SOAP adapter - WS authorization

Similar Messages

• Sender SOAP Adapter issue with webservices for authorization.

  Hi All
  Issue:
  As we are developing a Web Service to fetch account balance from SAP(upon receiving the account no from client) and have given the wsdl file to J2EE application  to call or make use of the service.  But as a part of that service they expect userid/password to be entered manually from client  pop-up.  At this point of time, we don't want to enter userid/password manually but  we want this to be hardcoded/embedded in Webservice so that  there is no need of manual intervention upon calling this service.
  Actual Requirement:
  From Webservices to R/3-ECC6.0-IS-Banking-RFC (Synchronous Interface)
  Sender: SOAP Adapter synchronous
  Receiver: RFC Adapter synchronous
  Note: Requesting a account number and getting response from RFC is account Balance and Date to webservice
  Regards
  Kiran kumar.s

  Hi praveen,
  Thanks for ur  reply.What you said is exactly right but for time being i have to make the client not get the authorization(password--Username and password(pop-up)) when he invokes the WSDL into webservice for that u told that to write some hardcode in J2EE application,but i don't know that where to write and what to write.so, if possible can u give me the code and procedure.
  This is the URL:
  http://hcl3sap:50000/XISOAPAdapter/MessageServlet?channel=:BS_WEBSERVICE:CC_SOAPSENDER
  Regards,
  kiran kumar.

• Sender SOAP Adapter

  Hi,
  Scenario is Sender SOAP and Receiver (Server Proxy) .
  Integrated the ESS applications on .net portal using soap adapter..example salary slip, ctcview....
  If we give input as empno to soap adapter it will give you salary details back to .net portal.
  All this functional;ity are working fine..
  Now i need to check the authorization to acess this soap request. As this webservice works for all the employess in the organazation. but i need to restrict for few employees. Is there any authorization check in XI as it is there in ESS.
  If so how to use that . Now in .net portal they are useing the same user name and pwd for all the soap requests.
  Regards
  Vijay
  Edited by: vijay Kumar on May 25, 2010 11:18 AM

  Michal
  Hopefully I can help you for once!
  You can set the SOAP action to debug in the Java Admin Console.
  Set com.sap.aii.af.mp.soap and com.sap.aii.messaging set to DEBUG
  Set location
       Services
       Log Configurator
       Locations
       Choose com.sap.aii.messaging
       Assign Severity Debug
  See https://service.sap.com/sap/support/notes/856597 for more info...
  This note has a an attachment: tcpgw.zip for tracing the whole message...

• HTTP Header fields in SOAP adapter

  Hi All,
    I have a scenario IDoc to SOAP adapter. In which my receiver given the details as
  URL : https://b2b.ecsc.us.gxs.com/invoke/GXSGateway:receiveCTE
  Header Name:             Header Value
  Ent-sender                xxxx
  Ent-receiver              yyyyy
  Ent-APRF                 zzzzz
  Ent-filename             (not sure what data need to give)
  1. I request you to let me know where I need to give these headername and hader values in soap adapter. 
  2. my client require file as an attachment.  Please let me know how I need to send the payload as an file and where the name need to be given in the header name (Ent-filename).
  Currently I used  MessageTransformBean to conver my XML to text structure(flatfile structure).
  Please let me know if any more details required
  Regards,
  Dhill

  Was out for lunch break..
  Juz Rechecking
  Transport Protocol : HTTP
  Message Protocol: Soap 1.1
  Adapter Engine -> Adapter Engine on the Integration Server
  Connection Parameters
  Target URL - > https://b2b.ecsc.us.gxs.com/invoke/GXSGateway:receiveCTE
  Sure about no sever authentication required  and they are not using any HTTP proxy for webservice >????
  Conversion Parameters
  Do Not Use SOAP Envelope -> Unchecked
  Keep Headers -> Checked.
  Keep Attachments -> Unchecked
  Use Encoded Headers -> Unchecked
  Use Query String -> not so sure might be Unchecked
  <b>Authentication Keys</b>
  If authentication is required for the receiver system, you can enter a password and a confirmation for each key value. This means that you do not need to write passwords in the enhanced message header.
  If you want to specify or display authentication keys, select View Authorization Keys.
  You can enter and confirm passwords for each authentication key value (TAuthKey or TproyxAuthKey).
  Try once sending the message with Adapter-Specific Message Attributes
  Unchecked. See if there is a hit.I knw itz not req but juz testing.
  Yeah adapter stat must be active.
  Last thing need to go through the whole scenario.
  <b>Cheers,
  *RAJ*
  *REWARD POINTS IF FOUND USEFULL*</b>

