SOAP Sender Adapter + Web Service Security

Similar Messages

• SOAP Request with Web Service Security

  Hi masters of XI,
  the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
  I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  How can we send UserNameToken's elements inside SOAP web service envelope
  signing with X.509 certificate also? There are any way to do it in the
  receiver agreement or receiver SOAP adapter?
  thanks.

  Hi,
  thank you very much for your answers.
  I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
  This is my Request:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>     
        <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>
  And this is the request I need:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>
  <!-- THIS IS THE PART I NEED -->
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
          <wsse:Username>xxxxxxx</wsse:Username>
          <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
        </wsse:UsernameToken>
  <!--  -->
  <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>

• Details for 'Is Web service security available?'

  Hi i am working on scenario rfc to webservice.Its as secued webserivce i need to do ssl configuration.
  In component monitoring..for the integration engine its in yellow...
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client)
  can any one please help me out..
  Thanks
  sriram

  I have already installed certificates on the j2ee engine & i have given the paramaters for keystore entry & keystore value.Still i have the same error
  In component monitoring
  For integration engine
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client) 
  In message monitoring
  Audit Log for Message: f614df00-e9e0-11da-95ef-0004ac577b32
  Time Stamp Status Description
  2006-05-22 15:18:58 Success The message was successfully received by the messaging system. Profile: XI URL: http://saptst01:51000/MessagingSystem/receive/AFW/XI
  2006-05-22 15:18:58 Success Using connection AFW. Trying to put the message into the request queue.
  2006-05-22 15:18:58 Success Message successfully put into the queue.
  2006-05-22 15:18:58 Success The message was successfully retrieved from the request queue.
  2006-05-22 15:18:58 Success The message status set to DLNG.
  2006-05-22 15:18:58 Success Delivering to channel: ZCH_VERISIGNPPGR
  2006-05-22 15:18:58 Success SOAP: request message entering the adapter
  2006-05-22 15:18:58 Success SOAP: call failed
  2006-05-22 15:18:58 Error SOAP: error occured: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter
  2006-05-22 15:18:58 Error Exception caught by adapter framework: Peer sent alert: Alert Fatal: illegal parameter
  Can any one please help me out.
  Thanks
  sriram

• Invocation of SOAP Sender Adapter using Apache SOAP

  Hi,
  I'm trying to invoke the XI SOAP Sender Adapter using the Apache SOAP API. It seems that my message header is missing a few parameters (see exception below). Does anybody know which to set?
  Regards,
  Heiko
  ==========
  Exception:
  <?xml version='1.0'?>
  <!-- see the documentation -->
  <SOAP:Envelope xmlns:SOAP='http://schemas.xmlsoap.org/soap/envelope/'>
    <SOAP:Body>
      <SOAP:Fault>
        <faultcode>SOAP:Server</faultcode>
        <faultstring>Server Error</faultstring>
        <detail>
          <s:SystemError xmlns:s='http://sap.com/xi/WebService/xi2.0'>
            <context>XIAdapter</context>
            <code>Exception</code>
            <text><![CDATA[
  com.sap.aii.af.mp.module.ModuleException
       at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:502)
       at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl3.process(ModuleLocalLocalObjectImpl3.java:103)
       at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:227)
       at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0.process(ModuleProcessorLocalLocalObjectImpl0.java:103)
       at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:162)
       at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:507)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:392)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:345)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:323)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:865)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:240)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)
       at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged1(Native Method)
       at java.security.AccessController.doPrivileged(AccessController.java:321)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:95)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:159)
  Caused by: java.lang.Exception: Bubble configuration error: parameter 'XI.InterfaceNamespace' is missing
       at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.getParaRequired(XISOAPAdapterBean.java:895)
       at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.createDefaultMessageHeader(XISOAPAdapterBean.java:942)
       at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.setup(XISOAPAdapterBean.java:214)
       at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:496)
       ... 22 more
            ]]></text>
          </s:SystemError>
        </detail>
      </SOAP:Fault>
    </SOAP:Body>
  </SOAP:Envelope>

  Hi Heiko,
  You are missing the Namespace Parameter in the sender soap adapter configuration in XI3.0
  Thanks
  Prasad

