SOAP Sender - minimal authorization

Similar Messages

• Web Service SOAP Sender Authorization

  Hi all
  I have been implementing a Web Service (SOAP Sender CC) that should be consumed by an external party. I have been testing it successfully using XMLSpy with the drawback of the authentication box coming up even though I have added sap-user and sap-password to the URL as following:
  http://<host>:50000/XISOAPAdapter/MessageServlet?channel=:SOAP_Service:CC_SOAP_Sender&sap-user=<name>&sap-password=<pass>
  The user that I have created for this has the profile SAP_XI_APPL_SERV_USER assigned.The request is successfully executed when I enter <name> and <pass> in the box. My understanding of it would be that the box does not show up if the login parameters are provided with the URL. Do I have to do any additional settings so that the login information will be taken from the URL parameters automatically instead bringing up the authoritzation box?
  My CC settings are as following:
  Adapter Type: SOAP (SAP BASIS 7.00)
  Sender
  Transport Protocol: HTTP
  Message Protocol: SOAP 1.1
  Adapter Engine: Integration Server
  HTTP Security Level: HTTP
  Conversion Parameters: Keep Headers
  Quality of Service: Best Effort
  Any feedback would be appreciated.
  Thank you,
  Daniel

  Hello Daniel,
  1. You can add username and password to the SOAP URL and expose your XI Interface as a webservice. Just that the URL is different than the one you are using and you do not need a Sender SOAP adapter but the blog I have listed above.
  2. You can turn of Basic authentication on Sender SOAP adapter's but it is not recommended as it would turn off all authentication for SOAP scenarios and it can lead to security risks.
  I have seen a few forum threads describing how to turn of Basic authentication for SOAP adapters but from what I have heard from SAP, they do not recommend using this option.
  Regards
  Bhavesh

• User level Authorization for SSO by using SOAP Sender

  Hi,
  Scenario : Non-SAP to PI 7.31 using SOAP Sender adapter.
  Authentication we need to go for user based level at the receiver system where the information shall be passed from the sender (non-SAP) and also we 're using Single Sign On method for this interface.
  Note : Previously we achieved this through WS-RM using SAML certificates, but this adapter doesn't support in PI7.31 single stack since we have option only by using SOAP adapter.
  Please suggest how can i achieve this for my current landscape.
  Thanks for your help.
  Warm regards,
  Ram.

  Hi!
  The SOAP Adapter itself has no queueing mechanism. But the PI has one if you work asynchronously.
  To pick files it may be helpful to use the Axis Framework of SOAP Adapter whre you can add your own adapter modules.
  Very helpful tips concerning the SOAP Adapter can be found in the SAP Note 856597 (FAQ SOAP Adapter XI 3.0 Pi 7.0 PI 7.1).
  For Axis Adapter FAQ refer to SAP note 1039369
  Hope this helps.
  Regards,
  Volker

• Soap Sender and RFC Adapter receiver getting APPLICATION_ERROR

  Hi, all,
  I have a webservice soap sender and RFC Adapter receiver scenario, it works fine with RFC "RFC_SYSTEM_INFO", When i tried the RFC "RFC_READ_TABLE", getting the following error message,  <SAP:Code area="RFC_ADAPTER">APPLICATION_ERROR</SAP:Code> in
  SXI_MONITOR, in webservice client, i am getting error message like this:
  <faultcode>SOAP:Server</faultcode>
           <faultstring>Server Error</faultstring>
           <detail>
              <rfc:ZZTEST_RFC_READ_TABLE.Exception xmlns:rfc="urn:sap-com:document:sap:rfc:functions">
                 <Name>TABLE_NOT_AVAILABLE</Name>
                 <Text>QUERY_TABLE not active in Dictionary</Text>
              </rfc:ZZTEST_RFC_READ_TABLE.Exception>
  Thanks a lot!

