Web Service SOAP Sender Authentication issue

Hi Experts,
Synch Scenario: Webservice call from SOAP client-> XI -> RFC Bapi call to R/3 and back to SOAP client with data.
Soap Adapter on J2ee receives and process call ok, the error we are getting is on connection from AFW to IS; the error in the security log is:
Attempting to create outgoing ssl connection without trusted certificates ,
Warning , /System/Security/SecureConnectionFactory ,
com.sap.security.core.server.https.SecureConnectionFactory , 
Any tips where to look? We have enabled Principal Propagation via assertion tickets following SAP document to carry user id to R3 for authority check when Bapi runs.
IS self signed cert has been imported to J2ee Ticketkeystore and J2ee cert has been imported to IS Strust/StrustSOO2 store adn added to ACK list. WE are using Http between J2ee and IS...hwoever from the erroe message it looks like it is evaluatiing https library com.sap.security.core.server.https.SecureConnectionFactory ?
Thanks in advance for any help.
Margaret

did u instsall CA in ur visual admin for https/ssl t owork

Similar Messages

  • Web Service SOAP Sender Authorization

    Hi all
    I have been implementing a Web Service (SOAP Sender CC) that should be consumed by an external party. I have been testing it successfully using XMLSpy with the drawback of the authentication box coming up even though I have added sap-user and sap-password to the URL as following:
    http://<host>:50000/XISOAPAdapter/MessageServlet?channel=:SOAP_Service:CC_SOAP_Sender&sap-user=<name>&sap-password=<pass>
    The user that I have created for this has the profile SAP_XI_APPL_SERV_USER assigned.The request is successfully executed when I enter <name> and <pass> in the box. My understanding of it would be that the box does not show up if the login parameters are provided with the URL. Do I have to do any additional settings so that the login information will be taken from the URL parameters automatically instead bringing up the authoritzation box?
    My CC settings are as following:
    Adapter Type: SOAP (SAP BASIS 7.00)
    Sender
    Transport Protocol: HTTP
    Message Protocol: SOAP 1.1
    Adapter Engine: Integration Server
    HTTP Security Level: HTTP
    Conversion Parameters: Keep Headers
    Quality of Service: Best Effort
    Any feedback would be appreciated.
    Thank you,
    Daniel

    Hello Daniel,
    1. You can add username and password to the SOAP URL and expose your XI Interface as a webservice. Just that the URL is different than the one you are using and you do not need a Sender SOAP adapter but the blog I have listed above.
    2. You can turn of Basic authentication on Sender SOAP adapter's but it is not recommended as it would turn off all authentication for SOAP scenarios and it can lead to security risks.
    I have seen a few forum threads describing how to turn of Basic authentication for SOAP adapters but from what I have heard from SAP, they do not recommend using this option.
    Regards
    Bhavesh

  • Web Services - SOAP Sender and WSS

    I created a web service in PI 7.0 and created a WSDL for the client.  I created it to go to the Integration Engine instead of the Adapter Engine.  It uses HTTP (not SSL).  I am able to test it using soapUI (and a user/pwd with SAP_XI_APPL_SERV_USER role).  It works fine there.
    I gave my WSDL to the person making the real service client.  It turns out they can only make a call with WSS-PasswordType sent to "PasswordText" or "PasswordDigest".  He is getting an 401 Login error with every attempt.  I messed with these settings in soapUI and get the same error.
    Now I guess I need to adjust my service to support a WSS-encrypted password.  I generally assume such a thing would be driven from the server.  Do I need to get a certificate from my client?  I also assume I will need to make my service run through the Adapter Engine to support this...hence need to make Sender CC and Sender Agreement now in order to set up the WSS details.
    Please let me know if you agree.  Else...is there a way to leave my service as it is (through IE) and just handle the clients WSS password another way?
    Thanks,
    Keith

    You have to use Axis framework in SOAP adapter to handle this.