• Another SOAP Sender adapter "com.sap.aii.af.mp.module.ModuleException" erro

  I am working on a synchronous scenario SOAP <-> XI <-> RFC.
  This worked fine, when I run it without SOAP adapter, direct via XI Pipeline.
  Now I want to use the SOAP sender adapter, but get the error as described below this post.
  As this is a real new XI installation, some patches or updates might be required to make it work. Or some adapter modules ?
  Any suggestions on how to solve this problem will be rewarded.
  What worries me a bit is the line "  " in the error description.
  Extra info: I use SoapSonar as a test webservice client. The error is the message as received in te test client.
  <?xml version="1.0"?>
  <!-- see the documentation -->
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP:Body>
      <SOAP:Fault>
        <faultcode>SOAP:Server</faultcode>
        <faultstring>Server Error</faultstring>
        <detail>
          <s:SystemError xmlns:s="http://sap.com/xi/WebService/xi2.0">
            <context>XIAdapter</context>
            <code>ModuleUnknownException</code>
            <text><![CDATA[
  com.sap.aii.af.mp.module.ModuleException: either no channelID specified or no channel found for the specified party, service, and channel name, MessageServlet(Version $Id: //tc/xi/645_VAL_REL/src/_adapters/_soap/java/com/sap/aii/af/mp/soap/web/MessageServlet.java#9 $)
       at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:427)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
            ]]></text>
          </s:SystemError>
        </detail>
      </SOAP:Fault>
    </SOAP:Body>
  </SOAP:Envelope>

  Hi Chandravadhana,
  The colon should be there :
  http://help.sap.com/saphelp_nw04/helpdata/en/69/a6fb3fea9df028e10000000a1550b0/frameset.htm
  The inbound address for SOAP messages is: http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel
  Under party:service:channel enter the party name, the service name, and the name of the communication channel. If no party has been created, enter the following: channel=:service:channel
  Regards
  Suraj

• Web service security in PI

  Mine is PROXY to SOAP asynchronous.
  PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
  so that at receiver statem they can validate the user using these.
  When i am calling webservice from soapui with the header parameters
  Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>xxxxx</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
  <wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
  <wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  What configuration needs to be done in PI.

  I got this in Runtime work bench
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
  - <SOAP:Header>
  - <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
    <sap:MessageClass>ApplicationMessage</sap:MessageClass>
    <sap:ProcessingMode>asynchronous</sap:ProcessingMode>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
  - <sap:Sender>
    <sap:Party agency="" scheme="" />
    <sap:Service>test2310</sap:Service>
    </sap:Sender>
  - <sap:Receiver>
    <sap:Party agency="" scheme="" />
    <sap:Service>test_serivce</sap:Service>
    </sap:Receiver>
    <sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
    </sap:Main>
  - <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
    </sap:ReliableMessaging>
  - <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:TraceLevel>Fatal</sap:TraceLevel>
    <sap:Logging>On</sap:Logging>
    </sap:Diagnostic>
  - <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
  - <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
    <sap:Engine type="BS">test_serivce</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
    <sap:Engine type="IS">is.68.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
    <sap:Engine type="AE">af.dxi.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    </sap:Hop>
    </sap:HopList>
    </SOAP:Header>
  Edited by: Vamsi on Jul 15, 2009 7:06 PM

• Web Service security is not set up on this component

  Hi Friends,
  In RWB, when I click on component monitoring->Integration Engine, I got "Web Service security is not set up on this component"
  I want to send message using soap adapter by encrypting and signing it. for this purpose I need to configure the Web Service Security.
  Can someone please provide some documentation or link on how to set up this Web Service Security?
  thankx

  Hi,
  there is a chapter - Security Configuration at Message Level
  in XI config guide which specifies everything you need - this is what you need
  so I hope no further explanations are necessary
  Regards,
  Michal Krawczyk

• Disabling SOAP sender adapter authentication

  How can I disable user/password authentication in a SOAP sender adapter?

  The question was answered by Sam Raju / Hans Dumbrajs in thread Exposing anonymous WS.
  Hereafter is an even more radical method that I used with a Netweaver 2004 SP12.
  But BEWARE! this is VERY bad practice, because authentication becomes disabled for ALL web services. It must only be used on a development system. Moreover, from SP14, there are many more options that would allow to turn this on/off per web service. I used it once, just to sort out service design issues from authentication burdens and then I quickly restored a proper config as we fought with WS-security settings in a remote system that had to call a service hosted on XI.
  Here is: locate the web.xml deployment descriptor for the server at stake. You should find it on a path like:
  /usr/sap/<systemID>/DVEBMGS00/j2ee/cluster\server0/apps/sap.com
  /com.sap.aii.af.soapadapter/servlet_jsp/XISOAPAdapter/root/WEB-INF
  Then SAVE A COPY of the web.xml file.
  Edit the web.xml and remove the three sections:
  <security-constraint>, <login-config>, and <security-role>
  Login to the J2EE visual Admin console go to cluster tab, Server 0... and right-click REBOOT.
  There you are.
  Strongly recommended: learn about WS-security and upgrade to SP14 or above to get back in control of security issues.
  (the truth is that integration systems are ever-ever-ever more complex year after year...)