• SMIME in sender soap adapter

  Hi,
  I'd like to know the proper format of the POST request to a sender soap adapter with SMIME activated. I've found almost no documentation about it.
  I'm trying to send a document ciphered to PI via soap adapter (HTTP POST). I've done the following steps
  1. I activate SMIME in the sender soap adapter, and I specify "Decrypt" as the security procedure in the sender agreement. I also incorporate the private key in the keystore DEFAULT and reference to it in the sender agreement.
  2. I use OpenSSL to cipher an xml document like this (I use the public certificate associated to the previous private key) :
  --> openssl smime -encrypt -in fich.txt -out fich_encrypted.txt certTesting.pem
  What I get is:
  MIME-Version: 1.0
  Content-Disposition: attachment; filename="smime.p7m"
  Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
  Content-Transfer-Encoding: base64
  MIIC....[base64 content of the file encrypted]
  3. I use CURL to send the HTTP POST request to PI. Previously I get the binary file from the base64 content.
  > POST /XISOAPAdapter/MessageServlet?senderParty=&senderService=BC_1[...]
  > Authorization: Basic c2U[...]
  > Host: pi.[...].com:50000
  > Accept: /
  > Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=fich_encrypted.der
  > User-Agent: Jakarta Commons-HttpClient/3.1
  > Accept-Encoding: text/xml
  > Content-Disposition: attachment; filename=fich_encrypted.der
  > Content-Length: 620
  > Expect: 100-continue
  but I get this error from the SOAP Adapter:
  --> java.io.IOException: invalid content type for SOAP: APPLICATION/PKCS7-MIME.
  I also get the same error if I remove the header Content-Disposition.
  4. If I send the xml file without ciphering (header Content-Type: text/xml;charset=UTF-8) I get the error:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: call failed: java.lang.SecurityException: Exception in Method: VerifySMIME.run(). LocalizedMessage: SecurityException in method: verifySMIME( MessageContext, CPALookupObject ). Message: IllegalArgumentException in method: verifyEnvelopedData( ISsfProfile ). Wrong Content-Type: text/xml;charset=UTF-8. *Expected Content-Type: application/pkcs7-mime or application/x-pkcs7-mime*. Please verify your configuration and partner agreement
  PROBLEM --> I really don't know what the SOAP sender channel is expecting when SMIME is activated. I've tried to send the binary file encripted as an attachment and also directly, but the soap adapter complains.
  Thanks

  HI,
  for XI EP
  Please see the below links so that you can have clear Idea..
  /people/saravanakumar.kuppusamy2/blog/2005/02/07/interfacing-to-xi-from-webdynpro
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/java/integrating%20web%20dynpro%20and%20sap%20xi%20using%20jaxb%20part%20ii.article
  Consuming XI Web Services using Web Dynpro – Part II-/people/riyaz.sayyad/blog/2006/05/08/consuming-xi-web-services-using-web-dynpro-150-part-ii
  Consuming XI Web Services using Web Dynpro – Part I -/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
  /people/sap.user72/blog/2005/09/15/creating-a-web-service-and-consuming-it-in-web-dynpro
  /people/sap.user72/blog/2005/09/15/connecting-to-xi-server-from-web-dynpro
  Regards
  Chilla..

