SOAP Sender Authentication deactivation

Similar Messages

• Soap Sender Adapter Deactivation

  Hallo guys,
  we are working with an IP started by a Web Service call from a Business Service using a Soap Sender Adapter.
  Everything works.
  As we have to test also connections errors, we modify the Adapter setting status "Inactive". The intention is to receive an error from the WS call...
  On the contrary the flow starts with no problems!
  We try also creating a "false" Soap Adapter and changing it in the Sender Agreement... Nothing... It works!!
  Is it possible to stop an XI Web Service for a certain period?
  Thanks!
  Ilaria

  No difference with the complete URL.
  I've already found another way to test my connection error, thanks.
  I'm only thinking this is a bug....
  Thanks for your suggestions anyway!
  Bye
  Ilaria

• SOAP Sender Authentication - What user authorizations are required in XI?

  Hi Experts,
  When exposing an XI webservice to an external WS client, the WS client needs to provide the user id and password in the webapplication while sending the SOAP request to XI.
  1. Could you tell me what authorizations this particular user should have which needs to be created in XI?
  2. Is this the best practice to be used in B2B scenarios or there are other means of authentication too?
  Thanks,
  Shobhit

  Hi Swarup,
    To provide the soap adapter is the best use in case of B2B communication and also to do this further.../
  The following link will help in detail with SOAP adapter..
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d23cbe11-0d01-0010-5287-873a22024f79
  Regards
  Sai
  Reward with points if helpful

• Web Service SOAP Sender Authentication issue

  Hi Experts,
  Synch Scenario: Webservice call from SOAP client-> XI -> RFC Bapi call to R/3 and back to SOAP client with data.
  Soap Adapter on J2ee receives and process call ok, the error we are getting is on connection from AFW to IS; the error in the security log is:
  Attempting to create outgoing ssl connection without trusted certificates ,
  Warning , /System/Security/SecureConnectionFactory ,
  com.sap.security.core.server.https.SecureConnectionFactory , 
  Any tips where to look? We have enabled Principal Propagation via assertion tickets following SAP document to carry user id to R3 for authority check when Bapi runs.
  IS self signed cert has been imported to J2ee Ticketkeystore and J2ee cert has been imported to IS Strust/StrustSOO2 store adn added to ACK list. WE are using Http between J2ee and IS...hwoever from the erroe message it looks like it is evaluatiing https library com.sap.security.core.server.https.SecureConnectionFactory ?
  Thanks in advance for any help.
  Margaret

  did u instsall CA in ur visual admin for https/ssl t owork

• SOAP Sender Adpater Authentication issue with Siebel

  Hello PI experts,
  I have developed scenario in which,
  SAP PI version: 7.31
  Sender : Siebel
  Sender Adapter: SOAP
  Receiver: SAP ECC
  Receiver Adapter: Proxy
  Scenario has been configured and wsdl is generated properly. I tested scenario using SOAP UI which gave me proper response.
  But when scenario has been tested through Siebel UI, its giving Authorization 401 error.
  HTTP/1.1 401 Unauthorized
  server: SAP NetWeaver Application Server 7.20 / AS Java 7.31
  date: Wed, 20 Aug 2014 05:54:58 GMT
  We have tried following approaches:
  1. Appending Credentials in URL
  2. Siebel team tried sending credentials in their workflow
  Referred blog:
  http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/03/07/a-closer-look-at-soap-sender-authentication
  But in all cases we got same error.
  Also, is there any possibility to turn of sender authentication for SOAP adapter ?. I tried approach of removing tags in web.xml but that also dint work.
  Please suggest some way
  Thanks,
  Gaurav Khandelwal

  Hi Gaurav,
  Can you please check with your basis is that firewall will be open to send data  through soap to PI.
  Thanks,
  Sreenivas

• SOAP Sender adapter - how to turn off authentication? PI 7.1

  Hello
  I wolud like to turn off the user authentication in the Soap Sender Adapter PI 7.1. What is the easiest way to do so?
  Regards,
  Elling Skjetlein

  Hello,
  If you mean about using Single Sign-On (SSO) for automatic login, then
  you can refer to the following links:
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/44/31370f01ae23d1e10000000a1553f7/frameset.htm
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/48/acb27f23be6200e10000000a421937/frameset.htm
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/c4/5c5ae71140bb41868f10bc7f3411db/frameset.htm
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/e5/4344b6d24a05408ca4faa94554e851/frameset.htm
  Hope that help.
  Regards,
  Caio Cagnani

• HTTPS authentication using SSL in SOAP Sender adapter

  Hi,
  We are currently doing a SOAP to RFC synchronous scenario in PI 7.0. Our client wants to ensure that the data security is maintained at the transport level. So, we have planned to implement the HTTPS without client authentication using SSL certificates. Our Basis team has promised us that they will take care of the cerficate generation and installation part in the server. Now i am confused at the PI communication channel setup level.
  1) Do i have to specify the certificate installed path in the channel or in any other object ? If so, where do i have to configure the path ?
  2) What is the exact path that has to be carried by a PI developer once the certificates are installed in the server ?
  I have attached my communnication channel screenshot below,
  http://i41.tinypic.com/mk49h.jpg
  Please let me know what i have to configure in the Sender SOAP channel to receive data securely once the certificates are installed in the system.
  Thanks & Regards,
  Sherin Jose P

