Testing exampleswebapp/SnoopServelt.jsp on https and client-cert

Similar Messages

• BASIC_PLAIN and CLIENT-CERT for SAML2 authentication

  Hi,
  I recently managed to set up kerberos on weblogic 10.3.5 using the negotiate provider so that I can log in to the console automatically with my windows authentication token.
  I also have saml2 IDP set up on the same weblogic server for logging in to Salesforce.
  I was hoping that I could configure weblogic to automatically log me in to Salesforce as well. The weblogic saml2.war file in WL_HOME/server/lib contains a web.xml file and I changed the login in this from BASIC_PLAIN to CLIENT-CERT. However when the call is made to /saml2/idp/login I get a 403 authorization denied message back. The debug seems to indicate that the browser did not return a SPGNEGO type token. If I revert back to BASIC_PLAIN I can log into Salesforce again, but only after entering my credentials in the basic auth window.
  I wondered if anyone might have any tips to solve this?
  Thanks,
  Ed.

  Hi,
  May be below links will be helpful
  Check the following links.. you will get the information all about the securities...
  http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
  Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Also find soeminformation in these links
  http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
  /people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
  Step by step guide for SSL security
  step by step guide to implement SSL
  Please go through below link for referance (above information is from below link)
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
  General guide
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
  Message level security
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Regarding message level you can encrypt the message using certificates.
  For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
  Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
  Thanks
  Swarup

• Defining an Authentication Scheme for user ID and password and client certi

  Hi,
                  I do need to define an Authentication Scheme for user ID/Password and client certificate,, both at the same time, so whenever the end user access the SAP Portal he/she will be asked to provide user and password as well digital certificate,
                  Despite of the whole idea behind o f the concept of digital certificate, my client sill wants to keep the user ID and password to complies with business requirements.
       I found a documentation that discuss Authentication Scheme with example using both ID and Digital certificate, but the priority was set different for each authentication method.
  http://help.sap.com/saphelp_nw04s/helpdata/en/d3/1dd4516c518645a59e5cff2628a5c1/content.htm
       So I am wondering with I can accomplish User ID/Pwd plus digital certificate just by making the priority the same value. Anyone had a similar requirement?
  Best Regards
  Claudio Rocha

  Hi
  Did you get an answer for this Query ?
  Regards
  Priyanka

• HTTPS and client invocation of web service - how to?

  Got some web services that are document and document wrapped. Have generated the
  client stubs using <clientgen> ANT task from BEA. Time to run a test against
  the web services, but they have to run on HTTPS. When I invoked my web service
  using the HTTPS://.... URL, I got this:
  [java] 5) testQuoteStubs(com.arrow.arrowsoap.client.QuoteServiceClientTest)
  weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from
  https://localhost:7002/QuoteService?WSDL. Please check the URL and make sure
  th
  at it is a valid XML file [javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIF
  ICATE - A corrupt or unuseable certificate was received.]
  Cool. So how do I assign a default CERT to the https client? This is on a developer
  instance of WL 8.1. I don't want to run the test on HTTP b/c I need to see how
  it works with HTTPS (need to simulate a bona fide downstream user). Any help
  is greatly appreciated.
  Thanks
  -Jake

  Hi Jacob,
  Take a look at the simple, one way SSL example [1] however it sounds
  like you want to have the client provide a cert back to the server,
  implying two-way SSL. You can find a two-way example here [2].
  Regards,
  Bruce
  [1]
  http://webservice.bea.com/simpleSSL.zip
  [2]
  http://webservice.bea.com/SSL2way.zip
  Jacob Anderson wrote:
  >
  Got some web services that are document and document wrapped. Have generated the
  client stubs using <clientgen> ANT task from BEA. Time to run a test against
  the web services, but they have to run on HTTPS. When I invoked my web service
  using the HTTPS://.... URL, I got this:
  [java] 5) testQuoteStubs(com.arrow.arrowsoap.client.QuoteServiceClientTest)
  weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from
  https://localhost:7002/QuoteService?WSDL. Please check the URL and make sure
  th
  at it is a valid XML file [javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIF
  ICATE - A corrupt or unuseable certificate was received.]
  Cool. So how do I assign a default CERT to the https client? This is on a developer
  instance of WL 8.1. I don't want to run the test on HTTP b/c I need to see how
  it works with HTTPS (need to simulate a bona fide downstream user). Any help
  is greatly appreciated.
  Thanks
  -Jake

