage: SecurityException in method: verifySMIME( MessageContext, CPALookupObject ). Message: IllegalArgumentException in method: verifyEnvelopedData( ISsfProfile ). Wrong Content-Type: text/xml;charset=UTF-8. *Expected Content-Type: application/pkcs7-mime or application/x-pkcs7-mime*. Please verify your configuration and partner agreement
  PROBLEM --> I really don't know what the SOAP sender channel is expecting when SMIME is activated. I've tried to send the binary file encripted as an attachment and also directly, but the soap adapter complains.
  Thanks

  HI,
  for XI EP
  Please see the below links so that you can have clear Idea..
  /people/saravanakumar.kuppusamy2/blog/2005/02/07/interfacing-to-xi-from-webdynpro
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/java/integrating%20web%20dynpro%20and%20sap%20xi%20using%20jaxb%20part%20ii.article
  Consuming XI Web Services using Web Dynpro – Part II-/people/riyaz.sayyad/blog/2006/05/08/consuming-xi-web-services-using-web-dynpro-150-part-ii
  Consuming XI Web Services using Web Dynpro – Part I -/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
  /people/sap.user72/blog/2005/09/15/creating-a-web-service-and-consuming-it-in-web-dynpro
  /people/sap.user72/blog/2005/09/15/connecting-to-xi-server-from-web-dynpro
  Regards
  Chilla..

• How to use Basis Authentication in Sender SOAP Adapter

  We implemented one Sender SOAP Adapter and we had to implement the modified WEB.XML method to remove the security specification.  We have now asked the developer to correct this situation so we can remove this modification.  The Interface developer would like to use Basic Authentication. If you have an automated interface sending in a SOAP Message, how do you do Basic Authentication? 
  I've tried using:
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  When I do this, I still get the Authentication Pop-Up Window.
  How does the Sending Interface either supply the ID and Password on the incoming SOAP Message or respond to the Authentication Pop-Up?
  Thanks,
  Anne

  By Defualt the web service exposed by you will use Basic Authentication mode only.
  But the way you do Basic Authentication in the web client is platfrom dependent.
  This is not the way to do Basic authentication
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  I am providing you a code snippet on how to Basic Authentication in Java when making the Web Service Call.
  If the client is on some other platform just look for the corresponding api.
  Please award points if you find this answer useful.
  Code Snippet
  URL url = new URL(URL);
  URLConnection connection = url.openConnection();
  if( connection instanceof HttpURLConnection )
  ((HttpURLConnection)connection).setRequestMethod("POST");
       //connection.setRequestProperty("Content-Length",Integer.toString(content.length()) );
       connection.setRequestProperty("Content-Type","text/xml");
       connection.setDoOutput(true);
       String password = User + ":" + Password ;
        //Where con is a URLConnection 
       connection.setRequestProperty ("Authorization", "Basic " + encode(User + ":"+ Password));
       connection.connect();
  Encode Method
  public static String encode (String source) {
  BASE64Encoder enc = new sun.misc.BASE64Encoder();
  return(enc.encode(source.getBytes()));