SOAP Adapter with Security Levels - HTTP & HTTPS

Similar Messages

• Sender SOAP Adapter with HTTPs call

  Hello,
  Our scenarion is ..  we will have a sender SOAP adater .. but it needs to be called using HTTPs(SSL).
  Now considering we have the certificate generated and installed ..and that integration server is HTTPs enabled....What URL should the sending system call..?
  For normal HTTP call the inbound address for inbound Adapter is: http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel
  For the case of HTTPs just changing the htttp to https and the port number in in the calling system will suffice? Or is there other configurations that needs to be done??
  Thanks and Regards,
  Himadri

  Hi Himadri,
  Firstly as suggested by others you can call using https and give the https port in the soap adapter servler URL. Secondly you need to do the following configurations:
  1) If its PI 7.0/3.0, deploy the latest version of the SAP Java cryptography toolkit.
  2) Configure SAP PI as the server for HTTPS calls. In short
        Using the SSL Provider service:
                              a.      Select whether the J2EE Engine should:
                                 ■      Request (but not require) that the user presents a client certificate for authentication.
                                 ■      Require that client certificates are to be used for authentication.
                              b.      Import the CAu2019s root certificate into the Trusted Certification Authorities list. (Choose Add.) using the following For all the steps, link is mentioned below for XI 3.0, you can find similar ones for PI 7.0
  http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/content.htm
  3) If you want to enable client authentication then you would need to add the client certificate in the TrustedCA keystore view of the SAP J2EE engine.
  4) In the SOAP Adapter sender channel, configure Inbound Security level as HTTPS or HTTPs with client authentication based on your scenario.
  Best Regards,
  Pratik

• Can we enhance the Sender SOAP Adapter with our own modules?

  Hi All,
  Can we enhance the Sender SOAP Adapter with our own modules on the Module Tab Page in the Module Processor?
  I believe the answer is no. However, whatever may be the answer, I would like to know that is there any specific reason for that.
  Please help me in this regard.
  Thanks,
  Yogi.

  Hi,
  I think, we are mentioning the URL of the adapter channel directly in the configuration. SO there is no place we can customize this flow..just a thought
  Because in the file adapter etc, After Adapter Engine picks up the data and before it goes into integration engine module is processed..
  http://help.sap.com/saphelp_nw2004s/helpdata/en/fc/5ad93f130f9215e10000000a155106/content.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f013e82c-e56e-2910-c3ae-c602a67b918e
  Rgds,
  Moorthy

• Extended SOAP Scenario with Security

  Hi All,
  Could anyone send me the step by step procedure for "Extended SOAP Scenario with Security"?
  Regards,
  Sai.

  Hello,
  Please use the search option on SDN.
  There are no step by step guides as such and you will have to combine multiple different activities to achieve this, including set up of Server SSL on XI and then set up of the SOAP adapter to use the certificates.
  Refer to the guides on SDN for these.
  Regards
  Bhavesh

• SOAP Adapter with Webservice Provider URL

  This is what I did. Configured a Receiver SOAP adapter with SOAP 1.1 Message Protocol. Target URL is the WSDL URL Binding (SOAMANAGER) with authentication.
  When I test the scenario the Message is through PI and Communication Channel - No errors
  However strangely I do not see anything happening in ECC. Sometimes a log shows up in SOAMANGER "SOA Runtime Log/Trace Viewer" which has SOAP Runtime Error Information. This is very inconsistent again.
  I have tested SOAP with XI 3.0 Message Protocol and the messages are through in ECC. No problems there.
  Also Tried with directly using "SOAP Location URL" from within the Binding WSDL URL. This also results in DUMP in ECC.
  Does SOAP adapter with SOAP 1.1 Message Protocol support Webservice Provider in ECC EHP5(SOAMANAGER Binding)? Is it built to support this kind of scenario? Or only WS adapter can invoke the Binding URL?
  Is there any other URL that can be invoked with SOAP -SOAP1.1?
  Using PI 7.1 Service Pack 5.
  Pavan.
  Edited by: pavan sodani on Aug 12, 2011 4:57 AM

  Did you properly expose the RFC/Class in SOAMANAGER of the backend system? there is no endpoint created by default. You have to create and endpoint for a logical system (I guess). Then try calling the webservice from any 3rd party tool like Altova XML Spy. If that works then the ABAP webservice is working good and could be called from PI.
  VJ

• Sender SOAP Adapter with Https

  Hi,
  can any one give me information on  how my Sender SOAP adapter to be configured with HTTPS port.
  please give me the what are all different ways to make my Sender SOAP Adapter secure and give me the steps to achieve the functionality.
  Thank You,
  Madhav

  check this section:
  http://help.sap.com/saphelp_nw70/helpdata/EN/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  Also some help from SAP note:
  https://service.sap.com/sap/support/notes/891877
  Regards,
  Abhishek.
  Edited by: abhishek salvi on May 29, 2009 1:59 PM