• How to use Basis Authentication in Sender SOAP Adapter

  We implemented one Sender SOAP Adapter and we had to implement the modified WEB.XML method to remove the security specification.  We have now asked the developer to correct this situation so we can remove this modification.  The Interface developer would like to use Basic Authentication. If you have an automated interface sending in a SOAP Message, how do you do Basic Authentication? 
  I've tried using:
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  When I do this, I still get the Authentication Pop-Up Window.
  How does the Sending Interface either supply the ID and Password on the incoming SOAP Message or respond to the Authentication Pop-Up?
  Thanks,
  Anne

  By Defualt the web service exposed by you will use Basic Authentication mode only.
  But the way you do Basic Authentication in the web client is platfrom dependent.
  This is not the way to do Basic authentication
  http://host:port/XISOAPAdapter/MessageServlet?channel=:<Service>:<Channel>&sap-user=xiappluser&sap-password=<Password>&sap-language=EN&sap-client=<Client>
  I am providing you a code snippet on how to Basic Authentication in Java when making the Web Service Call.
  If the client is on some other platform just look for the corresponding api.
  Please award points if you find this answer useful.
  Code Snippet
  URL url = new URL(URL);
  URLConnection connection = url.openConnection();
  if( connection instanceof HttpURLConnection )
  ((HttpURLConnection)connection).setRequestMethod("POST");
       //connection.setRequestProperty("Content-Length",Integer.toString(content.length()) );
       connection.setRequestProperty("Content-Type","text/xml");
       connection.setDoOutput(true);
       String password = User + ":" + Password ;
        //Where con is a URLConnection 
       connection.setRequestProperty ("Authorization", "Basic " + encode(User + ":"+ Password));
       connection.connect();
  Encode Method
  public static String encode (String source) {
  BASE64Encoder enc = new sun.misc.BASE64Encoder();
  return(enc.encode(source.getBytes()));

• More than 10 Authentication Keys in receiver SOAP adapter

  Hi
  My requirement is that I need more than 10 authorization/authentication keys in the receiver SOAP adapter. Is this possible?
  Advanced tab -> Use adapter-specific message attributes -> variable transport binding -> view authorization keys.
  Only 10 entries are provided here. Can I extend this somehow?
  Thanks!
  regards Ole

  Yes..
  These links will help u in it
  Certificate Authentication with SOAP Receiver
  Certificate Authentication with SOAP Receiver

• Sender SOAP Adapter Security Issue

  Hi All,
  We are building a SOAP to proxy scenario. The sender is a SOAP Adapter and the receiver is Proxy. The SOAP WSDL and URL is provided to the legacy system. When the legacy system is trying to send the data using the WSDL and the URL provided, they are receiving a dialog box to enter the user name and password. We can create a system user and provide those credentials to the legacy system. However, the legacy folks are not interested in including this in their web service.
  Could you please suggest, if there is a way to create the web service such that it wouldn't request for user credentials? Something like no authorizations in the web service?
  Thanks,
  Manohar Dubbaka.

  Hi Preeti,
  Thanks for the response. Since we are on PI 7.0, I believe the setting that you are referring to should be on Visual Admin. Could you please let us know the parameter or the setting that needs to be changed in VA?
  I am not sure, how we can make use of SSO to prevent them from entering the user credentials. Your help in this regard would be much appreciated.
  Thanks,
  Manohar Dubbaka.

• How to build in user authorisation in sender soap adapter

  HI ,
  how can i built the user authorisation in sender soap adapter. either in a url or somewhere on the server .
  if anyone has an idea do let me knwo
  Thanks
  Nikhil

  Nikhil,
  <b>sender soap adapter</b> is used for ex in the case, u need some data from the DB say of a vendor. U give the name of the vendor in the site, suppose u get the contact address of the vendor from the DB.
  Sender soap adapter sends the soap request from the client to XI and from XI the request is passed to DB.
  With XI, WSDL file is generated and SOAP request is generated for the WSDL file. When the WSDL is deployed on the client application, the authorization is handled.
  For receiver SOAP adapter, it is the otherway round u r getting the data from the DB first and so the authorizations are held in XI.
  -Naveen.