  • SOAP Web Service +  Custom Login Module issue

    Hi Guys,
    We faced an authentication issue in our project. Could you please give any advice how the issue could be resolved.
    Environment: A simple SOAP Web Service on top of POJO class created in a Web Application. The web application deployed to the SAP NetWeaver 7.10 Application Server in the Enterprise Application Archive.
    Configuration:
          Single Service Administration Application(NetWeaver Administration -> SOA Management -> Application and Scenario Communication -> Single Service Administration)
           The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
        Authentication Application(NetWeaver Administration-> Configuration Management->Security->Authentication)
          The application(<vendorName>/<earName>*<vendor>~<webAppName>) has Authentication Stack configured to use our custom login module.
    Issue:  BasicPasswordLoginModule used by the J2EE when we are trying to execute the web service using Web Service Navigator(checked in debug mode). It seems that we missed something in configuration.
    Idea: The main Idea is to use our custom login module when we are executing a web service.
    Could you help me to resolve the issue.
    Thanks,
    Dmitry
    Edited by: Dmitry Eidin on Jul 17, 2009 3:46 PM

    > The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
    That's the point.

  • Problem consuming web service with basic authentication

    Hello,
    I've set up a web service with basic authentication. Although I have to log in before being able to open the overview page of the web service in the Web Service Navigator, the response I get after sending a request is:
    Authority check failed
    I get this response in the Web Service Navigator as well as when consuming the web service via standalone proxy classes.
    The following is strange, too: It is not possible to change  authentication in the generated logical port. It is set to "none". I changed it via the XML file where I added the properties "AuthenticationMethod" (value "BasicAuth") and "AuthenticationMechanism" (value "HTTP"). But I got the above response anyway.
    Thanks for your help!
    Regards

    I used basic authentication for my web service.
    I was able to obtain a hardcopy of the logfiles in the meantime. The invocation of the web service is stored there with the following error messages:
    <i>SOAP Runtime: Exception message: Schwerer Prozessierungsfehler macht eine SOAP-Fault-Behandlung erforderlich
    SOAP Runtime: SOAP Fault exception occurred in program CL_SOAP_RUNTIME_SERVER========CP in include CL_SOAP_RU NTIME_SERVER... [the picture is cut here]</i>
    In addition to that I found a thread in SDN that dealt with exactly the same problem:
    Web Service Homepage: Authority check failed
    But I have the same problem like Kimberly Carmack (the last post on the second page). We do not have that role in our system.

  • File to Web service (SOAP) to File scenario with out BPM in PI 7.1

    Hi All,
    I have scenario File to Web service (SOAP) to File scenario with out BPM.i am getting the below error:
    1) Error MP: unexpected exception caught com.sap.aii.af.service.cpa.impl.exception.CPAObjectKeyException: Value of key must not be null: ObjectId
    2) Error ROB: error during processing: com.sap.aii.af.lib.mp.processor.ModuleProcessorException: Processing Error
    PI server is 7.1 with SP:8
    I have configured the scenario like this
    1) 2 File channels - Sender & Receiver ,1 RFC channel - Receiver. We need to note that, the additional Module parameters need to be added only for sender File channel
    2) Created Sender Agreement
    3)Created Receiver Determination
    4)Created Interface Determination
    5)Created Receiver Agreement
    Regards,
    Ramesh

    Hi,
    Thanks for your reply!!
    My Scenario is File to SOAP to File.
    Configred modules  in Sender channal below:
    Prcessing sequence:
    Number       Module Name                                        Module Key
    1..........       AF_Modules/RequestResponseBean.......1
    2..........       CallSapAdapter..........................................2
    3..........       AF_Modules/ResponseOnewayBean.......3
    Module Configuration:
    Module Key                                       Parameter Name                                       ParameterValue
    1                                                        passThrough                                            true
    3                                                        receiverChannel                                       receiverChannel name
    3                                                        receiverService                                        receiverService name
    please tell any more confiration requered.
    Regards,
    Ramesh

  • How to install and consume GroupWise Web Service (SOAP)