• Use of variable header XHeaderName1 in SOAP sender adapter

  Hi all,
  I have a doubt regarding the use of adapter-specific attributes in SOAP sender adapter. In specific:
  the SOAP client should be able to pass a variable with the SOAP request (XHeaderName1 header variable) and this should be available in mapping (Dynamic configuration)
  I've already checked the [help page|http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm] but it seems I'm doing something wrong.
  I tried with those settings in SOAP adapter configuration:
  Keep headers checked
  XHeaderName1 = Test
  I try to call the SOAP adapters in the following 2 ways, but none works (the value is not available in message mapping with Dynamic configuration)
  1. Pass "Test" value xxxx in SOAP Header as a tag
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
       <SOAP-ENV:Header>
            *<Test>xxxx</Test>*
       </SOAP-ENV:Header>
       <SOAP-ENV:Body>
       </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  2. Pass "Test" value xxxx in SOAP URL
  http://host:50000/XISOAPAdapter/MessageServlet?channel=p:s:c&version=3.0&Sender.Service=...&Interface=...&Test=xxxx
  Could anyone give me a hint about how to pass those values in the SOAP call and eventually the correct config. of SOAP sender ?
  Thanks a lot,
  Manuel

  Hi Manuel,
  Could you give a bit more detail on how you handled the SOAP message yourself.
  I have a similar issue. I am consuming a non SAP Web Service which requires a non-standard token element to be passed back. I have created a an RFC sender to SOAP reciever scenario which works fine for the inital logon and returns the token it expects in the follow up messages.
  At present I'm at a loss so your help would be much appreciated. We have got round the immediate issue by creating and sending the SOAP message directly from SAP WAS.
  Could we use the XI Adapter and ABAP proxy in a similar way?
  Thanks,
  Tim J.

• Web Service Security with SAML - Invalid XML signature

  Hello together,
  we want to build a scenario where we want to use Web Service Security  with SAML.
  The scenario will be
  WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
  SAP PI release is 7.11 (SP Level 4)
  We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
  The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
  But we get following error at calling the CRM system when we want to communicate with SAML:
    <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
  Has somebody an idea of the possible reason for the error.
  Thanks in advance
  Stefan

  Error Messages in the Trace/Log Viewer:
  CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
  A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
  Invalid XML signature

• Error by sending a Web Service request

  Hi,
  we generated a WSDL from an outbound-interface and build a web application with it. When we send a Web Service request to SAP-XI from our Web Dynpro client application, we get an error "CALL_CONSUMER_ERROR" (of category "XI_J2EE_MESSAGING_SYSTEM"). We find the following entry in the message-log of the adapter engine:
  Error: Return of synchronous errormessage to the calling application: com.sap.aii.af.ra.ms.api.RecoverableException: java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier.
  Error: The Transmission of the message with https://hpsaps01.inveos.com:8001/sap/xi/engine?type=entry failed, because: com.sap.aii.af.ra.ms.api.RecoverableException: java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
  does anybody know, how to solve this problem?
  Greetings
  Hildegard

  Hi Stefan,
  correct certificates are established in the meantime and the error-message in the adapterlog has changed. The errorcode still remains "CALL_CONSUMER_ERROR" of category "XI_J2EE_MESSAGING_SYSTEM".
  Adapter-log:
  Error: Return of synchronous errormessage to the calling application: com.sap.aii.af.ra.ms.api.RecoverableException: java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: java.net.ConnectException: Connection refused.
  Error: The Transmission of the message with https://hpsaps01.inveos.com:8001/sap/xi/engine?type=entry failed, because: com.sap.aii.af.ra.ms.api.RecoverableException: java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: java.net.ConnectException: Connection refused
  Are there missing any more permissions or is this another error in the configuration?
  Regards
  Hildegard