• ACE and Client cert headers

  Hi all,
  We currently use a Cisco SCA for SSL off load. When adding client certificates to the SCA, there is an option to "Add Client Certificate Info" - which uses a check box to enable this feature. This feature, to the best of my knowledge, sends the headers to the server. We have configured a new service on an ACE context but need to enable this feature, is this possible and how do we enable the same feature on the ACE.
  ACE version A2(2.3)
  Thanks in advance for any assistant with this matter.

  Hello,
  it is possible on ACE too, at least in recent sw versions:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/ssl/guide/terminat.html#wp1169219
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/ssl/guide/terminat.html#wp1169832
  as you can see here:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_x/Release/Note/RACEA2_3_X.html#wp586054
  this was introduced in A2(3.0) so if you'll need to use the feature you'll have to upgrade.
  Hope it helps,
  Francesco

• Client Certs for just one directory using IIS

  I am using JRun 4 and IIS 5 on one site and IIS 6 on another, and am using SSL and requiring client certificates. I have all that working through IIS's site properties but my issue is that I only want to accept client certificates on one directory, in fact I only want the request for the client cert to pop up on that one directory. By setting the JRun.dll to the proper security settings to accept client certificates in IIS, any jsp file will prompt for the cert.
  Do I not want to want to use IIS to set up my SSL and client cert request as opposed to doing it in the web.xml? All my research pointed me to do this through IIS. Using IIS, do I need to use another ISAPI Jrun connector? How do I do that?
  Can someone tell me a way to get this working for a client cert prompt only for the one directory either though IIS or application security?
  Thanks for any input you can provide.

  Hello Bill,
  I am sorry but I do not have an answer to your issue. It just
  happend that I am trying to set up SSL connection between JRUN 4
  and IIS 5 using JRUN ISAPI connector. Unfortunately every time I
  try to run the "*.jsp" test page I am getting "fetchprops" error
  message on JRUN ISAPI connector. Would you be able to give me some
  hints as to what could cause this issue. By the way, I am testing
  it only with trial version of SSL certificate on IIS.
  Thank you

• When converting over to HTTPS and PKI for clients, not all actions are available in configuration manager cpl

  I'm not exactly sure which forum heading this should go under so if this isn't correct please let me know or move it on my behalf.  
  So I am trying to setup Internet Based Client Management in SCCM 2012 R2 and have come across a few articles on how to do so.   I think I have mostly gotten it to work but I seem to be having a client issue when deploying new machines.  My already
  deployed servers seem to have picked up the PKI setting no problem.  In the past when I would deploy a new windows client everything would be fine.  When i converted over to PKI in my test environment I am now having issues when I go to deploy a
  new windows client. I don't get all of the Actions listed in the Configuration Manager control panel.  All I have are Discovery Data Collection, Machine Policy Retrieval and Eval, User Policy Retrieval and Eval, and Windows Installer Source list Update
  Cycles, before all of them would populate no problem.  I have let this machine sit here for several hours and nothing has changed yet.  It does say PKI for client certificate.  Sometimes when I would deploy new machines it would say NONE for
  Client certificate.  In my production environment it says self-signed.  I have found if i uninstall the client and re-install the client it does populate all of the cycles but I don't understand why it is not working on deployment.
  Ok so maybe not all the time that when i reinstall the client it fixes it.  I just did an uninstall and reinstall on a test client and all it has under actions are machine and user policy cycles.
  Does anyone have any ideas?