    Hello! I'm Razvan, programmer from Romnia, and I am new to GroupWise development.
    I am asking if anyone could help me with a C# Visual Studio 2010 example of how to install and consume GroupWise Web Service (SOAP).
    The documentation from novell site didn't help me, i didn't understant much of it.
    All I need is either a link to a documented GroupWise C# developer step-by-step tutorial, or some code examples.
    Can you please show me some code examples in C# with:
    1)loging in using a username and a password,
    2)retrieving contact list,
    3)retrieving appointment list,
    4)sending a mail,
    5)setting an appointment
    I don't know how to use "groupwise.wsdl" and customise it so that it points to our GroupWise server.
    Please, I really need this because I am working at a project right now which involves GroupWise integration.
    I hope I haven't disturbed anyone with my simple question.
    I know this might be a very simple question given the complexity of the other posts here, but that's why I really hope I will get an answer soon.
    Thank you very much!
    Signature:
    How old is the Orthodox faith?
    How old is the orthodox faith?

    Just a comment.
    The value for the version element should be "1.02"
    not "1.2".
    Preston
    >>> On Tuesday, March 01, 2011 at 8:06 AM,
    TheRomanian<[email protected]> wrote:
    > I have great news! After strong documentation yesterday and today, I've
    > just made a successfull example that actually connects to our GroupWise
    > server.
    >
    > I made it in PHP.
    >
    > I need an ASP.NET + C# application, but now is very simple to convert
    > it. I post the PHP code here for other people who in future might be
    > interested in finding out.
    >
    > So a simple PHP GroupWise Login code using "groupwise.wsdl" web
    > service:
    >
    >
    > require_once('./GWService/GroupwiseService.php');
    > require_once('FB.class.php');
    >
    > $classmap = array(
    > 'Authenication' => 'Authenication',
    > 'PlainText' => 'PlainText',
    > 'loginRequest' => 'loginRequest',
    > 'loginResponse' => 'loginResponse',
    > 'logoutRequest' => 'logoutRequest',
    > 'logoutResponse' => 'logoutResponse',
    > 'UserInfo' => 'UserInfo',
    > );
    >
    > $gwservice = new GroupwiseService(
    > "./WSDL/groupwise.wsdl",
    > array(
    > "location" => "http://11.150.40.78:8756/soap",
    > *Your GroupWise server IP:
    > and PORT*
    > "classmap" => $classmap,
    > "trace" => true)
    > );
    >
    > // do login
    > $pt = new PlainText();
    > $pt‑>username = *"YOUR GROUPWISE USERNAME"*;
    > $pt‑>password = *"YOUR GROUPWISE PASSWORD"*;
    >
    > $lr = new loginRequest();
    > $lr‑>auth = $pt;
    > $lr‑>language = "en";
    > $lr‑>version = "1.2";
    > $lr‑>application = "phpClient";
    >
    > $lres = $gwservice‑>loginRequest($lr);
    > //print_r($lres);
    >
    >
    > I Hope this will help others.
    >
    > ‑‑
    > Signature:
    >
    > How old is the Orthodox Faith?
    > 'How old is the orthodox faith?'
    > (http://www.orthodoxphotos.com/history.shtml)

  • Calling web service with basic authentication from EP "unauthorized"

    Hello,
    I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
    <b>com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
    Problem in server response: [Unauthorized].</b>
    I'm using the following code for calling the .NET web service:
    <b>...</b><i>Licence_GetList lParameter = new Licence_GetList();
    lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
    ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
    ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
    Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);</i><b>...</b>
    I've also configured a http system in the portal system landscape using the following parameters:
    <i>Authentication Method : Basic Authentication
    Authentication Type : Server
    User Mapping Type : admin,user</i>
    The user mapping is also personalized for this system!
    What's wrong? Please help! This is really urgent!
    Kind Regards
    Joerg Loechner

    Hello Renjith,
    here is a small cutout of my "portapp.xml";
    <services>
      <service alias="LicenceManager" name="LicenceManager">
        <service-config>
          <property name="className" value="de.camelotidpro.
                 pct.xi.scm.webservice.LicenceManager"/>
          <property name="startup" value="false"/>
          <property name="WebEnable" value="false"/>
          <property name="WebProxy" value="true"/>
          <property name="SecurityZone" value="de.camelotidpro.
                 pct.xi.scm.webservice.LicenceManager/
                   DefaultSecurity"/>
        </service-config>
        <service-profile>
          <property name="SystemAlias" value="LicMan_NET"/
        </service-profile>
      </service>
    </services>
    I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
    Regards
    Joerg Loechner