  Hi,
  1.for transport level security you should assign the HTTPS connection created in SM59 to the SOAP communication channel.
  The HTTPS connection should use the certificates imported in t-code STRUST.
  have you seen below thread,
  SSL / X.509 In SOAP Sender/Receiver Adapter
  Please go through below blog,
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b2e7020d-0d01-0010-269c-a98d3fb5d16c?overridelayout=true
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66?QuickLink=index&overridelayout=true
  http://help.sap.com/saphelp_nwpi71/helpdata/de/14/ef2940cbf2195de10000000a1550b0/content.htm
  2. you nedd to check the message flow between the sender and receiver through PI .
  regards,
  ganesh.

• HTTPS with Client Authentication in SOAP sender Adapter

  Hi All,
  In SOAP Sender communication channel. When I generate WSDL with “HTTP Security Level = HTTP:” it works when third party tries to send data to XIwebservice.
  But when I tried with “HTTPS with Client Authentication” option its giving error
  “InfoPath either cannot connect to the data source, the service has timed out, or the server has an invalid certificate.”
  Please guide how to use “HTTPS with Client Authentication” option, and what all configuration need to apply in XI & in third party to use this.
  Regards

  Rohan,
  With spy you can trace the entire route, since you are using client authentication using certificate, it would be a better option to verify with the certificate.
  You also have the option of using a username/pwd combo though that is not advocated as it lowers security levels and is permeable to passive sniffing.
  So the answer to your question is yes, after importing the certificate with sender and third party reciever a test would reveal the complete scenario along with any issues that you could encounter..
  Regards
  Ravi Raman

• Anonymous authentication requests via SOAP Sender adapter?

  Hi,
  Can someone please tell me whether it is possible to call the SOAP Sender adapter anonymously?
  We can set user credentials for the receiver system adapter but looking at the options in the SOAP Sender communication channel I can't see how it is possible to send messages though SAP PI without a user who has authorisations to process messages.
  Any advice greatly appreciated.
  Thanks,
  Alan

  can't see how it is possible to send messages though SAP PI without a user who has authorisations to process messages.
  The source system needs to use a user-id to send message to XI/ PI via SOAP.
  If you do not want to use any authorization there is a way to switch off the authentication for the entire SOAP adapter (i.e. for all the SOAP scenarios)....not advisable.
  This method was actually described in a discussion ages back
  Regards,
  Abhishek.

• SOAP sender adapter with  client authentication

  Hi,
  Can you please tell me the steps to be followed to configure SOAP sender adpater for HTTPS with client authentication.
  Thanks

  Hello,
  Check out this SAP NOTE
  [Note 891877 - Message-specific configuration of HTTP-Security|https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=891877]
  Check out below blog for step by step process.
  /people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter
  Hope this will help.
  Nilesh
  Edited by: Nilesh Kshirsagar on May 28, 2009 11:31 AM

• SOAP Sender with HTTP(with SSL)=HTTPS with Client Authentication config

  Hi All,
  I have a Web-service-XI-Proxy scenario where we use SOAP Sender Adapter with HTTPs.  Double authentication (client- server) sertificate shall be used.
  Testing simple HTTP and XI user name/password works fine.
  Now I installed requred sertificates in TrustedCA and ssl-provider in VIsualadmin.
  But i can't see how i can configure certificates in SOAP sender Adapter. I've just did SOAP receiver for another scenario and there I could give keystore entry.
  I also doesn't know how to disable asking for name/password.  I am using XI 7.0.
  Please advise.
  Thanks,
  Nataliya

  Hi Nataliya,
  Go to SOAP Adapter> Inbound Security Checks-> HTTP Security Level--> Here you can specify  option "HTTP with Client Authentication. 
  One more thing HTTP Security level option is always available in Sender Adapter.
  For more clarity about HTTPS find below link.
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  To enable the TrustedCA in SOAP Sender adapter. Go SOAP Sender> Security Parameter> Security Profile--> Web Service
  security. Then go to sender agreement there you need to give key store entry.

• Disabling SOAP sender adapter authentication

  How can I disable user/password authentication in a SOAP sender adapter?