• Error while posting messages to SOAP sender adapter SP 13

  Hi Friends,
                  I have configured a SOAP sender adapter in XI 3.0 and is using the URL
  http://host:port/XISOAPAdapter/MessageServlet?channel=:BS_WEBSERVICE:CC_WEBSERVICE_SOAP to post the messages. When I open the URL in the browser I am getting the error.
  Message Servlet is in Status ERROR
  Status information:
  Servlet com.sap.aii.af.mp.soap.web.MessageServlet (Version $Id: //tc/aii/30_VAL_REL/src/_adapters/_soap/java/com/sap/aii/af/mp/soap/web/MessageServlet.java#5 $) bound to /MessageServlet
  Classname ModuleProcessor: null
  Lookupname for localModuleProcessorLookupName: localejbs/ModuleProcessorBean
  Lookupname for remoteModuleProcessorLookupName: null
  ModuleProcessorClass not instantiated
  ModuleProcessorLocal not instantiated
  ModuleProcessorRemote not instantiated
  But when I test the URL http://host:port/XISOAPAdapter/HelperServlet?action=FindChannel&channel=:BS_WEBSERVICE:CC_WEBSERVICE_SOAP to check the communication channel I am getting the right response as below.
  <?xml version="1.0" ?>
  <http://host:port/XISOAPAdapter/HelperServlet?action=FindChannel&channel=:BS_EBTR_WEBSERVICE:CC_EBTR_WEBSERVICE_SOAP> <s:ChannelInfo xmlns:s="http://sap.com/xi/WebService/xi30">
    <channelID>e7ac884596ea3d088cbfd8b434f942f2</channelID>
    <name>CC_WEBSERVICE_SOAP</name>
    <type xmlns:st="http://sap.com/xi/XI/System">st:SOAP</type>
    <direction>INBOUND</direction>
    <party />
    <service>BS_WEBSERVICE</service>
    </s:ChannelInfo
  I used the http capture to debug, In the 1st case though I am getting "Message Servlet in status error" I am seeing a 200 OK code in the http capture tool. When the message is posted from .net client proxy we are getting a 500 internal server error.
  Am not sure what causes the error ? I saw two notes in SDN related to SOAP - J2EE SP13. We are in SP13. Is this the issue ? Wanted to know your opinion before applying the notes.
  Thanks & Regards,
  Mathew

  ABAP & Java stack was on different SP levels.

• Using SOAP Sender adapter in PI 7.1

  Hi Guys,
  I've created a sync scenario with SOAP sender adapter, but I have troubles with calling it.
  I use following URL: http://<host>:50000/XISOAPAdapter/MessageServlet?channel=:BS_Bus_Sys:CC_SOAP_Test as I did in XI 3.0, but I'm getting error HTTP 400 Bad Request. I'm using the request generated from the IR Configuration.
  Has something changed in 7.1 for this type of scenario?
  Thanks guys,
  Olian

  Hi! Olian,
  I think u r going in a wrong way. The above given URL is wrong and incomplete one.
  The above url comes only after generating the WSDL. You ill gives that URL to ur source team to post their data at which this URL itselfs acts as an Gateway to enter into SAP XI/PI.
  The generated WSDL contains URL like this>>
  "http:// Host:Port/XISOAPAdapter/MessageServlet?senderParty=&amp;senderService=Business Service&amp;receiverParty=&amp;receiverService=&amp;interface=SenderInterfaceI&amp;interfaceNamespace=http://XXXXXXXX" />
  Also follow the below procedure for generating the WSDL.
  Except generating WSDL remaining all development steps are same as creating File to Proxy Scenario.
  CREATING THE WEBSERVICE IN XI :
  1) In Integration Directory, go to Tools tab --> Define Web Services.
  2) Now one Wizard window will opens and follow the below steps:
  Here donu2019t go for the u2018 Proposed URLu2019, instead specify the URL as::
  http://<host>:<j2ee-port>/XISOAPAdapter/MessageServlet?channel=:<service>:<channel>
  If there is party then ::
  http://host:port/XISOAPAdapter/MessageServlet?channel=<party>:<service>:<channel>.
  3) Specify the Source Messageu2019s Message Interface.and remaining other input parameters.
  4) Specify the Sender Business Serviceu2019s details:
  5) Here, Cross check the details displayed and then click on u2018Finishu2019 button to create the Web Service
  document(WSDL)
  6) Now Save the WSDL code to the local system. At the bottom u ill get URL based on the above input
  URl:
  Note: Here in XI there is no XML Testing tool or SOAP client tool to test SOAP messages. That is why most of the people prefer either ALTOVA XML SPY Tool or SOAP CLIENT TOOL or INFO PATH.
  If your working on PI 7.1 means::
  1) Simply after creating Sender Agreement go to options above to that sender agreement instead of tools menu... and there you can observe 2 options at the bottom side.
  a) PUBLISH in SR
  b) Generate WSDL.
  2) Once after activating your ID componenets just Press or go for option Publish in SR. Then automatically it will generate WSDL and publish that WSDL in the SERVICE REGISTRY. which is latest concept in PI 7.1.
  3) Now by entering authentification details you can able to enter into service registry.
  There are 4 tabs::
  a) Service definitions
  b) Publish
  c) classifications
  d) Manage.
  Go for Service definitions::
  4) Enter your sender SOAP interface and press GO or enter.
  5) Select your interface and then at the bottom u can observe again 4 tabs:
  a) General b) End Points c) classifications d) System Details.
  6) In the general you can able to see your WSDL URL by again entering Authentification details.
  7) Now Click End Points>Test Button>Enter Authentification details-->Seelct your Interface
  Note:: Now you can test your scenario in this WEB SERVICE NAVIGATOR.
  8) There you can enter you can pass your Input data parameters in your SOAP interface and execute or test your scenario here itself without any using of external tool like Altova XML or SOAP client tool.
  I hope the above information will give you a detailed information in generating and testing webservice right.
  Regards::
  Amar Srinivas Eli