• SOAP Adapter:  Content Type Issue in WebServices via HTTP

  Hi,
  I have configured a Receiver SOAP adapter. When i had to test the message i had an HTTP 415 error.
  i found that the sender SOAP adpater that received this message is not capable of handling Content-Type: Application/XML i.e. which is being transmitted by the Receiver SOAP Adapter.
  Please let me know how to configure in the Receiver SOAP adapter so that the HTTP Content-Type would be TEXT/XML instead of Application/XML .
  Thanks in Advance,
  Venkatesh

  Hi Michal,
  I have created a Web service for a RFC function Module. The webservice is available in SOAMANAGER.
  It got activated also .  But whenever I tried to test, I am getting the below error,
  "Message Envelope not found. Probably Empty SOAP message"
          Request:
          POST /sap/bc/srt/rfc/sap/yotci_i015_linkp8sap/100/yotci_i015_linkp8sap/yotci_i015_linkp8sap HTTP/1.1
  Host: sapkrftewd01.krft.net:8030
  Content-Type: text/xml; charset=UTF-8
  Connection: close
  Authorization: <value is hidden>
  Content-Length: 657
  SOAPAction: ""
  <?xml version="1.0" encoding="UTF-8" ?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema"><SOAP-ENV:Header><sapsess:Session xmlns:sapsess="http://www.sap.com/webas/630/soap/features/session/"><enableSession>true</enableSession></sapsess:Session></SOAP-ENV:Header><SOAP-ENV:Body><ns1:YotciI015Linkp8sap xmlns:ns1='urn:sap-com:document:sap:soap:functions:mc-style'><IvParam1>POD</IvParam1><IvParam2>00006095</IvParam2><IvParam3>01/14/2009</IvParam3><IvParam4>PDF</IvParam4></ns1:YotciI015Linkp8sap></SOAP-ENV:Body></SOAP-ENV:Envelope>
           Response:
          HTTP/1.1 500 Message E 1S 406 cannot be processed in plugin mode HTTP
  content-type: text/xml; charset=utf-8
  content-length: 0
  accept: text/xml
  sap-srt_id: 20090224/141936/v1.00_final_6.40/49A4677A2D0736EDE10000000A3597E9
  server: SAP Web Application Server (1.0;700)
  Is this because of "do not use SOAP envelope" check?
  I didn't check this check box.
  If that is the error could you please tell me how to see the "do not use SOAP envelope"?
  Where can I find SOAP channel?
  I am very new to SOAP concept. 
  One JAVA application is going to invoke this Webservice from SAP.
  Please help me.
  Thanks,
  Bala.

• Redeploy sender soap adapter 7.1

  We have PI 7.1 SP7 and expriencing many problems with the sender SOAP adapter
  the service registry works for us for all web services
  but from other applications like xmlspy and soapui we get messages of chace problems and unauthorized
  ( all cache cheks where performed and if I use the url of the endpoint with the user I have no authorization error )
  it seems something is wrong with the adapter , does somebody knows if its possible to redploy the adapter ? its a war file

  Hi Shai,
  Please have a look at the following link and see if it helps you .
  It deals with SOAP adapter installation and activation 
  Re: SOAP adapter installation and activation
  Best Regards
  Edited by: Prakash Bhatia on May 8, 2009 11:51 AM

• Error when setting dynamically the target URL in receiver SOAP Adapter

  Hi,
  I'm setting dynamically (from the mapping) the target URL in the receiver SOAP adapter:
  String url = "http://mosxd30:50000/XISOAPAdapter/MessageServlet?senderParty=&senderService=DUM&receiverParty=&receiverService=&interface=SI_OA_CustomInvoiceData&interfaceNamespace=urn:repsol.com:laboratory:firma";
  DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
  DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP", "TServerLocation");
  conf.put(key, url);
  The receiver adapter fails with:
  "invalid content type for SOAP: TEXT/HTML; HTTP 401 Unauthorized"
  Reading weblogs, etc, the most probable cause for this is a wrong target URL, but then what I did was to set it as a fixed URL in the C.Channel, and it worked, so the URL is fine.
  In the communication channel, I'm using "Configure user authentication", with a user and password, and what I think it's happening is that if I use another different URL dynamically, the channel is ignoring the user authentication settings.
  Any ideas?
  Thanks

