Web services Authorization in CE 7.1 EHP 1

Similar Messages

• Web service authorization problem

  Hi everyone,
  I am trying to call a web service that is located in SAP/R3 using XI.
  I do success calling this WS using C#.
  Now I want to use WebDynpro and having some dificulties.
  When I execute the application,I get the following error :
  Service call exception; nested exception is: java.net.ConnectException: Connection refused: connect
  Can someone help with that issue ?
  Thanks in advance.

  Hi David,
  Please check this thread...
  java.net.ConnectException: Connection refused: connect - Web Service
  Hope it helps!
  cheers,
  Prashanth
  P.S Please mark helpful answers

• AC 5.3 - Web Services as part of Function Groups for inclusion in RAR

  I need to be able to add webservices into my function groups to create risks  for AC 5.3 SP9.
  Is there any guide available on how to create rulesets that contain webservices and how to load the equivalent of the USOBT/SU24 and TSTC information for web services?
  Any help would be greatly appreciated.
  Regards
  Simon

  Simon,
  Can you please provide clarification on type of web services you are referring to? Are those hosted on SAP system or Non SAP system? How user access is restricted to web service?
  I believe you will have to load the web service authorization data as if it is for a Non-RTA system (using RAR data Extraction functionality).  As RAR SOD rule logic is based on Risk -- Function --Action --- Permission concept, you will have to represent webservices as dummy actions, add dummy permission if there are any further authorization restrictions on web services. Define and load dummy text and permissions ( to replicate USOBT/SU24 and TSTC information)
  Define functions and risks based on dummy actions/permissions, generate rules. Refer latest AC configuration guide for Non-RTA system's data mapping templates which you will need to upload the authorization data
  Hope I understood your question correctly, let me know if u meant something else.
  Regards,
  Amol

• Adobe Interactive Form / Web Service - Connection question

  Hi
  We have CRM 2007 and want to use Adobe Interactive forms for our sales managers to upload customer information when they're out in the field. Before they leave all information about the customer will be downloaded to an Adobe Interactive Form. The client sees the customer and then enters the information required to e.g. create a sales order. He has an Internet connection but is not neccessarily logged into CRM 2007. He is a registered user in CRM 2007.
  My question is: if we create the web services to send and receive data to the CRM 2007 system, does the sales manager have to be online and signed into the CRM system to upload the Adobe Interactive Forms back to the server, or does the web service handle this?
  Kind regards
  Declan

  Hello Declan,
  You can send the information captured in an SAP Interactive Form by Adobe to your CRM system in two ways based on the way in which your form is designed -
  1] By making a direct web service call : A typical use case is that the user fills out all the necessary fields in the form and simply clicks a submit button; on clicking, the particular web service is called and the input data is transferred to SAP CRM. It should be noted that the web service authorizations should be in place to enable this kind of usage.
  2] By utilizing SAP CRM via Email scenario : A typical use case here would be that the user fills out all the necessary fields in the form and simply clicks a submit via email button; on clicking, an email is composed with all the form input infomration added as an attachment. The user can then send this email to the SAP CRM system. It should be noted that SAP CRM via Email application should be setup on the SAP CRM system and the particular SAP CRM via Email service & web service should have proper authorizations.
  An interesting point to note here is that while scenario 1] would require the user to have just internet access for this to work, scenario 2] could work in a fashion such that if the user isn't having internet access, he/she could still fill out the forms thereby creating emails which would then reside in the outbox of the user's email client. Once the user is having internet acces, the email client would send these emails automatically, thereby achieving a different flavour of "offline functionality".
  Hope this info helps!
  Best regards,
  Sandeep.

• SSRS web services 401 if you pass "Authorization" http header

  We use both SSRS 2008 R2 and 2012. When i access a report using url access (direct ssrs server hit) and add a "Authorization: Bearer xyzelkalklsjsdfalsjdf" http header, i get a 401 from somewhere in the request pipeline. I have a custom httpmodule
  registered at the top of the chain which does some OAuth related security checks. But when this header is included, the request never reaches the httpmodule. If i change the header slightly ex: "YAuthorization: ljlxzcvc..", then the request reaches
  the httpmodule and everything works. So obviously SSRS is looking for a particular header named "Authorization" and does something with it. Point to note: we have implemented a custom forms authentication module and we are doing some rich authorization
  using the extensible ssrs api. 
  Now my questions are:
  1. What is happening here? Who is acting on my request before my HttpModule registered on top in ssrs\reporting service\web.config gets it?
  2. How do i ensure my httpmodule executes before whatever component is terminating my request with a 401

  Sorry if this sounds like I am new to this but I am.
  So, the extended version is the format that would be used if you were not utilizing the files that the wsdl2java function creates?
  And this is done to when you want more flexibiility for the user to call your service?
  So, you would push to have the stub files used when you want to control how the web service is used?
  thanks for the feedback.