  • Problem when consuming web service on WIndows authentication applcation

    Hi,
    I am having a tough time in consuming web services on a
    Windows authentication IIS server.
    In one of my application I have created web services and
    consuming those web services from my another application.
    If I turned off the Windows authentication everything works
    fine, but If I turned on the Windows authentication web services
    stop working.
    Has anyone encountered such error while working with web
    services on Windows authentication server.
    Attach Code
    Could not perform web service invocation "funGetCustomer".
    Here is the fault returned when invoking the web service
    operation:
    AxisFault
    faultCode: {
    http://xml.apache.org/axis/}HTTP
    faultSubcode:
    faultString: (401)Unauthorized
    faultActor:
    faultNode:
    faultDetail:
    {}:return code: 401
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "
    http://www.w3.org/TR/html4/strict.dtd">
    <HTML><HEAD><TITLE>You are not authorized
    to view this page</TITLE>
    <META HTTP-EQUIV="Content-Type" Content="text/html;
    charset=Windows-1252">
    <STYLE type="text/css">
    BODY { font: 8pt/12pt verdana }
    H1 { font: 13pt/15pt verdana }
    H2 { font: 8pt/12pt verdana }
    A:link { color: red }
    A:visited { color: maroon }
    </STYLE>
    </HEAD><BODY><TABLE width=500 border=0
    cellspacing=10><TR><TD>
    <h1>You are not authorized to view this page</h1>
    You do not have permission to view this directory or page
    using the credentials that you supplied because your Web browser is
    sending a WWW-Authenticate header fi...

    You could try switching the HTTP transport provided in the
    Apache Axis embedded in ColdFusion to "CommonsHTTPSender".
    See this blog post:
    http://tjordahl.blogspot.com/2007/03/apache-axis-and-commons-httpclient.html

  • Web Service (SOAP) From Oracle Forms

    From the exaples of calling web services (soap) from pl/sql, it seems very poor and troublesome. I've seen a few articles with good points about why not to do this from pl/sql. So, I was hoping someone in the forums could share their opinions and approaches to using web services from forms based applications. I would ideally like to hear reasons people chose not to use pl/sql.

    There are some examples of calling web services from forms on the Forms OTN page - works fine although I would encourage the use of the new JVM pooling features as this will aid scalability and performance.
    Regards
    Grant Ronald
    Forms Product Management

  • Want to find out how much data a Web Service is sending to client (JWSDP)

    Well, the subject line didn't fit what I was intended to say, so if you don't get what I am saying in the subject line, I am sorry.
    My question is... I have a Web Service client that uses stub classes generated by wscompile in JWSDP. I am wondering, it there a way to find out how much data the Web Service is sending back to my client.
    The reason I asked is this, I used WebLogic 7.0 workshop to create a Web Service and also used JWSDP to create the same Web Service which deploys to Tomcat. The generated WSDL files from WebLogic workshop and JWSDP that expose the same functionalities have differences. The WSDL from WebLogic workshop is 1.5 times the size of the WSDL from JWSDP. When I tested both with client programs, calling the Web Service in Tomcat (which uses JWSDP to built) is much quicker than calling the Web Service in WebLogic.
    For this reason, I would liked find out if the Web Service from WebLogic is sending more data than the one created with JWSDP.
    Thanks.

    I've used the TcpTunnelGui utility to see the HTTP flowing up and down the wire, that might help you.