• Plain HTTP Adapter vs SOAP Adapter with regards to SSL

  Hi,
  I need to setup communication channles within XI to send and receive secure xml. I am confused after reading the XI documentation and the some of the discussion forums on SDN.
  Can anyone clarify the following:
  1) Does the plain HTTP Adapter support SSL? According to the XI documentation is does NOT? Have I miss read it?
  2) This being the case, the only way to send and receive secure XML is to use the XI/SOAP Adapter?
  Thanx for your help.
  Cheers
  Yackeen

  Hi Yackeen,
  no, that's not true. The plain HTTP Adapter supports SSL. No problem.
  Regards,
  Udo

• SOAP Adapter with application/x-www-form-urlencoded

  You can use the content type "application/x-www-form-urlencoded" in a SOAP adapter?
  Thank you.

  I did the configuration below:
  "Here you have to use below configuration parameters for Module
  Transform.Class = com.sap.aii.messaging.adapter.Conversion
  Transform.ContentType = application / x-www-form-urlencoded "
  However, got the following error:
  =======================================================================================================
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--  Inbound Message
    -->
  - <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
    <SAP:Category>XIAdapterFramework</SAP:Category>
    <SAP:Code area="MESSAGE">GENERAL</SAP:Code>
    <SAP:P1 />
    <SAP:P2 />
    <SAP:P3 />
    <SAP:P4 />
    <SAP:AdditionalText>com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.lang.ClassNotFoundException: com.sap.aii.messaging.adapter.Conversion -
  Loader Info -
  ClassLoader name: [sap.com/com.sap.aii.af.mod.trans.app] Living status: alive Direct parent loaders: [system:Frame] [service:servlet_jsp] [service:ejb] [library:engine.j2ee14.facade] [library:com.sap.base.technology.facade] [library:com.sap.aii.af.lib] [library:com.sap.aii.af.sdk.lib] [service:com.sap.aii.af.cpa.svc] [service:com.sap.aii.af.svc] [service:com.sap.aii.adapter.xi.svc] [library:com.sap.aii.adapter.lib] Resources: C:\usr\sap\PI1\DVEBMGS04\j2ee\cluster\apps\sap.com\com.sap.aii.af.mod.trans.app\EJBContainer\applicationjars\com.sap.aii.af.mod.trans.ejb.jar -
  </SAP:AdditionalText>
    <SAP:Stack />
    <SAP:Retry>M</SAP:Retry>
    </SAP:Error>
  =======================================================================================================
  Any suggestion?
  Thank you.
  Regards,
  Bruno

• Howto proces SOAP Header with security info

  My incoming Soap messages contain security info in the soapenv:Header part.
  However, I only need the contents of the Body element.
  If I do NOT handle the Soap Message, then an Exception is thrown: something like: 'Do not know how to handle MustUnderstand'.
  So something must be done with the Security info in the header, but I do not know how. Do I have to remove the header completely in the Soap handler, after checking the singning? If somebody can point me to some examples of Soap header processing for this case it would be helpful.
  kind regs.
  Harry

  Hi Harry
  The header in Soap Messages is optional. Is is used to carry security information, that is security on the level of the Soap message. So when the header of an incoming Soap message is 'handled', the header is of no use any longer and can (must) be discarded. Indeed discarded, because the rest of the handlers don't expect a header in the Soap message. They extract the 'contents' from the body of the Soap message, and deliver that to you backend system.
  I will describe the header handling in the webservice: to get access to the Soap message in your code, you have to write a 'handler' Class. This Class should implement the Handler Interface or extend the abstract GenericHandler Class. To handle only the incoming Soap messages, the 'Requests', the method 'handleRequest' should be implemented. This handleRequest method has 1 parameter (mc) with type MessageContext. This parameter contains the original Soap message in Object format. You can access the original header information via:
  SOAPMessageContext smc = (SOAPMessageContext)mc;
  SOAPMessage message = smc.getMessage();
  SOAPPart part = message.getSOAPPart();
  SOAPEnvelope envelope = part.getEnvelope();
  SOAPHeader header = envelope.getHeader();
  With: Iterator iterator = header.getChildElements();
  you can navigate through the header elements and do whatever you like. If you decide that security info in this header does not match the contents of the body for instance, you can issue an Exception and log it.
  After processing the header you have to discard it with:
  header.detachNode(); and let your handleRequest method return 'true'.
  The rest of the webservice processing takes the contents from the body element, and delivers that to your application.
  To let you webservice make use of your Handler, you have to name it in the web-services.xml as follows:
  <webservices>
  <handler-chains>
  <handler-chain name="myChain">
  <handler class-name="a.b.c.MyHandler" />
  </handler-chain>
  </handler-chains>
  <web-service name="MyService">
  <operations>
  <operation ... handler-chain="myChain" .... />
  </operations>
  When the webservice 'MyService' gets a request, the handler 'MyHandler' is automatically invoked. you can have more handlers in a chain. Also you can declare more chains in your <webservices> section and refer to them from the <operation> elements.
  Items of interest:
  javax.xml.rpc.handler.soap.*
  javax.xml.rpc.handler.*
  javax.xml.namespace.*
  javax.xml.soap.*
  May be this of use for you :).