  Hi,
  I think SCCM client installed before the GPO applied, so you don't a certificate available when it is required.
  You can export and import the certificate by using MDT integration, try this blog for PKI part:
  How To: Build and Capture in Configuration Manager 2012 using HTTPS
  And in addition, you can upload the log to your onedrive so you can share with us.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Regular and Client-authenticated HTTPS?

  Hello guys,
  I am having trouble editing the deployment descriptor. This is the first time I deal with HTTPS, and I have tried to solve my problem by reading documentation on my own (namely, the servlet specification 2.4).
  I am developing a web application to be run on Tomcat 6 with JRE 6. I need to secure my application; certain parts need to be accessed via regular HTTPS (i.e. without client-certificate authentication); other parts need to be accessed via client-certificate authenticated HTTPS. I am not all that sure if I am modifying my web.xml correctly. I also want to restrict the access method to POST (i.e. I want to deny GET requests to these pages).
  Right now, I have added the following to my web.xml:
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>client-certificate authenticated pages</web-resource-name>
            <url-pattern>*.cca</url-pattern>
            <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>cca_user</role-name>
       </auth-constraint>
       <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
  </security-constraint>
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>regular https pages</web-resource-name>
            <url-pattern>*.rh</url-pattern>
            <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>rh_user</role-name>
       </auth-constraint>
       <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
  </security-constraint>As you can probably notice, the two instances of <security-constraint> are almost identical. So here are the problems:
  1. Something must be missing before the difference between client-certificate-authenticated https and regular https is established.
  2. Since I want to force the use of client-certificate-authenticated https on requests to *.cca, I must let the application server know which client identity I am expecting. I still have no clue how to do that.
  3. I put <http-method>POST</http-method> in both instances of <security-constraint>, but I doubt it does what I mean it to do. It probably means to apply the security constraint only if the matching URLs are accessed via POST (i.e. no security is required when these pages are accessed via GET). This is not the behaviour that I want.
  Can somebody help me with the above problems?
  Edited by: SwordAngel on Jul 30, 2008 4:15 AM

  Hi Jacob,
  Take a look at the simple, one way SSL example [1] however it sounds
  like you want to have the client provide a cert back to the server,
  implying two-way SSL. You can find a two-way example here [2].
  Regards,
  Bruce
  [1]
  http://webservice.bea.com/simpleSSL.zip
  [2]
  http://webservice.bea.com/SSL2way.zip
  Jacob Anderson wrote:
  >
  Got some web services that are document and document wrapped. Have generated the
  client stubs using <clientgen> ANT task from BEA. Time to run a test against
  the web services, but they have to run on HTTPS. When I invoked my web service
  using the HTTPS://.... URL, I got this:
  [java] 5) testQuoteStubs(com.arrow.arrowsoap.client.QuoteServiceClientTest)
  weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from
  https://localhost:7002/QuoteService?WSDL. Please check the URL and make sure
  th
  at it is a valid XML file [javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIF
  ICATE - A corrupt or unuseable certificate was received.]
  Cool. So how do I assign a default CERT to the https client? This is on a developer
  instance of WL 8.1. I don't want to run the test on HTTP b/c I need to see how
  it works with HTTPS (need to simulate a bona fide downstream user). Any help
  is greatly appreciated.
  Thanks
  -Jake

• Testing of HTTP and RFC adapters

  Hi SAP guru,
  Can u please help me in knowing that how we can test HTTP and RFC adapters in any scenarios.
  Thanks & Regards
  Vijaya

  hi,
  Testing RFC connection
  http://www.riyaz.net/blog/index.php/2008/02/06/understanding-the-rfc-adapter/
  You can test if HTTP adapter is working fine or not as mentioned below.
  1. test the adapter_plain service in TCODE SICF
  adapter_plain service can be found under /default_host/sap/xi/adapter_plain
  or
  2. TCODE : SMICM and then Shift + F1 and you can see the status of the HTTP server
  Regards
  joel

• Visual Studio generates wrong proxy and client config for WCF Service Host with customBinding