  Hi
  Its not compulsory but its good to wrap it as Z object.
  Well if you are facing problem with SOAP data. Then try to do one thing. Check with the data you received from SOAP message. If this works
  Then try to check in mapping is it passing the data correctly or not. With this check with the user authorization PIAPPLUSER. if its having less authorizations to execute this BAPI in ECC
  Thanks
  Gaurav

• SOAP Sender Adpater Authentication issue with Siebel

  Hello PI experts,
  I have developed scenario in which,
  SAP PI version: 7.31
  Sender : Siebel
  Sender Adapter: SOAP
  Receiver: SAP ECC
  Receiver Adapter: Proxy
  Scenario has been configured and wsdl is generated properly. I tested scenario using SOAP UI which gave me proper response.
  But when scenario has been tested through Siebel UI, its giving Authorization 401 error.
  HTTP/1.1 401 Unauthorized
  server: SAP NetWeaver Application Server 7.20 / AS Java 7.31
  date: Wed, 20 Aug 2014 05:54:58 GMT
  We have tried following approaches:
  1. Appending Credentials in URL
  2. Siebel team tried sending credentials in their workflow
  Referred blog:
  http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/03/07/a-closer-look-at-soap-sender-authentication
  But in all cases we got same error.
  Also, is there any possibility to turn of sender authentication for SOAP adapter ?. I tried approach of removing tags in web.xml but that also dint work.
  Please suggest some way
  Thanks,
  Gaurav Khandelwal

  Hi Gaurav,
  Can you please check with your basis is that firewall will be open to send data  through soap to PI.
  Thanks,
  Sreenivas

• Anonymous authentication requests via SOAP Sender adapter?

  Hi,
  Can someone please tell me whether it is possible to call the SOAP Sender adapter anonymously?
  We can set user credentials for the receiver system adapter but looking at the options in the SOAP Sender communication channel I can't see how it is possible to send messages though SAP PI without a user who has authorisations to process messages.
  Any advice greatly appreciated.
  Thanks,
  Alan

  can't see how it is possible to send messages though SAP PI without a user who has authorisations to process messages.
  The source system needs to use a user-id to send message to XI/ PI via SOAP.
  If you do not want to use any authorization there is a way to switch off the authentication for the entire SOAP adapter (i.e. for all the SOAP scenarios)....not advisable.
  This method was actually described in a discussion ages back
  Regards,
  Abhishek.

• SOAP Sender Adapter gets error '(401) Unauthorized.'

  Hi all,
  we are using XI 3.0 and have a scenario with a SOAP Sender Adapter, which is using "HTTPS with Client Authentication". I have configured everything I have found on the forum at Visual Admin and Integration Directory:
  Set the UME property ume.logon.allow_cert to TRUE in 'Service-->UME Provider'
  Imported client certificate and root CA certificate to 'Service-->Keystore'
  Created user with role role SAP_XI_APPL_SERV_USER
  Assigned this user to the client certificate in 'Security Provider-->UserManagement'
  Added the user to xi_adapter_soap_message and xi_adapter_soap_help in 'Security Provider'
  Added the root CA in 'SSL Provider>Dispatcher>Client Authentication' and marked 'Request client certificate.
  Added the user to BusinessSystem at tab 'Assigned Users'
  Added the user to Sender Agreement at tab 'Assigned Users'.
  Our business partner got a certificate of our server and the according PrivateKey is added to 'SSL Provider>Dispatcher>Server Identity'
  Unfortunately, our server certificate is not verified by an root CA!!
  When the business partner now browse the URL 'https://url:port/XISOAPAdapter/MessageServlet?channel=:BS_3RD_PARTNER:SOAP_SENDER&nosoap=true' on his system, he will get a 'Message Servlet is in Status OK'.
  But when he tries to process the URL directly in his messaging system, he gets an error '(401) Unauthorized.' 
  Any hints what could be the problem between browing the URL in InternetExplorer and sending from the messaging system?
  Does it really mean that authorization was successful, when getting  'Message Servlet is in Status OK' in the Browser?
  How can I assign an user when not using ClientAuthentication?
  I would be very thankful for every help...
  Grtz, Juergen

  Hi Satish,
  could the user or password also be wrong, even if you get 'Message Servlet is in Status OK' when browsing the URL in the Internet Explorer? I would have seen this as a sign, that the user authentication works basically...
  Is there a special place to store the password in the Visual Admin, or will the password be used, which is available in the SU01 ?
  Grtz,
  Juergen

