Sender SOAP Adapter with Https

Similar Messages

• Sender SOAP Adapter with HTTPs call

  Hello,
  Our scenarion is ..  we will have a sender SOAP adater .. but it needs to be called using HTTPs(SSL).
  Now considering we have the certificate generated and installed ..and that integration server is HTTPs enabled....What URL should the sending system call..?
  For normal HTTP call the inbound address for inbound Adapter is: http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel
  For the case of HTTPs just changing the htttp to https and the port number in in the calling system will suffice? Or is there other configurations that needs to be done??
  Thanks and Regards,
  Himadri

  Hi Himadri,
  Firstly as suggested by others you can call using https and give the https port in the soap adapter servler URL. Secondly you need to do the following configurations:
  1) If its PI 7.0/3.0, deploy the latest version of the SAP Java cryptography toolkit.
  2) Configure SAP PI as the server for HTTPS calls. In short
        Using the SSL Provider service:
                              a.      Select whether the J2EE Engine should:
                                 ■      Request (but not require) that the user presents a client certificate for authentication.
                                 ■      Require that client certificates are to be used for authentication.
                              b.      Import the CAu2019s root certificate into the Trusted Certification Authorities list. (Choose Add.) using the following For all the steps, link is mentioned below for XI 3.0, you can find similar ones for PI 7.0
  http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/content.htm
  3) If you want to enable client authentication then you would need to add the client certificate in the TrustedCA keystore view of the SAP J2EE engine.
  4) In the SOAP Adapter sender channel, configure Inbound Security level as HTTPS or HTTPs with client authentication based on your scenario.
  Best Regards,
  Pratik

• Can we enhance the Sender SOAP Adapter with our own modules?

  Hi All,
  Can we enhance the Sender SOAP Adapter with our own modules on the Module Tab Page in the Module Processor?
  I believe the answer is no. However, whatever may be the answer, I would like to know that is there any specific reason for that.
  Please help me in this regard.
  Thanks,
  Yogi.

  Hi,
  I think, we are mentioning the URL of the adapter channel directly in the configuration. SO there is no place we can customize this flow..just a thought
  Because in the file adapter etc, After Adapter Engine picks up the data and before it goes into integration engine module is processed..
  http://help.sap.com/saphelp_nw2004s/helpdata/en/fc/5ad93f130f9215e10000000a155106/content.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f013e82c-e56e-2910-c3ae-c602a67b918e
  Rgds,
  Moorthy

• Special characters in sender soap adapter provoke HTTP 500 error

  Hi,
  SAP R3 is sending a SOAP message to PI through SOAP adapter.
  When the payload does NOT contain german characters like ü, it works fine.
  However, when the payload DOES contain special characters, the SOAP adapter replies with an HTTP 500 code error.
  If I use SoapUI to send the soap message, and setting UTF-8 as the encoding in the program options, it will go through fine. If I change to ISO-8859-1 it will fail.
  I'm thinking in two options:
  - Make sure that SAP R3 sends the message in UTF-8 format (I think this is happening currently), as if SoapUI works, then probably R3 is not using UTF-8.
  - Force the adapter to use UTF-8. Is this possible? In the sender SOAP adapter I've added AF_Modules/MessageTransformBean (type local EB), and then Transform.ContentType for parameter name and --> text/plain;charset=utf-8 for parameter value. The sender adapter will fail then for every message, with or without special characters.
  Anyway, in this link (http://help.sap.com/saphelp_nwpi71/helpdata/EN/a4/f13341771b4c0de10000000a1550b0/frameset.htm) it seems to say that the sender soap adapter cannot be extended with modules, so maybe that's the reason why it fails when trying to add a module.
  Thanks

  If I use SoapUI to send the soap message, and setting UTF-8 as the encoding in the program options, it will go through fine. If I change to ISO-8859-1 it will fail.
  I'm thinking in two options:
  Check the use of option 1 ..... the URL which SAP is using to send the data can containe the encoding information.
  Check this SAP note: https://service.sap.com/sap/support/notes/856597
  From the above note:
  Q: What character encoding is supported by the SOAP sender adapter?
  +you can supply the encoding information with the xmlenc variable in the request URL as in+
  Regards,
  Abhishek.