  Hi,
  I have  a simple WCF test service.
  The serviceModel configuration for the looks like this:
  <system.serviceModel>
  <bindings>
  <customBinding>
  <binding name="NewBinding0">
  <byteStreamMessageEncoding>
  <readerQuotas maxDepth="10" maxStringContentLength="10000" maxArrayLength="10000"
  maxBytesPerRead="1000" maxNameTableCharCount="200" />
  </byteStreamMessageEncoding>
  <tcpTransport />
  </binding>
  </customBinding>
  </bindings>
  <diagnostics>
  <messageLogging logMalformedMessages="true" logMessagesAtTransportLevel="true" />
  </diagnostics>
  <services>
  <service name="WcfServiceLibrary2.Service1">
  <endpoint address="mex" binding="mexHttpBinding" name="mexName"
  contract="IMetadataExchange" />
  <endpoint address="net.tcp://localhost:8734/WcfServiceLibrary2/Service1.svc"
  binding="customBinding" bindingConfiguration="NewBinding0" name="tcpName"
  bindingName="" contract="WcfServiceLibrary2.IService1" />
  <host>
  <baseAddresses>
  <add baseAddress="http://localhost:8733/Design_Time_Addresses/WcfServiceLibrary2/Service1/" />
  </baseAddresses>
  </host>
  </service>
  </services>
  <behaviors>
  <serviceBehaviors>
  <behavior name="">
  <serviceMetadata httpGetEnabled="true" />
  <serviceDebug includeExceptionDetailInFaults="false" />
  </behavior>
  </serviceBehaviors>
  </behaviors>
  </system.serviceModel>
  However the auto generated client side serviceModel looks like this:
  <system.serviceModel>
  <bindings>
  <customBinding>
  <binding name="tcpName">
  <textMessageEncoding messageVersion="Soap12" />
  <tcpTransport />
  </binding>
  </customBinding>
  </bindings>
  <client>
  <endpoint address="net.tcp://localhost:8734/WcfServiceLibrary2/Service1.svc"
  binding="customBinding" bindingConfiguration="tcpName" contract="ServiceReference2.IService1"
  name="tcpName" />
  </client>
  </system.serviceModel>
  Note the Encoding has changed to from byteStreamMessageEncoding to textMessageEncoding.
  When I test the service with WCF Test Client, I get the error "Addressing Version 'AddressingNone (http://schemas.microsoft.com/ws/2005/05/addressing/none)' does not support adding
  WS-Addressing headers."
  The error message makes sense in considering the client is mis-configured. I could manually modify the client side configuration, but I don't know how to give that to the WCF Test Client.
  When I run my own test client code, I get a NullReferenceException creating the Channel
  at System.Text.UTF8Encoding.GetByteCount(String chars)
  at System.ServiceModel.Channels.EncodedFramingRecord..ctor(FramingRecordType recordType, String value)
  at System.ServiceModel.Channels.EncodedContentType.Create(String contentType)
  at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.CreatePreamble()
  at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel..ctor(ChannelManagerBase factory, IConnectionOrientedTransportChannelFactorySettings settings, EndpointAddress remoteAddresss, Uri via, IConnectionInitiator connectionInitiator, ConnectionPool connectionPool, Boolean exposeConnectionProperty, Boolean flowIdentity)
  at System.ServiceModel.Channels.ConnectionOrientedTransportChannelFactory`1.OnCreateChannel(EndpointAddress address, Uri via)
  at System.ServiceModel.Channels.ChannelFactoryBase`1.InternalCreateChannel(EndpointAddress address, Uri via)
  at System.ServiceModel.Channels.ServiceChannelFactory.ServiceChannelFactoryOverDuplexSession.CreateInnerChannelBinder(EndpointAddress to, Uri via)
  at System.ServiceModel.Channels.ServiceChannelFactory.CreateServiceChannel(EndpointAddress address, Uri via)
  at System.ServiceModel.Channels.ServiceChannelFactory.CreateChannel(Type channelType, EndpointAddress address, Uri via)
  at System.ServiceModel.ChannelFactory`1.CreateChannel(EndpointAddress address, Uri via)
  at System.ServiceModel.ClientBase`1.CreateChannel()
  at System.ServiceModel.ClientBase`1.CreateChannelInternal()
  at System.ServiceModel.ClientBase`1.get_Channel()
  at ConsolWCFTestApp.ServiceReference2.Service1Client.GetXSDFiles(String path) in c:\Users\malley\Documents\Visual Studio 2013\Projects\WcfService1\ConsolWCFTestApp\Service References\ServiceReference2\Reference.cs:line 127
  at ConsolWCFTestApp.Program.Main(String[] args) in c:\Users\malley\Documents\Visual Studio 2013\Projects\WcfService1\ConsolWCFTestApp\Program.cs:line 14
  at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
  at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
  at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
  at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
  at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
  at System.Threading.ThreadHelper.ThreadStart()
  Any suggestions much appreciated.
  Martin