• Use of variable header XHeaderName1 in SOAP sender adapter

  Hi all,
  I have a doubt regarding the use of adapter-specific attributes in SOAP sender adapter. In specific:
  the SOAP client should be able to pass a variable with the SOAP request (XHeaderName1 header variable) and this should be available in mapping (Dynamic configuration)
  I've already checked the [help page|http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm] but it seems I'm doing something wrong.
  I tried with those settings in SOAP adapter configuration:
  Keep headers checked
  XHeaderName1 = Test
  I try to call the SOAP adapters in the following 2 ways, but none works (the value is not available in message mapping with Dynamic configuration)
  1. Pass "Test" value xxxx in SOAP Header as a tag
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
       <SOAP-ENV:Header>
            *<Test>xxxx</Test>*
       </SOAP-ENV:Header>
       <SOAP-ENV:Body>
       </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  2. Pass "Test" value xxxx in SOAP URL
  http://host:50000/XISOAPAdapter/MessageServlet?channel=p:s:c&version=3.0&Sender.Service=...&Interface=...&Test=xxxx
  Could anyone give me a hint about how to pass those values in the SOAP call and eventually the correct config. of SOAP sender ?
  Thanks a lot,
  Manuel

  Hi Manuel,
  Could you give a bit more detail on how you handled the SOAP message yourself.
  I have a similar issue. I am consuming a non SAP Web Service which requires a non-standard token element to be passed back. I have created a an RFC sender to SOAP reciever scenario which works fine for the inital logon and returns the token it expects in the follow up messages.
  At present I'm at a loss so your help would be much appreciated. We have got round the immediate issue by creating and sending the SOAP message directly from SAP WAS.
  Could we use the XI Adapter and ABAP proxy in a similar way?
  Thanks,
  Tim J.

• Error while posting messages to SOAP sender adapter SP 13

  Hi Friends,
                  I have configured a SOAP sender adapter in XI 3.0 and is using the URL
  http://host:port/XISOAPAdapter/MessageServlet?channel=:BS_WEBSERVICE:CC_WEBSERVICE_SOAP to post the messages. When I open the URL in the browser I am getting the error.
  Message Servlet is in Status ERROR
  Status information:
  Servlet com.sap.aii.af.mp.soap.web.MessageServlet (Version $Id: //tc/aii/30_VAL_REL/src/_adapters/_soap/java/com/sap/aii/af/mp/soap/web/MessageServlet.java#5 $) bound to /MessageServlet
  Classname ModuleProcessor: null
  Lookupname for localModuleProcessorLookupName: localejbs/ModuleProcessorBean
  Lookupname for remoteModuleProcessorLookupName: null
  ModuleProcessorClass not instantiated
  ModuleProcessorLocal not instantiated
  ModuleProcessorRemote not instantiated
  But when I test the URL http://host:port/XISOAPAdapter/HelperServlet?action=FindChannel&channel=:BS_WEBSERVICE:CC_WEBSERVICE_SOAP to check the communication channel I am getting the right response as below.
  <?xml version="1.0" ?>
  <http://host:port/XISOAPAdapter/HelperServlet?action=FindChannel&channel=:BS_EBTR_WEBSERVICE:CC_EBTR_WEBSERVICE_SOAP> <s:ChannelInfo xmlns:s="http://sap.com/xi/WebService/xi30">
    <channelID>e7ac884596ea3d088cbfd8b434f942f2</channelID>
    <name>CC_WEBSERVICE_SOAP</name>
    <type xmlns:st="http://sap.com/xi/XI/System">st:SOAP</type>
    <direction>INBOUND</direction>
    <party />
    <service>BS_WEBSERVICE</service>
    </s:ChannelInfo
  I used the http capture to debug, In the 1st case though I am getting "Message Servlet in status error" I am seeing a 200 OK code in the http capture tool. When the message is posted from .net client proxy we are getting a 500 internal server error.
  Am not sure what causes the error ? I saw two notes in SDN related to SOAP - J2EE SP13. We are in SP13. Is this the issue ? Wanted to know your opinion before applying the notes.
  Thanks & Regards,
  Mathew

  ABAP & Java stack was on different SP levels.