• How to make call to Sender Soap Adapter using HTTPS with Client Aut

  Hello everyone, I have spent some time trying to get this to work. We downloaded a trail certificate from SAP and installed it on our machine and I created a webservice that works great. I tested the HTTPS without client authentification and it works great, as soon as I change it to use with Client Authentification I can't get it to go through. I am using Soap Sonar to test the certificates. To get the certificate I called the url with firefox then saved the certificate in my trust store, from there I import it to soap sonar as a signed certificate, but I am getting the error  <Exception>Object contains only the public half of a key pair. A private key must also be provided.</Exception>  I assume I am doing something way wrong, is there a way to get the certificate with both public and private key pair, or a way to test this that I can't seem to find in documentation or blogs?
  I def award points
  Cheers
  Devlin

  Hi
  I think This link is useful to u
  http://www.sapag.co.in/SAP-XI-SOAP-Adapter-FAQ'S.html
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/40611dd6-e66e-2910-f383-e80fb44f9cd4
  Thanks
  Santosh

• Error using Sender SOAP adapter over HTTPS

  Hi experts,
  Few weeks ago, i developed an interface as follows: SOAP <-> XI <-> RFC.
  I tested the functionality using Altova and everything went well, with HTTP.
  However, when i use HTTPS it fails throwing these error messages (pop ups):
  <i>"HTTP error: could not post file"......
  "Error sending the soap data"</i>
  I have reviewed the SSL certificates installation and everything seems to be ok, but currently i am stuck and do not know how to fix this.
  I have also change the ID comm channel from HTTP to HTTPS with client aut.
  Is there any special service i have to activate? (XI services and SPIGATE are already done)
  Could you please assist?
  Thanks in advance and best regards,
  David

  David,
  have a look @ these threads...u may get some help!!!
  Sender Soap with HTTPS
  https Soap Adapter
  Regards
  Biplab

• Sender Soap adapter with 2 different operartion

  Hi,
  I have a request to create a web service that contain 2 operation. Any way to explose web service with 2 operations? Thanks.

  Hi,
  PI 7.1 above already supported for multiple operation per webservice. You can configure the operation in Message Interface.
  Best Regards
  Fernand.

• SMIME in sender soap adapter

  Hi,
  I'd like to know the proper format of the POST request to a sender soap adapter with SMIME activated. I've found almost no documentation about it.
  I'm trying to send a document ciphered to PI via soap adapter (HTTP POST). I've done the following steps
  1. I activate SMIME in the sender soap adapter, and I specify "Decrypt" as the security procedure in the sender agreement. I also incorporate the private key in the keystore DEFAULT and reference to it in the sender agreement.
  2. I use OpenSSL to cipher an xml document like this (I use the public certificate associated to the previous private key) :
  --> openssl smime -encrypt -in fich.txt -out fich_encrypted.txt certTesting.pem
  What I get is:
  MIME-Version: 1.0
  Content-Disposition: attachment; filename="smime.p7m"
  Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
  Content-Transfer-Encoding: base64
  MIIC....[base64 content of the file encrypted]
  3. I use CURL to send the HTTP POST request to PI. Previously I get the binary file from the base64 content.
  > POST /XISOAPAdapter/MessageServlet?senderParty=&senderService=BC_1[...]
  > Authorization: Basic c2U[...]
  > Host: pi.[...].com:50000
  > Accept: /
  > Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=fich_encrypted.der
  > User-Agent: Jakarta Commons-HttpClient/3.1
  > Accept-Encoding: text/xml
  > Content-Disposition: attachment; filename=fich_encrypted.der
  > Content-Length: 620
  > Expect: 100-continue
  but I get this error from the SOAP Adapter:
  --> java.io.IOException: invalid content type for SOAP: APPLICATION/PKCS7-MIME.
  I also get the same error if I remove the header Content-Disposition.
  4. If I send the xml file without ciphering (header Content-Type: text/xml;charset=UTF-8) I get the error:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: call failed: java.lang.SecurityException: Exception in Method: VerifySMIME.run(). LocalizedMessage: SecurityException in method: verifySMIME( MessageContext, CPALookupObject ). Message: IllegalArgumentException in method: verifyEnvelopedData( ISsfProfile ). Wrong Content-Type: text/xml;charset=UTF-8. *Expected Content-Type: application/pkcs7-mime or application/x-pkcs7-mime*. Please verify your configuration and partner agreement
  PROBLEM --> I really don't know what the SOAP sender channel is expecting when SMIME is activated. I've tried to send the binary file encripted as an attachment and also directly, but the soap adapter complains.
  Thanks