• Error in Web Service when accesing in portal SRT: Authorization denied

  Hello Experts,
  I have created web service in development and creates endpoint in SOAMANAGER than through portal i am able to access the webservice than i transported that web service to quality and again created endpoint in SOAMANAGER but when i access through link created through wsdl through portal there i am getting error SRT: Authorization denied . also i have given sap_all authorization to the user. Can anybody help me to find solution.
  Thanks & Regards,
  Taran

  Please help me on this

• How can I authenticate and authorize with Web Service on ESB ?

  Hello,
  I want to authenticate and authorize client with Web Service published
  by HTTP/SOAP BC.
  Simply if it is an Web Service as J2EE application, I will use
  Basic Authentication with JAX-RPC and Realm.
  But I think that Web Service published by HTTP/SOAP BC is not belong
  to J2EE Application. Threre is no place to describe security role mapping
  (like web.xml).
  JBI 1.0 the section "5.5.1.1.3 Normalized Message Properties" comments
  JAAS Subject is given in the NM Properties. Really in this package
  com.sun.jbi.internal.security.*
  implements JAAS autentication and authorization (at JaasAuthenticator).
  But I can't see how to configure my Service to use this.
  How can I authenticate and authorize with Web Service on ESB ?
  I referred to the resources.
  Mutual Authentication for Web Services: A Live Example
  http://developers.sun.com/prodtech/appserver/reference/techart/mutual_auth.html
  XML and Web Services Security
  http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security7.html
  JAAS Authentication Tutorial
  http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
  Thanks,
  Takurou
  - environment ---------------------------------------------
  OpenESB : Project Open ESB Starter Kit
  AppServer : Sun Java Systems Application Server 9.0 PE
  OS : Windows XP
  I don't assume to use SSL (if It's necessary I will try).
  User information is stored in a LDAP Server.
  -----------------------------------------------------------

  Hello,
  I read this resource.
  SecurityDesign
  http://www.glassfishwiki.org/jbiwiki/Wiki.jsp?page=SecurityDesign
  Then I think [non-ssl and ssl/tls and so on] securing by basic authentication is ongoing feature at this time.
  But I can't see well why this page comments 'HTTP over SSL, TLS'.
  HTTP/SOAP Binding Component Overview
  http://download.java.net/general/open-esb/docs/jbi-components/httpsoap-bc.html
  Does BC support only "SSL server authentication" ?
  Doesn't BC support "SSL client authentication" by username/password ?
  Thanks,
  Takurou

• Authorization in web services

  Hi all,
  I'm trying to understand security in web services and i've been
  studiying web services security blue prints in glassfish. But all the
  samples work with authentication and message security (stock
  samples).
  My question is how to implement the authorization part in
  web services, is there some way/sample to authorizing a
  specified role to execute some web service? I'm interested
  in a declarative way.
  I haven't found any way to specify this except in EJB
  security-constraints part. Maybe web services are just the entry
  point and relays authorization and real work to underlaying
  EJBs. Is that the right thing to do?
  thanx

  Please provide me with a reply as this is an urgent situation.
  Thanks in advance,
  Geet

• Authorization and Web Services

  Hello guys,
  I've posted this question on the Identity Management forum, but since I had no answer I'm trying here (since this forum takes question about OWSM).
  I'm taking part in a mission to advise how to protect Web Services with OWSM.
  The authorization to execute a Web Service will be provisioned by the IAM Suite (OIM/OAM/OID etc)
  But before getting into the technical details I'm hoping to find a Best Practices guide for approaches on how to determine/map WHO is authorized to execute which Web Service.
  Since SOA promotes an heterogeneous environment where a Web Service can (and should) be reused by other process, and even other Web Services, I don't see clearly what drives this rules.
  For example, the authorization rules should be based on :
  a) User vs Web Services ?
  b) User Role vs Web Services ?
  c) Apps (or Business Process) vs Web Services ?
  d) All users are authorized to execute all Web Services as long as they are authenticated ?
  e) Something else?
  Thanks for an insight or any direction to papers about this subject.
  Adriano.
  Edited by: user11994311 on 1 oct. 2012 01:08

  You can find more information under this blog.
  https://blogs.oracle.com/owsm/
  I would recommand to go through what OWSM can provide then you can decide what you want.
  https://blogs.oracle.com/owsm/entry/owsm_concepts_11g
  Thanks,
  Vijay

• Authorizations for testing of ABAP Web Services

  Can somebody tell me which authorizations/roles I need to assign to a user with SAP WAS 6.40 ABAP so that he will be able to test a simple ABAP Web Service with the Java Service home page of this service?
  I tried this with the roles SAP_BC_DWB_ABAPDEVELOPER and SAP_BC_WEBSERVICE_ADMIN but this seams not to be enough and I could not find a hint on how I could find out what is going wrong.
  The user gets an error message on the top of the service home page when he submitted the service request:
  "An error has occurred. Maybe the request is not accepted by the server:
  Authority check failed"
  The service is configured with standard authentication. On the service test page the user gets a login screen which he passes successfully. The error occurs afterwards when the services test is executed.
  Many thanks!
  Best regards, Birgit

  Hi,
  1. log on to SAP system with user XXX .
  2. Do your steps to call webservice from JAVA Service home page - use the same user id for log on.
  3. As soon as you see the error message as you mentioned
  Run transaction SU53 in the target SAP system . This should tell you the authority object where the failure had happend.
  Hope this helps.
  Regards
  Raja