• Messages failing in the SOAP adapter with the errror

  HI 
  I am getting the below error in the SOAP adapter monitoring . can any body tell what does "No route to host: Connect" mean .
  could some one help us on resolving this .
  Error Exception caught by adapter framework: No route to host: connect
  Error Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: No route to host: connect: java.net.NoRouteToHostException: No route to host: connect. Setting message to status failed.
  Error The message status set to FAIL.
  Error Returning synchronous error message to calling application: com.sap.aii.af.ra.ms.api.RecoverableException: No route to host: connect: java.net.NoRouteToHostException: No route to host: connect.
  thanks and regards
  sandeep

  Hi!
  First please confirm whether you are working on XI or PI 7.1 ?
  because in XI you need to generate WSDL manaually via Tools>Define Web service-Giving Input..and in XI you need to test the SOAP scenario from external tool like Altova xml spy tool kit or else SOAP client tool.
  In PI 7.1::
  You can publish directly the web service in the SERVICE REGISTRY from sender agreement onwards.
  once it is published you can check the status on your interface in service registry as CONFIGURED..Okay
  Here you can test directly in service registry...
  According to your error check ocne agan even though you gone through all the steps..
  1. Check whether the SOAP service is active or not in SICF>SAP>bc>XI>Service-->SOAP.
  2. sicne after generating wSDL u can get one url right that URL itself acts as  a gateway to enter the source data into XI..
  lets give to the source team to try with XI super uID adn PWD as authentification.
  3. Also please STOP ur communication Channel and start once again.
  4. Please check whether the WEB Service is configured correctly or not.
  Regards::
  Amar Srinivas Eli

• AUTHSERVER USE with security level of "MANDATORY_ACL"

  Has anyone done this? When i sent security to "MANDATORY_ACL", the AUTHSVC does
  not come up. But if I change
  that to "USER_AUTH" it comes up. Does it not work with MANDATORY_ACL level or
  am I doing something wrong?
  Any help appreciated. Thanks in advance.

  Oops - of course SECURITY and AUTHSVC should be on
  separate lines in the ubbconfig! It seems that one
  needs to enter double-spaced lines when posting in
  this newsgroup... (but the quote further down seems
  OK though.)
  I try again:
  SECURITY MANDATORY_ACL
  AUTHSVC "..AUTHSVC"
  /Per
  "Per Lindström" <[email protected]> wrote:
  >
  Hello Ramnath,
  when you use ACL or MANDATORY_ACL security with the BEA-
  supplied AUTHSVR, you must define AUTHSVC as "..AUTHSVC"
  instead of "AUTHSVC", like this:
  SECURITY MANDATORY_ACL
  AUTHSVC "..AUTHSVC"
  I hope this will solve your problem.
  Best regards,
  /Per
  "Ramnath Cidambi" <[email protected]> wrote:
  Has anyone done this? When i sent security to "MANDATORY_ACL", the AUTHSVC
  does
  not come up. But if I change
  that to "USER_AUTH" it comes up. Does it not work with MANDATORY_ACL
  level or
  am I doing something wrong?
  Any help appreciated. Thanks in advance.

• Errors with Resource Adapter with data source as "http header"

  hi Team,
  The objective was to create a ResourceAdapter that will get accountid from http-header and automatically log me in. More like Siteminder, Tivoli Access Mgr.
  In the adapter's "prototype.xml", I added this line.
  "<AuthnProperty name='sauid' displayName='UserID in From Browser' formFieldType='text' isId='true' dataSource='http header'/>
  I enable pass-through authn for "user-interface" app.
  My test passes, when I login to "/idm/user". I am not prompted for uid/pwd instead I am
  transparently logged and presented with self-service page, aka single-sign-on. so far so good.
  But, I have an issue when when I login to /idm (not /idm/user) as configurator and then try to create a new user.....I donot see the set password fields in modify.jsp. This issue is only apparent if I set enable pass-through for user-interface. If I reset the user interface to default, which is userid/pwd, then I do see set-password-fields in modify.jsp.
  Any leads on why this could be happening?