  The question was answered by Sam Raju / Hans Dumbrajs in thread Exposing anonymous WS.
  Hereafter is an even more radical method that I used with a Netweaver 2004 SP12.
  But BEWARE! this is VERY bad practice, because authentication becomes disabled for ALL web services. It must only be used on a development system. Moreover, from SP14, there are many more options that would allow to turn this on/off per web service. I used it once, just to sort out service design issues from authentication burdens and then I quickly restored a proper config as we fought with WS-security settings in a remote system that had to call a service hosted on XI.
  Here is: locate the web.xml deployment descriptor for the server at stake. You should find it on a path like:
  /usr/sap/<systemID>/DVEBMGS00/j2ee/cluster\server0/apps/sap.com
  /com.sap.aii.af.soapadapter/servlet_jsp/XISOAPAdapter/root/WEB-INF
  Then SAVE A COPY of the web.xml file.
  Edit the web.xml and remove the three sections:
  <security-constraint>, <login-config>, and <security-role>
  Login to the J2EE visual Admin console go to cluster tab, Server 0... and right-click REBOOT.
  There you are.
  Strongly recommended: learn about WS-security and upgrade to SP14 or above to get back in control of security issues.
  (the truth is that integration systems are ever-ever-ever more complex year after year...)

• Authentication of SOAP Sender Communication

  Dear XI gurus,
  I have scenario , where i am exposing an Message interface as webservice from XI, which will be consumed by a web portal and send the messages to XI. When sending messages to XI, the XI SOAP Sender needs an authentication with user id and password. My problem is i want to disable this authentication. Because when sending the message to XI from portal., they dont have provision to suppy user id and password. Can anybody advice how to disable the authenticaion for an XI exposed webservice? i.e i want to send the messages to XI exposed webservice with out userd id and password. or else there is any other alternate to give the user id and password alond with the SOAP URL.
  Regards
  Vijayanand Poreddy

  Hi,
  Please see the below links so that you can have clear Idea..
  /people/saravanakumar.kuppusamy2/blog/2005/02/07/interfacing-to-xi-from-webdynpro
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/java/integrating%20web%20dynpro%20and%20sap%20xi%20using%20jaxb%20part%20ii.article
  Thanks
  Vikranth

• Only HTTPS requests are working for SOAP Sender and HTTP not working

  wHi Experts,
  We have enabled our HTTPS port ( SSL ) in NWA -- >> Security -- >> SSL and Key stores. So understanding is HTTPS port is now enabled on top of HTTP. So PI should be able to cater requests at both ports.
  Now, we have developed a synchronous SOAP to RFC scenario and downloaded WSDL file. This file has both links -
  a. http:<host>:<port>
  b. https:<host>:<port>
  We intend to make a PI system where both ports can work. Now questions.
  1. When we test web service exposed from PI using SOAPUI tool, only HTTPS works fine and gets the response back. If we try HTTP URL, an error is encountered - HTTTPS scheme is required.
  2. Is this whole understanding that both ports  ( HTTP, HTTPS ) should be able to operate simultaneously correct ? Or this is not at all possible ?
  3. In SOAP Sender, we tried selecting all 3 options - 1. HTTP 2. HTTPS without client authentication 3. HTTPS with client authentication.
     None of the options have any effect on testing, Each time, only HTTPS request works and HTTP doesn't.
  Can anyone please provide some hints for troubleshooting ?
  Thanks..
  regards,
  Rajagopal.

  The error "HTTPS scheme is required" is normally returned when the HTTP Security Level on the SOAP adapter is not set to "HTTP". I can see you have mentioned you have tried all these, maybe a cache refresh has gone wrong? Could try recreating the channel with just HTTP specified as security level and this should allow HTTP or HTTPS
  I assume you are using a different port number for  your HTTP and HTTPS requests from SOAP UI. Normally the HTTPS port is the same as the HTTP port number but the final zero changed to a 1 i.e. https://<host>:50001 instead of http://<host>:50000.
  You should be able to confirm both HTTP and HTTPS work OK by loading some of the system webpages in a browser over HTTP and over HTTPS i.e. http://<host>:<port>/nwa and https://<host>:<port>/nwa
  Chris

• Connection problem in SOAP Sender Channel

  Dear All,
  I have created two SOAP Sender channel with the following specification:
  Transport Protocol - HTTP
  Message Protocol - SOAP 1.1
  HTTP Security Level - HTTP
  But while sending a message from a Java client, I am getting the following error :
  The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="XISOAPApps"'.
  Please suggest if you find any way out.
  Thanks and Regards,
  Rana Brata De

  Hi Rana
  Looks like you have used authentication scheme as 'anonymous'. But you have chosen the option 'HTTP' in soap adapter.
  So you have to pass the user id and password during the call.
  Sample Code:
  ICalcCTCWebService calcCTCWebService = calcCTCWebServiceImplServiceLocator.getCalcCTCWebServiceImplPort();
  Stub stub = (Stub)calcCTCWebService;
  stub._setProperty(Stub.USERNAME_PROPERTY, "abc");
  stub._setProperty(Stub.PASSWORD_PROPERTY, "xyz");
  You can also test the WSDL from SOAP UI and provide user name and password in the header section in SOAP UI and see if the message goes to PI or not.
  You can also try the below option in the sender soap adapter and see if it works or not.