Web Services with https Security without PI

Similar Messages

• UCM 11g web services with HTTP authentication

  Is it possible to setup UCM 11g web services with HTTP authentication?
  I did setup UCM 11g web services using OWSM policies and are working well.
  But my development team wants to consume web services with only HTTP authentication (simple user name and password), do not want to use Keystore files and encryption.
  Please help me guys.
  Thank you in advance

  Hi ,
  If you are looking to use the WSDL to execute ucm services then use SoapUI IDE on development , there it requires only the http authentication method .
  Let me know if this is the actual requirement which you were looking for or if I have missed the point .
  I use this to quickly test WSDL and verify if the service being invoked is actually correct or not .
  Thanks,
  Srinath
  Edited by: Srinath Menon on Apr 26, 2013 11:32 AM

• SSL Certificate necessary for web Service with HTTPS encoding?

  Hi experts,
  I wanna create a Web Service with HTTPS. Now when I create an endpoint in Transaction SOAMANAGER, I use "Transport Guarantee Type" HTTPS. I'm a little bit confused, becuase at "Authentication Method I have different options which I don't understand.
  At Authentication Method, there are some check boxes.
  Whats the difference between HTTP Authentication and Message Authentication?
  (Why) can I use User ID/Password as Authentication Method with HTTPS? I think I need X.509 SSL Client Certificate.
  What is a Logon Ticket?
  Is there a good Documentation in the web, who explains the meaning of the different options and when to use which option?
  Thanks and regards,
  Sebastian

  Hi,
  >>>WSDL in Integration Directoryb but that WSDL containt a like staring with the HTTP instead of HTTPS! My question is how to generate a wsdl file with an HTTPS url tot he web service,
  you don't use the URL from ID - you need to create one yourself and put it there in the generator
  Regards,
  Michal Krawczyk

• Invoking web service with HTTP authentication using OdiInvokeWebService

  I did all configurations in OdiInvokeWebService Advanced Editor. When I press "Invoke web service" there are no errors. But when I try to execute this step there is an error:
  java.lang.IllegalArgumentException: Bad password format. Make sure that it's an encrypted password.
  Text of the command:
  OdiInvokeWebService "-URL=http://sapk02:8080/sap/bc/srt/rfc/sap/ZODI_FILE_SER?sap-client=800&wsdl=1.1" "-PORT_TYPE=ZODI_FILE_SER" "-OPERATION=ZODI_FILE" "-HTTP_USER=user" "-HTTP_PASS=_321321_"
  *<?xml version = '1.0' encoding = 'UTF8'?>*
  *<ZODI_FILERequest>*
  *<ZODI_FILE>*
  *<FILE>/tmp/temp1.txt</FILE>*
  *</ZODI_FILE>*
  *</ZODI_FILERequest>*
  When I fill HTTP password edit manually and try to execute there is another error:
  *com.sunopsis.wsinvocation.SnpsWSInvocationException: AxisFault*
  *faultCode: {http://xml.apache.org/axis/}HTTP*
  *faultSubcode:*
  *faultString: (401)Unauthorized*
  Text of the command:
  *OdiInvokeWebService "-URL=http://sapk02:8080/sap/bc/srt/rfc/sap/ZODI_FILE_SER?sap-client=800&wsdl=1.1" "-PORT_TYPE=ZODI_FILE_SER" "-OPERATION=ZODI_FILE" "-HTTP_USER=user" "-HTTP_PASS=*aIyHMmFSmTzVm1V08nTf"
  *<?xml version = '1.0' encoding = 'UTF8'?>*
  *<ZODI_FILERequest>*
  *<ZODI_FILE>*
  *<FILE>/tmp/temp1.txt</FILE>*
  *</ZODI_FILE>*
  *</ZODI_FILERequest>*
  ODI Version 11.1.1.3.0

  I've gotten past the original error by importing the security certificate of the Web service into my keystore/truststore. I'm also running the process on SOA 10.1.3.1.0. Now when I invoke the Web service from the BPEL process I get this error:
  exception on JaxRpc invoke: HTTP transport error:
  javax.xml.soap.SOAPException: java.security.PrivilegedActionException:
  javax.xml.soap.SOAPException: Bad response: 403 Forbidden
  I've tried passing the credentials every way I can -- partner link properties, Oracle Web Services Manager, whatever -- and still get the same error. I would expect to see a 401 error for problems with credentials, not a 403.
  Any suggestions?
  Thanks for your time.
  Paul Camann

• Get a URL for web service with HTTPS

  Hi,
  After deploying all required configuration for secure WS, I'm trying to generate a wsdl to give to the third party. I m using the Despay WSDL in Integration Directoryb but that WSDL containt a like staring with the HTTP instead of HTTPS! My question is how to generate a wsdl file with an HTTPS url tot he web service,
  Thanks in advance,
  Fred.