• Variable Transport Binding - Soap Sender

  Hello all,
  I'm trying to retrieve a parameter from the HTTP header of a SOAP request.
  I have created a SOAP sender communication channel, checked "Set Adapter-Specific Message Attributes" and "Variable Transport Binding", and entered the name of the parameter in Variable Header (XHeaderName1).
  When I send the SOAP request, DynamicConfiguration exists with all standard parameters, but there is no XHeaderName1...
  If I try the same with sender HTTP adapter, it works fine.
  In the other way, if the dynamic configuration parameter XHeaderName1 already exists, and I try to add it in a HTTP header parameter in a receiver SOAP CC, that works.
  Does somebody know why this doesn't work in the sender one?
  Thanks,
  Greg
  PS: I'm using PI7.0 SP14

  Hello,
  I can see in dynamic configuration, with the namespace http://sap.com/xi/XI/System/SOAP, the standard HTTP parameters like SServerHost, SRemoteUser, etc...
  But if I add a HTTP header parameter in the SOAP request, and I try to retrieve it with the SOAP sender CC, the parameter is not added in the dynamic configuration. If the name of the added HTTP header parameter is "TestParam", I put "TestParam" in the XHeaderName1 field of the sender CC, but the value is not added in the dynamic configuration. This is my problem.
  Thanks,
  Greg

• Variable Transport binding - SOAP Sender Adapter

  Hi All
  have a scenarion where Sender System is sending Custom SOAP Header as below into P through SOAP Sender ChannelI.
  And the requirement is to access the values coming in Header fields, example within Message Mapping need to Map Headername1 value to Outgoing structure.
  <soapenv:Header>
       <Header1>S1</Header1>
       <Header2>S2</Header2>
       <Header3>S3</Header3>
  </soapenv:Header>
     <soapenv:Body>
       u2026..
     </soapenv:Body>
  Have checked the Paramter KEEP Headers in SOAP Adapter and in Adapter Specific Message Attributes have defined the following
  Variable Header (XHeaderName1) = Header1
  Variable Header (XHeaderName2) = Header2
  Variable Header (XHeaderName1) = Header3
  Now need to know what should be mentioned in the UDF in the Message Mapping for accessing Dynamic Configuration. Will these headers mentioned will be a part of Dynamic Configuration or not ?
  Using the below UDF and its failing in Message Mapping - kindly suggest the corect way of achieving the same
  DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
  DynamicConfigurationKey key1 = DynamicConfigurationKey.create( "http://sap.com/xi/XI/System/SOAP", "XHeaderName1");
  String value = conf.get(key1);
  return  value  ;
  Appreciate response in this regard
  //Swetank

  Hi Abhishek
  Its failing at runtime at Message Mapping stage. The real problem is that I can't see the Header1 in my Dynamic Configuration header - it has all the other fields like SServerHost, SRemoteUser, but not my Header1 (S1) field. Thus either the UDF is wrong or any configuration in SOAP Sender Channel needs to be adjusted.
  Further I am not sure whether Custom SOAP Header fields can be a part of Dynamic Configuration or they only show fields which are part of HTTP header.
  //Swetank

• Adapter Module in SOAP Sender Adapter

  Hi All,
  To Confirm, Is it possible to use Custom Adapter Modules in SOAP Sender Adapter. If so, where exactly custom module has to be placed in communication channel with respect to the standard bean of SOAP Adapter.
  Thanks in advance.
  Regards,
  Sudharshan N A

  Hi,
  The sender adapter cannot be extended Check this
  http://help.sap.com/saphelp_nwpi711/helpdata/en/43/951aceb1146353e10000000a11466f/frameset.htm
  http://help.sap.com/saphelp_nwpi711/helpdata/en/cd/5af7c0c994e24fb0d0088443513de2/frameset.htm
  Regards
  Suraj

• Default namespace in the SOAP sender adapter

  Hi All!
  Sorry for the following really easy question but what is the default interface name and default namespace in the SOAP sender Adapater? The name of the interface to where the adapter should forward the received SAOP message?
  it means that for every soap message a new communication channel should be created. Or only one channel is enough?
  And in the receiving case only one is enough or for every web services a new receiving communication channel need to be created?
  Thank you for your answer.