  • UCM 11g web services with HTTP authentication

    Is it possible to setup UCM 11g web services with HTTP authentication?
    I did setup UCM 11g web services using OWSM policies and are working well.
    But my development team wants to consume web services with only HTTP authentication (simple user name and password), do not want to use Keystore files and encryption.
    Please help me guys.
    Thank you in advance

    Hi ,
    If you are looking to use the WSDL to execute ucm services then use SoapUI IDE on development , there it requires only the http authentication method .
    Let me know if this is the actual requirement which you were looking for or if I have missed the point .
    I use this to quickly test WSDL and verify if the service being invoked is actually correct or not .
    Thanks,
    Srinath
    Edited by: Srinath Menon on Apr 26, 2013 11:32 AM

  • Sender SOAP Adapter Authentication issue

    All,
    We have a SOAP-XI-RFC scenario. We exported the wsdl from the Integration Directory. When we try to call the web service using webservice studio client. We get the following error. We are using a user that has (SAP_XI_ADMINISTRATOR role on it).
    ResponseCode: 401 (Unauthorized)
    Connection:close
    Pragma:no-cache
    Content-Length:1790
    Cache-Control:no-cache
    Content-Type:text/html
    Date:Fri, 30 Nov 2007 20:01:23 GMT
    Expires:0
    Server:SAP J2EE Engine/7.00
    WWW-Authenticate:Basic realm="XISOAPApps"
    Any thoughts?
    Thanks.

    hi thezone  ,
    <i>ResponseCode: 401 (Unauthorized)</i>
    as per this specific error try checking that
    1.check the wsdl url format
    http://<server>:<port>/XISOAPADAPTER/MESSAGESERVLET?channel=:<Service>:<Channel>
    2. test the wsdl by putting the url in internet explorer and see if you are getting a dialog box for user name and password, also in this step you will confirm the working status of message servlets of web service.
    3. by step 2 IE will send a message to XI, now you check your adapter
    4. test ur xml instance in your soap tester, go to its properties and make sure that  you had given correct user name and password over there on specified fields.
    regarding your soap communication channel it will be activated after receiving first message. you can detect any problem in connection only after receiving first message.
    Regards,
    Mandeep Virk
    reward points if helpful

  • Web service SOAP response issue

    Hi,*
    We are upgrading system from ECC 5.0 to ECC 6.0. All of our webservices were created in new system with SOAManager configuration.
    When the consumer systsem is trying to consume one of the webservice the XML response is different when compared with the one tested from ECC 5.0.
    ECC 6.0 is returning different XML for the same web service. The consuming system "Cold Fusion' is expecting the SOAP XML in different place.
    When we tested the same webservice in WS navigator it did gave the response. Also the issue is with this webservice only.
    We have re created the webservice again and tested from cold fusion and the same response.
    The issue is with only this webservice.
    Regards,
    Prashanth.

    Christoph,
    Firstly LiveCycle Designer 8.2 is still not supported to develop forms as per my knowledge. The latest version compatible for SAP Interactive Forms is ALD 8.0.
    There is a difference between Acrobat based forms and LiveCycle forms and based on your coding it looks to me  that you are trying to create a LiveCycle based form with coding of Acrobat which is not supported in LiveCycle Desginer, which is why you may be getting the error.
    I hope that does not confuse you, so may check this [link|http://www.acrobatusers.com/articles/2006/08/designer_or_forms/index.php] for some clear information on what point I was trying to make.
    Chintan

  • Issue using Flash IDE with Mac OS and Windows Web Service using NTLM authentication?

    I have an existing application that I developed on a Windows machine using CS5.  It uses a local intranet web service written in .NET using NTLM authentication.  The web service does multiple things such as read data from an SQL database, provide the user's username, and test for write/read access to a local company fileshare.  When my company upgraded, I went to a Mac with Flash CC which is great.  However, Mac's don't handle HTTP Authorization Challenge Blocks like Windows machines.  In Safari, Chrome, etc. it will pop up a little username and password box and proceed on without issue.  The issue is in Flash development.  When running the exact same application in Flash testing all script access fails with HTTP Status 401 errors.  I have searched the AS3 documentation, but the only thing built in to handle http challenge requests is in AIR not Flash.  The server admin's and I have tried all method's of cross domain policy files and access changes with no luck at all.  Does anyone have a solution to this issue?

    Did you check Apple Support Boot Camp article?
    iMac displays a black screen during installation of Windows 7
    http://www.apple.com/support/bootcamp/
    Installation Guide
    Instructions for all features and settings.
    Boot Camp FAQGet answers to commonly asked Boot Camp questions.
    Windows 7 FAQAnswers to commonly asked Windows 7 questions.

Maybe you are looking for