  Hi,
  >>>WSDL in Integration Directoryb but that WSDL containt a like staring with the HTTP instead of HTTPS! My question is how to generate a wsdl file with an HTTPS url tot he web service,
  you don't use the URL from ID - you need to create one yourself and put it there in the generator
  Regards,
  Michal Krawczyk

• Web Services with HTTP Basic Auth

  Hi,
  I am having a problem connecting to web services which
  require HTTP Basic Authentication from a Flex application. I have
  useProxy set to true and call setRemoteCredentials prior to
  attempting the call, but the credentials do not appear to be set on
  the request (the request fails with fault.faultString = "HTTP
  request error", faultCode = "Server.Error.Request". The messages on
  the server indicate that the user name and password were not
  specified.
  I do have the proxy-config.xml file set up properly (I think
  -- I followed the example in the mx.rpc.soap.mxml.WebService class
  description, at least).
  I can verify that the WSDL (which doesn't require BASIC auth
  to access) is being loaded properly, but when I make the request,
  it fails. Is this a known problem?
  I am using Flex Builder 2.0.1 to build my SWF files.
  Thanks,
  Brendan

  Thanks for the pointer, I did try it, but it didn't help.
  As I said in the original post, the problem is with HTTP
  Basic Authentication, so adding a header for WSSE to the service
  request didn't help. It needs to be an HTTP Authorization header,
  not a SOAP Security header.
  Brnedan

• SJSAS 8.2 secure and unsecure methods in one web service with ws-security

  Hi
  I'm trying to deploy a web-service (using SJSAS 8.2) using JAXRPC using message security (at the application level).
  I have one simple question:
  I have an EJB that exposes 2 methods as web-services, I specified in the sun-ejb-jar.xml that one of those methods is secure (and said nothing about the other) however when i run my test client I get a "WSS0202: No wsse:Security element in the message" error for both calls (instead of only for the secure call).
  Is this normal? Isn't it possible to have a normal (with no security headers) call to one method and another (with security headers and secure envelope) to another in the same webservice (from the same EJB)?.

  I wasn't clear?
  This is a big dev problem for a major Sun client.
  No one knows or wants to answer?

• Need JDeveloper Web Service with HTTP POST method

  Hello all,
  I am creating a Web Service from a java class using JDeveloper. The wsdl created uses a SOAP binding. When I test the web service, either through JDeveloper or by deploying to OAS, the HTTP request created uses the HTTP GET protocol. I am assuming that this would be the same for anybody doing this.
  I need to know how to change it to be an HTTP POST protocol instead.
  The reason that I need to try and use the POST method is that the xml needed by the service holds a lot of data and the http server is giving me a "URI too long" error. I have read and been told that using POST instead of GET would help this, but I can't figure out what to change to make this happen. I am not sure if I have to make a change in the generated wsdl or somewhere else. Or if it just won't work that way.
  Any help you can provide would be appreciated.
  Thanks,
  rob

  Hi Ayush,
  Please refer -
  http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
  Regards,
  Anuj

• Calling Web Service with Http Basic authentication in SOA 11g

  I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
  Am i missing some steps?
  Please let me know.
  Note - I am working on SOA 11.1.1.4.
  Regards
  Ayush

  Hi Ayush,
  Please refer -
  http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
  Regards,
  Anuj

• Secure the JAX-RPC United Loan Web Service with WS-Security source file not

  A download link 'http://www.oracle.com/technology/obe/obe1013jdev/secureunitedloan/SecureUnitedLoanSource.zip' referenced by 'http://www.oracle.com/technology/obe/obe1013jdev/secureunitedloan/SecureUnitedLoan.html' cannot be found.