  Hi Martin00,
  I have tested your code in my side and I can meet the same exception as you.
  >>"Addressing Version 'AddressingNone (http://schemas.microsoft.com/ws/2005/05/addressing/none)' does not support adding WS-Addressing headers."
  Based the above exception, I try to use the following config:
  <textMessageEncoding messageVersion="Soap12" />
  Instead of this config code:
  <byteStreamMessageEncoding>
  <readerQuotas maxDepth="10" maxStringContentLength="10000" maxArrayLength="10000"
  maxBytesPerRead="1000" maxNameTableCharCount="200" />
  </byteStreamMessageEncoding>-->
  After that it works fine as following:
  Best Regards,
  Amy Peng
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• HTTPs without client authentication, error while posting through Altova

  Hi Experts
  I am doing a SOAP- XI-Proxy synchronous scenario where i have to use HTTPs without client authentication for the first time in my system.
  I have made the scenario and WSDL out of it.
  When i am trying to test it through Altova, i am getting the following error:
  <?xml version="1.0"?>
  <!-- see the documentation -->
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
      <SOAP:Body>
          <SOAP:Fault>
              <faultcode>SOAP:Server</faultcode>
              <faultstring>Server Error</faultstring>
              <detail>
                  <s:SystemError xmlns:s="http://sap.com/xi/WebService/xi2.0">
                      <context>XIAdapter</context>
                      <code>ADAPTER.JAVA_EXCEPTION</code>
                      <text><![CDATA[
  java.security.AccessControlException: https scheme required
      at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:918)
      at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl0_3.process(ModuleLocalLocalObjectImpl0_3.java:103)
      at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:296)
      at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0_0.process(ModuleProcessorLocalLocalObjectImpl0_0.java:103)
      at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:187)
      at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:496)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
      at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
      at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
      at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
      at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
      at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
      at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
            ]]></text>
                  </s:SystemError>
              </detail>
          </SOAP:Fault>
      </SOAP:Body>
  </SOAP:Envelope>
  i saw a few discussion on web but nowhere the solution was provided.
  the url is
  http://abc.sap.point:1234/XISOAPAdapter/MessageServlet?channel=:system:communicationchannel&amp;version=3.0&amp;Sender.Service=x&amp;Interface=x%5Ex
  i changed it to https also but in that case it was not even posting the request.
  i have set the sender adapter like this
  is there any setting that i am missing.
  What is the setting the i need to do in SM59.
  Please help me getting through this.
  Your help is highly appreciated. Thanks in advance.
  Neha

  HI Neha,
  1. Enable the https service in the ICM: you can follow the way to do it like is pointed out in the page 4 of this document (PI 7.1 and PI 7.0 has the same smicm abap transaction) http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66?overridelayout=t…
  2. Generate the certificate. Use the STRUST transaction. Chech this document SSL Configuration in SAP ABAP AS and JAVA AS – Step-by-step procedure
  Hope this helps.
  Regards.