  HI,
  for XI EP
  Please see the below links so that you can have clear Idea..
  /people/saravanakumar.kuppusamy2/blog/2005/02/07/interfacing-to-xi-from-webdynpro
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/java/integrating%20web%20dynpro%20and%20sap%20xi%20using%20jaxb%20part%20ii.article
  Consuming XI Web Services using Web Dynpro – Part II-/people/riyaz.sayyad/blog/2006/05/08/consuming-xi-web-services-using-web-dynpro-150-part-ii
  Consuming XI Web Services using Web Dynpro – Part I -/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
  /people/sap.user72/blog/2005/09/15/creating-a-web-service-and-consuming-it-in-web-dynpro
  /people/sap.user72/blog/2005/09/15/connecting-to-xi-server-from-web-dynpro
  Regards
  Chilla..

• SOAP adapter using HTTPS

  We need to using SSL over HTTP for our web service defined in PI, basically using HTTPS in our SOAP adatper. I did a lot of research on this, seems like it's not an easy job to enable SSL. However I am only interested in making it work from an application developer point of view, enabling SSL, generating/installing certificate is a job for basis people.
  So I created an sender CC with SOAP adapter with HTTPS with client authentication. (BTW, what is HTTPS without client authentication, does it mean HTTPs with server authentication where the server certificate is to be installed at the client side?), to my understanding, the client certificate should be installed in NWA (We have PI 7.1, not 7.0 -) and somewhere in ID (like sender agreement) we need to specify which client certificate should be used to authenticate the client who calls our service. However nowhere in ID I can specify which client certificate should be used for the defined sender CC. So how would it work in runtime? When my web service is called, which client certificate does PI use to authenticate the client?
  It'd very much appreciated if you could give more information about how HTTPS for SOAP adapter works? I've done lot of research on this, but still confused.
  Thanks

  Hi,
  for transport level security you should assign the HTTPS connection created in SM59 to the SOAP communication channel.
  The HTTPS connection should use the certificates imported in t-code STRUST.
  1. You have to dounload the SAP cryoptographic librariers.
  2. Set the specific paramerts in RZ10
  3. Maintain the enviornmental variables & you need to keep the logon tickets too in some specific directory.
  4. Import the client & server certificates into STRUST.
  You can find some documents on ABAP ssl configuration from the SDN library .... I don't have a link now
  Regards
  Sunil.

• Sender SOAP Adapter - XMLAnonymizerBean

  Hi All,
  I am trying to use XMLAnonymizerBean in " sender SOAP Adapter " with out much luck .
  Even though I have enter the bean in the module chain , the xml o/p to the mapping program is still
  continuing to have namespaces which I was trying to remove.
    If some body has tried this out , could you kindly confirm if XMLAnonymizerBean could be used or
  not in a Sender SOAP Adapter.
  Many thanks
  KLK

  This blog says - "It is not possible to use this module in the sender SOAP adapter as this adapter type does not support any additional modules. "
  /people/stefan.grube/blog/2007/02/02/remove-namespace-prefix-or-change-xml-encoding-with-the-xmlanonymizerbean
  Regards,
  Ravi

• Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

  Hello All,
  We are currently building up a HTTPS message exchange with an external client.
  Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
  The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
  Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
  Now we have to configure the addtional Client Authentication.
  At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
  But what are the next steps to get this scenario successfully in place?
  Many thanks in advance!
  Jochen

  Hi Colleagues,
  following Steps still have to be done:
  - Mapping public key to technical user at Java Stack
    As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
  - Be sure CA root certivicate at Database under STRUSTSSO2
  - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
  - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
  Many thanks to all for support!
  Regards,
  Jochen