• Remove XML Prefix in SOAP Sender Adapter

  Hi
  I am using a SOAP sender adapter and testing it from SOAP UI. The format that is generated from the web service is
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
     <soapenv:Body>
        <sap:SALES_ORDER xmlns:sap="http://XYZ.org/">
           <sap:HEADER>
              <sap:BATCH_ID>XYZ</sap:BATCH_ID>
              <sap:CREATE_DT>XYZ</sap:CREATE_DT>
  This format when processed in SOAP UI gave error which its not giving for other files. Clearly I need to remove this sap: tag, I can't use XML anonymizer as it is SOAP adapter and I can't select do not use soap env...Could anyone provide me Java/xslt code for the same..I tried all the codes on sdn but none of them worked.
  Regards,

  SImple Java mapping, that should help
  import java.io.InputStream;
  import java.io.OutputStream;
  import com.sap.aii.mapping.api.*;
  import org.w3c.dom.*;
  public class DeleteCDATA_DOM_mapping extends  AbstractTransformation  {
       public void traceXML(Node n,int i)
       {   AbstractTrace trace = getTrace();
            trace.addInfo(i+"$"+n.getNodeName());
            trace.addInfo(i+"$"+n.getNodeValue());
            trace.addInfo(i+"$"+n.getNodeType()+"");
       public void traceNL(NodeList nl)
            {       for (int i=0 ; i<nl.getLength();i++)
                      traceXML(nl.item(i),i);
       public void transform(TransformationInput in, TransformationOutput out)
                 throws StreamTransformationException {
                      AbstractTrace trace = getTrace();
                           try {
                                InputStream is0=in.getInputPayload().getInputStream();
                                StringBuffer out1 = new StringBuffer();
                                byte[] b = new byte[4096];
                                for (int n; (n = is0.read(b)) != -1;) {
                                     out1.append(new String(b, 0, n,"UTF-8"));
                                String sss=out1.toString();
                                sss=sss.replaceAll("<sap:", "<");
                                sss=sss.replaceAll("</sap:", "<");
                                OutputStream os = out.getOutputPayload().getOutputStream();
                                os.write(sss.getBytes("UTF-8"));
                           } catch (Exception e) {
                                throw new StreamTransformationException(
                                     "Exception in DeleteCDATA_DOM_mapping JAVA mapping ): "
                                          + e.getMessage());

• How to use SOAP sender adapter

  Hi all
  i have configured the SOAP sender adapter. Now my 3rd party needs to send me a soap message. 
  I have checked that the status at the following URL is OK:
  http://host:port/XISOAPAdapter/MessageServlet?channel=:MXII_Web_Service:SOAP_MXII_Sender.
  This is fine, however
  I am unsure of the following:
  1. Does XI make a wsdl available to the 3rd party?
  2. Where does my 3rd party send the soap message to?
  3. Is the SOAP message sent via a query string?
  4. Do I need to create a web service?
  Thanks for all your help in advance
  Clinton

  Hi Moorthy
  Thanks for your answer.
  The problem was solved, we used .Net to write a webservice to our wsdl.
  I have now another problem.... When the message comes into XI it shows that no receiver found(RCVR_DETERMINATION">NO_RECEIVER_CASE_ASYNC). If I just test the scenario with a file adpter as Sender, and Receiver it is fine, but when using the SOAP adapter as Sender, it gives me the no receiver found message.
  Any help with this issue will be appreciated.
  Thanks again
  Clinton