• How to handle exeptions and authorization management in WEB SERVICES

  Hi all,
  Please send some documents or links on handling exceptions in web services and Authorization management also.
  Useful will be rewarded.
  Regards
  Neslin.

  i suggest to consult the documentation at help.sap.com, use the search function to the left or make your question more specific.
  regards, anton

• Authorization error while consuming web service in SOAP UI

  Hi,
  I am an ABAPer and do not have much knowledge about SOAMANAGER configuration.
  I have created a Web service and configured it using SOAMANAGER. I am trying to consume same web service using SOAP UI.
  But, I am getting an error HTTP-401 unauthorized.
  For authentication, I have selected "Transport level -User ID/Password" checkbox.
  What else, I have to configure, please let me know.
  Error log:
  Login failed
  What happened?
  calling the URL  <URL>.
  The application was running in the system <System> . Here, no credentials were provided.
  What can you do?
  If you still have a user ID , contact your system administrator.
  HTTP 401 - Unauthorized
  Your SAP Internet Communication Framework Team
  Regards,
  Sneha

  Hi Sneha,
  In SOAP UI, after importing WSDL, dig it till Request1, select it and go to Request property.
  Set Below things
  1. Authentication Type = Preemptive
  2. give username
  3 give password
  and send message.
  Regards,
  Mastan
  Message was edited by: mastan vali

• Authorization error while testing Web Service in SOAP UI

  Hello All,
  when i am trying to test my web service in SOAP UI i am getting following error.
  <faultstring xml:lang="e">Authority check failed</faultstring>
        </soap-env:Fault>
  I am providing user id and password of my server also. we are using ECC 6.0 server. please let me know what needs to be checked.
             Kumar.

  Hi Kumar
  Check with this thread for Authority check failed
  Web Service Homepage: Authority check failed
  Regards
  Abhishek

• Authorization error calling a XI web service from Web Dynpro

  Hi all,
  I'm trying to communicate to XI from a Web Dynpro application but I get an Unauthorization error (401).
  I've generated a WSDL in XI and import it to web dynpro as a new Model. But when a I call the web service, the exception "Service call exception; nested exception is: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized." appears.
  I don't know how to pass the right user and password from Web Dynpro, I've tried the web service from SOAP client tools and it works fine.
  I'll apreciate any help.
  Regards,
  Diego.

  Hola mi  nombre es Luis,
  Creyendo que eres español te escribo en tal idioma.
  He visto que a ti también te devolvía un error de autentificación 401, y que lo subsanaste, pero a mi con la solución que te dieron no me vale, ya que implemento el código que te ofrecieron para arreglarlo y ahora me da un fallo de "Server Error" poniendo en usuario y password, los correspondientes a XI.
  +Request_MI_outTurnoverDetailsDisplay_MI_outTurnoverDetailsDisplay req=new Request_MI_outTurnoverDetailsDisplay_MI_outTurnoverDetailsDisplay();
  wdContext.nodeRequest_MI_outTurnoverDetailsDisplay_MI_outTurnoverDetailsDisplay().bind(req);
  req._setUser("username");
  req._setPassword("password");+
  No sé si es que ese usuario y contraseña son otros distintos.
  Si pudieras ayudarme, te lo agradecería.
  Un saludo, Luis

• Web Service SOAP Sender Authorization

  Hi all
  I have been implementing a Web Service (SOAP Sender CC) that should be consumed by an external party. I have been testing it successfully using XMLSpy with the drawback of the authentication box coming up even though I have added sap-user and sap-password to the URL as following:
  http://<host>:50000/XISOAPAdapter/MessageServlet?channel=:SOAP_Service:CC_SOAP_Sender&sap-user=<name>&sap-password=<pass>
  The user that I have created for this has the profile SAP_XI_APPL_SERV_USER assigned.The request is successfully executed when I enter <name> and <pass> in the box. My understanding of it would be that the box does not show up if the login parameters are provided with the URL. Do I have to do any additional settings so that the login information will be taken from the URL parameters automatically instead bringing up the authoritzation box?
  My CC settings are as following:
  Adapter Type: SOAP (SAP BASIS 7.00)
  Sender
  Transport Protocol: HTTP
  Message Protocol: SOAP 1.1
  Adapter Engine: Integration Server
  HTTP Security Level: HTTP
  Conversion Parameters: Keep Headers
  Quality of Service: Best Effort
  Any feedback would be appreciated.
  Thank you,
  Daniel

  Hello Daniel,
  1. You can add username and password to the SOAP URL and expose your XI Interface as a webservice. Just that the URL is different than the one you are using and you do not need a Sender SOAP adapter but the blog I have listed above.
  2. You can turn of Basic authentication on Sender SOAP adapter's but it is not recommended as it would turn off all authentication for SOAP scenarios and it can lead to security risks.
  I have seen a few forum threads describing how to turn of Basic authentication for SOAP adapters but from what I have heard from SAP, they do not recommend using this option.
  Regards
  Bhavesh