  I forgot to say that I've checked the SAP note "FAQ Soap adapter", and it says:
  Q: I get an authorization error "401 Unauthorized" from the adapter's servlet. What went wrong?
             A: The adapter's servlet is protected by default. You must use one of the user names assigned in security role xi_adapter_soap_message for component XISOAPAdapter. Please consult the documentation for Visual Administrator to view and change the security setting.
             The user authentication of the SOAP adapter is not part of the SOAP adapter but of the web container of the J2EE engine. The default authentication setting is defined in the web.xml descriptor file of the SOAP dapter web application. This setting may be modified from Visual Administrator with some restriction. Please refer to the security documentation for the J2EE engine.
             Please note that 710 onwards there is no Visual Administrator instead the Netweaver Administrator is to be used to assign the roles to the user to access the SOAP adater servlet.The user must be assigned one of the following roles SAP_XI_IS_SERV_USER, SAP_XI_APPL_SERV_USER, SAP_XI_DEVELOPER_J2EE, SAP_XI_ADMINISTRATOR_J2EE.
  The target URL is a sender soap adapter (the result of one interface is sent to another one via soap adapter), and it's this one which is complaining because of the authentication I think. But I don't know why it's ignoring the user authentication flag I'm using.

• SP13 : SOAP Adapter Problem

  Hi All,
  Recently we upgraded from SP9 to SP13. Every since we upgraded to SP13 we are experiencing weird problem with Outbound SOAP adapter.
  We have exposed an outbound interface as a webservice, which is consumed by a .Net application. When the .Net application try's to call the webservice, we get soap exception "Server Error".
  To make sure the call is reaching XI, we put in wrong credentials and we got authorization error. So the call is getting to XI.
  Has anyone encountered this weird problem? Any thoughts or suggestions will be very much appreciated.
  Thanks,
  naveen

  Hi,
  There is a tool called SOAPScope from www.Mindreef.com
  Its a webservices diagnostic tool. Use this to troubleshoot.you can get a evaluation for 4 days i guess.
  Regards,
  Sridhar

• Modification of the SOAP Adapter

  Hi all,
  my problem is still the same as posted in the last thread. I have a webservice request submitted to the XI, which has no header element. So i have the problem that the message does not reach the XI due to an authorization error.
  Now i had the idea to implement an own adapter. But instead of developing it from zero, i could modify the original SOAP Adapter. Is there a possibility to get the SOAP Adapters source code or has anyone an idea how i could resolve this problem without an own adapter.
  I am not allowed to turn authorization off for the whole SOAP Adapter.
  Thanks in Advance
  Dieter

  Hi Dieter,
  1. add the credential (user and password) in the sender application, how to do this depends on what platform you use in the sender application.
  2. following the link below, you find the document on how to develop a module.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/02706f11-0d01-0010-e5ae-ac25e74c4c81
  I don't think you need to develop a ADAPTER for this problem.
  Regards,
  Hui

• SOAP Adapter - HTTPS w/ client authentication -SSL termination @ dispatcher

  Hi,
  We have a SOAP client sending SOAP message over SSL to PI. We are using client cert for authentication, but terminating SSL at web dispatcher. In this scenario, i) do we need to configure security for XISOAPADAPTER in Visual admin on PI and ii) do we need to set HTTPS with client authentication security option in SOAp Sender communication channel?
  My understanding is that since we are terminatinating SSL at web dispatcher (Server authentication happens between third-party gateway and our gateway and when web dispatcher terminates SSL, client cert for auth is passed via httpheader to PI where it is mapped to UME user with sufficient authorizations) we don't need to set the XISOAPADAPTER security (if it is end-to-end ssl we would i guess set up in V. Admin>Security provider service>clientcertloginmodule for XISOAPADAPTER) and we don't need to set the sender channel as https with client authentication ( it should just be http in SOAP sender channel).
  Is my understanding correct? I will really appreciate any clues?
  Thanks,
  Saurabh

  Hi saurabh
  follow these links to SAP note
  these will be helpful for you
  Note 856597 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 SOAP Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856597&_NLANG=E
  Note 856599 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 Mail Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856599&_NLANG=E
  Note 870845 - XI 3.0 SOAP adapter SSL client certificate problem
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=916664&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=870845&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  regards
  Sandeep
  If helpful kindly reward points