  After some research I found that:
  1. on geronimo 2.1 you can only use basic authentication for webservices
  2. advanced security requires the use of axis2

• Connect to Secure web service with certificate from SAP EP

  Hi Experts,
  Here is the current situation:
  1. Our business requirement is to connect 3rd party RESTful web service which requires secure connection with private client certificate attached
  2. I've tested in my Java test application and successfully attached private certificate to HttpsURLConection request to the web service and made a connection. No problem at all.
  KeyStore keyStore  = KeyStore.getInstance("PKCS12");
  InputStream inputStream = new FileInputStream("privateKeyCert.p12");
  keyStore.load(inputStream, "myPassword".toCharArray());
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  keyManagerFactory.init(keyStore, "myPassword".toCharArray());
  KeyManager[] kms = keyManagerFactory.getKeyManagers();
  SSLContext sslContext = SSLContext.getInstance("SSL");
  sslContext.init(kms, null, new SecureRandom());
  SSLSocketFactory sockFact = sslContext.getSocketFactory();
  URL url = new URL("https://www.thirdpartywebservice.com/testroot/");
  HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
  conn.setSSLSocketFactory(sockFact);
  conn.setRequestMethod("POST");
  conn.setDoOutput(true);
  conn.setDoInput(true);
  conn.setUseCaches(false);
  conn.setDefaultUseCaches (false);
  conn.setRequestProperty("Content-Type", "text/xml");
  3. Next, I tried to apply my Java application to SAP EP NetWeaver, and found that I have to use SecureConnectionFactory:
  https://help.sap.com/saphelp_nw70ehp1/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm
  4. So, I modified my Java code for SAP EP:
  KeyStore keyStore  = KeyStore.getInstance("PKCS12");
  InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("privateKeyCert.p12");
  keyStore.load(inputStream, "myPassword".toCharArray());
  SecureConnectionFactory scFactory = new SecureConnectionFactory(keyStore);
  HttpURLConnection conn = scFactory.createURLConnection("https://www.thirdpartywebservice.com/testroot/");
  conn.setRequestMethod("POST");
  conn.setDoOutput(true);
  conn.setDoInput(true);
  conn.setUseCaches(false);
  conn.setDefaultUseCaches (false);
  conn.setRequestProperty("Content-Type", "text/xml");
  And I'm facing the following error message:
  Exception: java.security.UnrecoverableKeyException: ja
  va.security.GeneralSecurityException: Unable to decrypt private key: javax.crypto.BadPaddingException: Invalid PKCS#5 padding length: 253
  Could you please help me what this error message means?
  Do you think do I need to to do some other configuration to make connection to web service with client certificate?
  This is our first approach. Please help...
  Thank you in advance.

  SunJSSE implement SSL server CertificateRequest in a strict mode, if client failed to find a proper certificate corresponding the server request, it does not guess what's the proper certificate and send to the server. In your case, because there is no intermediate certificate in the client context, so there is no way to make the decision which certificate would be acceptable by server, so client does not send any cert to server. That's why you got a handshaking error.
  I guess your client key store does not contains a full certificate path from the client end-entity certificate to the root CA. Please import the full certificate path into the key store.
  BTW, these approaches should work, but I found no reason why one does not adopt #1:
  1. import the full certification path of client certificate into client key store.
  2. as a workaround, configure the server to send a list including the intermediate certificates;
  3. as a workaround, you will have to customize the client KeyManager if you don't want to or are not able to configure the server to send a list including the intermediate certificates.

• Importing external web service with SSL certificate security

  Hello,
  I'm trying to import an external web service (that resides in another server, independent of ours). However, right after I enter the WSDL in the import window I get the following error in the NWDS:
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      [Error: com.sap.ide.es.core.ui.internal.wizards.fragments  Thread[ModalContext,6,main]]
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
            at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
            at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
            at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
            at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
            at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
            at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.getURLAsStream(UrlValidationRunnable.java:137)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.validate(UrlValidationRunnable.java:75)
            at com.sap.ide.es.core.ui.internal.wizards.fragments.UrlValidationRunnable.run(UrlValidationRunnable.java:55)
            at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
            at sun.security.validator.Validator.validate(Validator.java:218)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
            at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
            at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
            ... 15 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
            ... 21 more
  Has anyone ever consumed an external web service with SSL certificate security? How do you import this in your Web Dynpro project?
  Cheers!