• How to make call to Sender Soap Adapter using HTTPS with Client Aut

  Hello everyone, I have spent some time trying to get this to work. We downloaded a trail certificate from SAP and installed it on our machine and I created a webservice that works great. I tested the HTTPS without client authentification and it works great, as soon as I change it to use with Client Authentification I can't get it to go through. I am using Soap Sonar to test the certificates. To get the certificate I called the url with firefox then saved the certificate in my trust store, from there I import it to soap sonar as a signed certificate, but I am getting the error  <Exception>Object contains only the public half of a key pair. A private key must also be provided.</Exception>  I assume I am doing something way wrong, is there a way to get the certificate with both public and private key pair, or a way to test this that I can't seem to find in documentation or blogs?
  I def award points
  Cheers
  Devlin

  Hi
  I think This link is useful to u
  http://www.sapag.co.in/SAP-XI-SOAP-Adapter-FAQ'S.html
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/40611dd6-e66e-2910-f383-e80fb44f9cd4
  Thanks
  Santosh

• HTTPS with Client Authentication in SOAP sender Adapter

  Hi All,
  In SOAP Sender communication channel. When I generate WSDL with “HTTP Security Level = HTTP:” it works when third party tries to send data to XIwebservice.
  But when I tried with “HTTPS with Client Authentication” option its giving error
  “InfoPath either cannot connect to the data source, the service has timed out, or the server has an invalid certificate.”
  Please guide how to use “HTTPS with Client Authentication” option, and what all configuration need to apply in XI & in third party to use this.
  Regards

  Rohan,
  With spy you can trace the entire route, since you are using client authentication using certificate, it would be a better option to verify with the certificate.
  You also have the option of using a username/pwd combo though that is not advocated as it lowers security levels and is permeable to passive sniffing.
  So the answer to your question is yes, after importing the certificate with sender and third party reciever a test would reveal the complete scenario along with any issues that you could encounter..
  Regards
  Ravi Raman

• HTTPS and a Proxy server?

  Does the plugin-in still not work with HTTPS and a proxy server?
  From plug-in docs -
  "Java Plug-in supports http, ftp, gopher and SOCKS v4 protocols through the proxy server. Currently, Java Plug-in does not support https (SSL). "

  Hello
  I am making HTTPS calls from within my applet code and this works fine using the basic Java Plug-in support for HTTPS.
  This means my code basically does:
  URL url = new URL("https://myhost.com/servlet/Test");
  URLConnection conn = url.openConnection();
  etc..
  We are using Java 1.4.2. I've read in the "How HTTPS Works in Java Plug-in" for 1.3, that the plugin uses the browsers API for making HTTPS connections. Is this still the case for 1.4?
  My basic problem is that it all works fine if the browser is NOT configured to use a proxy server. If a proxy server is configured we get the following Exception in the client:
  java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Bad Request ( The data is invalid. )"
  I have read that "Sun's Java Secure Socket Extension (JSSE) library allows you to access a secure Web server from behind a firewall via proxy tunnelling. However, JSSE expects the proxy's reply to the tunnelling request to begin with "HTTP 1.0"; otherwise, it throws an IOException" (http://www.javaworld.com/javatips/jw-javatip111_p.html)
  The article talks about using the JSSE library but it seems to be assuming the client is an application not an applet.
  How do I use JSSE from within an applet if all the proxy information I seem to need to set in the JSSE code is held by the browser?
  Will JSSE support proxies returning responses beginning HTTP 1.1 in the future?
  Any help on this would be greatly appreciated.
  Many thanks
  mark

• HTTPS with client auth

  Hello , I am working on a scenario to implement Client Authentication with HTTPS , i got to a blog where its mentioed of steps of implementing HTTPS with Client auth on XI system , in order to test it i would also require a webservice client that works for this purpose. i got to SAP Soap client , but whatz the way to generate the certificate request so that i can send it to CA and get it signed any ideas pl?

  Hi together,
  i have the same problem? is anybody out there who could give us some hints?
  many thanks
  alex schramm