  Hi,
  q) what is the default interface name and default namespace in the SOAP sender Adapater?
  Ans) Soap Sender does not have any default namespace and interface.  That can be set at Sender Agreement. 
  q) The name of the interface to where the adapter should forward the received SAOP message?
  Ans : That message is forwarded to Adapter Engine and then to integration Engine. That takes interface in sender agrement and Namespace.
  it means that for every soap message a new communication channel should be created. Or only one channel is enough?
  Ans:  For sender, 1 communication channel is enough. For Receiver, if you have 10 different systeems, then  you need to create those many receiver communication channels .
  And in the receiving case only one is enough or for every web services a new receiving communication channel need to be created?
  Ans : Same as above
  Note  Soap message is not criteria for creating channels....  Please note that .. soap communication channels creates soap messagae.
  -Subbu

• SAP PI 7.1 SOAP sender 500 internal server error

  Hello!
  We would like to receive messages from our business partner. As the partner sends EDIFACT we have to use the conversion from EDIFACT-text to EDIFACT-xml. That's why we have to use SOAP instead of plain HTTP.
  As the partner already sent messages over X.400 we just added a SOAP communication channel and used this channel in the sender agreement instead of the X.400 communication channel.
  We sent the following link to the customer:
  http://<server>:<j2ee port>/XISOAPAdapter/MessageServlet?channel=<party>:<service>:<SOAP sender communication channel>
  One question: is the <service> the communication component used for the partner?
  At the moment the partner receives a 500 error message. Due to our network partner the message reaches the PI system.
  Due to the information I found that also a message parsing error can cause a 500 error message I would like to add the processing sequence:
  Does anyone have an idea how to solve this problem?
  Thanks a lot!
  Regards
  Christian

  Hi Christian
  You can refer to the following SAP Library link on how to configure the SOAP sender.
  Configuring the Sender SOAP Adapter - Configuring the SOAP Adapter in the Integration Directory/PCK - SAP Library
  For the URL, the <service> is the Communication Component that the SOAP channel belongs to.
  Using the example below, the value would be P_B2B_:BC_:CC_S_SOAP_
  Actually SAP recommends a new alternative for the URL. If you scroll right to the end of the library link above.
  You have configured the sender SOAP adapter. You can trigger a call to the sender SOAP adapter using either of the following URLs. However, SAP recommends you to use the second option.
  http://hostname:portname/XISOAPAdapter/MessageServlet?channel=partyname:service name:channelnameIf you have not created a party, enter channel=servicename:channelname.
  http://hostname:port name/XISOAPAdapter/MessageServlet?senderParty=name of the sender party<&senderService>=name of the sender service<&interface>=name of the interface<&receiverParty>=name of the receiver party<&receiverService>=name of the receiver service<&interfaceNamespace>=name of the interface namespace
  You can get this by generating the WSDL from the Sender Agreement object (Sender Agreement -> Display WSDL). The generated URL will be at the last section of the WSDL.
  Also, please note that modules cannot be added to the SOAP sender adapter, also mentioned in the link.
  You cannot add your own modules to this adapter.
  An alternative would be to receive the EDIFACT Flat file as it is, and write it to at temporary File/FTP location. Then have a second channel pick it up, you can configure the second channel with module to convert it to EDIFACT XML.
  Lastly, regarding the issue about the partner getting HTTP 500 error. Please check if you are able to see any error logs in the communication channel. It might give you some pointers as to what might be wrong - invalid sender agreement, etc, etc.
  Rgds
  Eng Swee

• SOAP sender adapter and XI adapter reusablity

  Hi,
  We are having good amount of interfaces using SOAP sender and XI Adapters (WS to Proxy scenarios).
  My question is :
  we can make reuse of Sender SOAP and Rcvr XI adapters in all scenarios.
  If we reuse these adapters in all our interfaces what are the limitations and any problems we may face in future?
  Replies will be highly helpful.
  Thanks
  Kishore
  Edited by: kishore kumar on Jan 21, 2010 7:23 PM

  SOAP sender depends on the Sender Message Interface and Namespace (in versions lower than SAP PI7.1) so if your scenarios satisfy these parameters then you can (rather should) re-use the channels.
  Similarly for the PROXY receiver channel....if the proxy is being hosted on one particular receiver SAP ECC system then the details in all the channels that you create will be the same and wont be recommended....hence even this can be re-used.
  There is no issue in re-using the channels....just that you should closely monitor these channels to ensure that they do not stop/ fail causing all the involved interfaces to stuck.
  Regards,
  Abhishek.