  Hi Alain,
  I just checked on a newer NW environment (NW 7.2) and was presented an empty list as well... It seems the mapping procedure I described is deprecated since NW 7.11, and the modeled CAF application service is already exposed as a web service.
  You may want to have a look at http://help.sap.com/saphelp_nwce711/helpdata/en/43/f173947bbb025be10000000a1553f7/content.htm or http://scn.sap.com/message/7852996 for more info

• Secured Sybase Web Service with outside certificate authority

  Hello,
  I would like to use Secured Sybase Web Service with outside certificate authority, like Symantec. Could you let me know how I can create CSR for sending to Symantec? What other steps do I need to do?
  Thanks,
  Sudarat.

  Hello Jason,
  Thanks for your reply. The certificate authority require the CSR file before issue a signed certificate. If this is a signed certificate for IIS web server, I can create CSR from IIS. But I cannot use a signed certificate created from CSR of IIS with Sybase Web Service. The below steps are what I have tried.
  1. I use CreateCert.exe with /r parameter to create CSR and private key.
  2. I sent CSR to a certificate authority and they send back a signed certificate.
  3. I have to combine a signed certificate from #2 with private key created from #1. Then use that file to specify with -xs{https …when starting the service.
  Are the above steps what I have to do?  If so, do I need to redistribute createcert.exe to my customers who want to use my application and how? Why I cannot use the signed certificate created from CSR of IIS?
  Thanks,
  Sudarat.

• Web Service with attachments (SOAP with attachments) without PI

  Hi,
  Is it possible to send across file(say PDF) using ABAP web services. I know it can be done with Java using SOAP with attachments. Is something similar available for ABAP ? since if we transfer raw binary data as type string / xstring it may have a performance impact.
  I could not see any option for attachments when using web service wizard from SE37 / soamanager
  Note I am not using PI, this Web service would be consumed by a 3rd party tool. There is very little material available on transferring files using web service with SOAP attachments.
  Regards,
  Aditya

  Hi thanks for your input, but did you have to encode your binary data stream in say Base64 / utf-8 ? Also if you are transferring files in bulk(say 10 -100 files)  how does your web  service indicate end of one file or what is the best way so as to avoid performance problems.
  Regards,
  Aditya

• Issue with OSI PI WCF Web Service with wshttpbinding

  Hi Experts,
  System Details:
  SAP MII 14 SP4
  OSI PI Web Service: PITimeSeries
  I am having issue when trying to call OSI PI web service using http post. it is returning status 0 when i am using exception handler in BLS.
  Same web service works fine with basichttpbinding (SOAP 1.1)  but with wshttpbinding (SOAP 1.2) it is giving error.
  Following are Web config binding details for web service.
        <wsHttpBinding>
          <binding name="wsBinding_2011" sendTimeout="00:01:00" receiveTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
            <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
            <security mode="Message">
              <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" />
            </security>
          </binding>
        </wsHttpBinding>
  I am not sure it could be the issue with passing windows credentials.
  Did anybody consumed WCF web service with wshttpbinding with security mode as Message and clientCredentialType as Windows.
  Also i was trying to pass MYSAPSSO2 SSO token to service in http post but first i am not sure if this is correct windows token and second which header property of service should be mapped and i am not sure that I am going into correct direction or not.
  Please let me know what i am missing.
  I have tried following other options and tools:
  SOAP UI: basichttpbinding works fine for wshttpbinding receiving Internal Server error in log and Response as
                    The security context token is expired or is not valid.
  MII Web Service Action Block: basichttpbinding works fine for wshttpbinding not able to configure url through wizard because as per                                                                              my discussion with other MII experts MII does not support SOAP1.2. that is one reason for using http post.
  WCF Storm: both bindings works fine (There is option to select windows authentication and Impersonation level as delegation)
  WCF Test Client: Both bindings works fine
  Any help is appreciated.
  Thanks & Regards,
  Manoj Bilthare

  Hi Sam,
  The web service is valid following are details of testing on various tools.
  SOAP UI: basichttpbinding works fine for wshttpbinding receiving Internal Server error in log and Response as The security context token is expired or is not valid.
  MII Web Service Action Block: basichttpbinding works fine for wshttpbinding not able to configure url through wizard because as per my discussion with other MII experts MII does not support SOAP1.2. that is one reason for using http post.
  WCF Storm: both bindings works fine (There is option to select windows authentication and Impersonation level as delegation)
  WCF Test Client: Both bindings works fine
  Please let me know if additional details required.
  Thanks & Regards,
  Manoj Bilthare