• SOAP sender adapter with HTTPS

  Hi All,
  We have a requirement where we need to add message security to messages sent by sender SOAP adapter.
  To achieve this, I understand that I need to the following steps:
  1. Check 'Configure Certificate Authentation'
  2. Get the SSL certifiate given by receiver system and import it into SAP, and select it in SOAP Comunication channel
  3. 'Keystore VIEW' - What should i select here?
  4. Security Parameters/Security Profile - Do I have to check this option and select a security profile?
  Please let me know IF I missed something here.
  Thanks,
  Chandra

  Hi Chandra,
  One pre-requisite would be you need to install the SAP cryptographic library for using SSL.
  In the keystore view, you will select the view of the keystorage where the SSL certificate has loaded.
  Please check the sap help below for more details, als sap note 891877.
  http://help.sap.com/saphelp_nwpi711/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  regards,
  francis

• Error in SOAP Receiver Adapter with HTTPS

  Dear All,
  I am developing a SOAP to SOAP scenario with HTTPS i.e. client without authentication and I am facing an issue with the receiver adapter. Few messages fails in the receiver side while rest are successful.
  Error - Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  Please let me know what can be the reason for the error.
  Thanks and Regards,
  Rana Brata De

  Hi Rana,
  Check the certificates sequence as well the certificates end dates in STRUST in SAP PI system. if, deployed in NWA level check over there.
  One more :: sending the data to web server or web page. make sure, PI is pointing to which server.
  Regards,
  Kesava.

• HTTPS sender soap adapter

  Hi,
  I want to use HTTPS port for one of our SOAP -->RFC sync interface .
  currently we are using  http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel this url and its working fine,
  Here  we want to use  HTTPS  ( HTTPS with client authentication as security level) ,but in our current PI system ( 7.31) is  not enabled https/ports.
  Please let me know how we can enable  HTTPS  port ,let me know the process.
  once HTTPS port is enabled  please let me know the process to use  HTTPS with client authentication as security level)
  Thanks
  Surya

  Hi Surya,
  Base on your requirement ports like 433, 4022 etc as per availability to Trading partners.
  Port mapping should be done in the firewall configuration as your web dispatcher port(This information can be obtained from your basis team / will be managed at the installation time / netweaver administration.)
  80* series is for ABAP ports and 50* series i sfor JAVA port.
  Also check the below link for more information.
  http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/09/20/sender-soap-adapter-https-with-client-authentication
  Thanks and Regards,
  Naveen

• SOAP Adapter with Security Levels - HTTP & HTTPS

  We have a successfully working interface scenario where SAP XI is hosting a web service and the partner systems calling it using SOAP Adapter URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel with Security Level HTTP on the SOAP Sender Communication channel.
  Going forward, for other similar interfaces (SAP XI hosting Web Service and partner systems calling it), we would like to use HTTPS and/or certificates.
  If we enable HTTPS on XI J2EE server as per the guide How to configure the [SAP J2EE Engine for using SSL - Notes - PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc]....
  can partner systems still use the URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel or should they switch to https://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel?
  can we continue to have the existing interface working using HTTP Security Level i.e. partners not having to send the certificate with each message?
  If we use HTTPS security level, is it mandatory for the partner system need to send the certificate? Is it possible to have an HTTPS scenario w/o certificates?
  What is the difference between Security Levels  'HTTPS Without Client Authentication' & 'HTTPS with Client Authentication'?
  I appreciate your inputs on this.
  thx in adv
  praveen
  PS: We are currently on SAP PI 7.0 SP17

  Hi Praveen,
  There is no need to change the interface and It is manditory for the partners to send certificates in order to validate each other. Use the https in url.
  HTTPS With Client authentication:
  The HTTPS client identifies itself with a certificate that is to be verified by the server. To validate the HTTPS clientu2019s certificate, the HTTPS server must have a corresponding CA certificate that validates this certificate. After validation of the clientu2019s certificate, the server maps the certificate to an actual system user executing the HTTP request.
  and check this link.
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  Regards,
  Prasanna