  Hi Asam,
  If we want to create a parameter depend on another dataset, we can additional create or add the dataset, embedded or shared, that has a query that contains query variables. Then use the option that “Get values from a
  query” to get available values. For more details, please see:http://msdn.microsoft.com/en-us/library/dd283107.aspx
  http://msdn.microsoft.com/en-us/library/dd220464.aspx
  As to the Report Builder features, we can refer to the following articles:http://technet.microsoft.com/en-us/library/hh213578.aspx
  http://technet.microsoft.com/en-us/library/hh965699.aspx
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• SOAP Adapter XI 3.0 Response HTTP 402 ICM_HTTP_TIMEOUT

  When i sent a soap request to a ext. Server all is fine.
  But at the moment to get the response following error come up.
  Error when receiving by HTTP (error code: 402, error text: ICM_HTTP_TIMEOUT).
  What is wrong?
  IP-address of the client: 169.254.25.129 (SOAP)
                       Date: 20:22:30.674, 10.10.2004
                       User: EXAMPLE, Profile: DEFAULT, ID:
                       CPU time in ms: 450, Reply time in ms: 450
                       Statistics: 1; 0 (0); 0; 0 (0 / 0 / 0)
                       2 result(s) found
                       Request string: <InputAddress InputAddress="D10785BerlinTiergartenBrüder-Grimm-Str.~1"/>

  Hi Bill
  1. synchronous out / in
  2. yes
  3. working fine
  following the way out to the elocateserver system is working fine.
  The soap is working and the responce from the elocteserver is fine . But when the message is pick put the Timeout show up.
  below is the Responce from elocateserver to xi
  Hope this will help you
  thanks olaf
  Help
  !http://sapnt09:50200/sap/public/icman/img/theme.jpg|alt=SAP|width=122 height=61 border=0 |src=http://sapnt09:50200/sap/public/icman/img/theme.jpg!
  500 Connection timed out
  Connection timed out (-5)
  Error:
  -5
  Version:
  6040
  Component:
  ICM
  Date/Time:
  Sat Oct 16 06:13:25 2004
  Module:
  icxxthr.c
  Line:
  2556
  Server:
  sapnt09_M64_02
  Detail:
  Connection to partner timed out
  © 2001-2003, SAP AG

• FILE adapter with secure FTP

  Hi experts,
  i have scenario file to file scenario, communication should  happen in secure connection .i searched in blogs & forums
  please find berlow forum
  How to configure SFTP Adapter in XI?
  in that 2 nd reply
  there is one option :2. Use the FTP adapter, and encrypt/decrypt the file contents through a user exit in the adapter. Something on the FTP server side will have to do the same.
  can anyone please elaborate this one & where can i find user exit  for the file adapter.
  please help is there any option to provide secure cinnection in file adapter (FTP) like using run operating system command befor or after message processing
  Thanks In advance

  I think  that you can solve in 4 different ways:
  -> Using FTPS connection
  http://help.sap.com/saphelp_nw04/helpdata/en/e3/94007075cae04f930cc4c034e411e1/frameset.htm
  -> Using a 3rd Party Adapter (Seeburger or Aedaptive) for PGP or deploying a custom adapter for PGP
  http://www.seeburger.com/9468/
  -> PGP OS Level (Installing a PGP software like GnuPGP in your system) Install the PGP software in XI and write the OS command for encryption and decryption at OS level. Call this command in File adapter after or before message processing
  PGP ncryption
  -> Using an UDF
  Check this links:
  Is there any FTP API available from SAP?
  Send Text file to FTP in binary mode with PGP encryption
  http://www.webmethods.com/meta/default/folder/0000007429
  Converting IDOC to XML
  XI implementation
  http://www1.webmethods.com/PDF/webMethods_for_SAP-wp.pdf

• ERROR while using SOAP adapter with SMTP protocol

  Hi,
  The error i get is,
  SOAP: error occured: java.io.IOException: server not responding OK to MAIL FROM; 454 5.7.3 Client does not have permission to submit mail to this server.
  Please given your suggestions on the same.......
  Also do provide more information on sending SOAP over SMTP.
  Regards,
  Abhy

  Hi,
  Thanks for your replies...
  The thing is that we tried a receiver mail adapter scenario with SMTP prptocol which is working perfectly fine... Its the same SMTP sever we are using even in this case.
  What could be the network problems that you mentioned, could you throw more light on the same.
  Regards,
  Abhy