WS-Security SOAP Header does not include expected elements
Our SAP R/3 Enterprise is sending messages to XI which then forwards them to third party applications withing our corporate firewall.
One of these applications (Java) provides a Web Service to which we are attempting to direct a message from XI.
This Web Service requires WS-Security information be included in the SOAP header identifying Username, Password as described by the Oasis standards.
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-21280292">
<wsse:Username>test</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
>Zzqxojj3iKMfki45et4ZWqrAupQ=</wsse:Password>
<wsse:Nonce>b6QiDyhP3Ds9z24NMI0r6w==</wsse:Nonce>
<wsu:Created>2007-01-04T16:57:48.625Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
I have gone through a lot of documentation provided by SAP and SDN in an attempt to determine how and what to configure in order to generate the above SOAP header and although I am fairly sure SAP XI can perform this function I am at a loss on what needs to be done.
Their are plenty of documents describing how to do this for a Web Service generated by an SAP (WAS, R/3, XI, etc) but other than references to doing so for a third party application nothing that is concrete. Yet I am fairly certain that it is a simple process.
In one article of SAP Insider I found reference to this email address and am hoping that you will be able to assist.
Our XI is currently running WAS Netweaver 04 (640) patched at SAPKB64017.
Chris--
OASIS WS-Security 1.0 has been supported by the XI SOAP adapter for a long time.
However, what you're trying to do isn't possible in XI yet, because it isn't pure WS-Security.
WS-Security provides definition for the wsse:UsernameToken element, but provides little in the way of content. The standard allows for //wsse:UsernameToken/Username, and for //wsse:UsernameToken/<xsd:any> to support extensibility. WS-Security does not define the existence of wsse:Password, wsse:Nonce, wsse:Created, etc.
OASIS released a separate standard at the same time as WS-Security 1.0 to define a set of extensions for the wsse:UsernameToken element. This standard includes //wsse:UsernameToken/Password and your other elements. So, you need an application that has implemented WS-Security 1.0 as well as the "Web Services Security UsernameToken Profile 1.0" standard.
XI does not appear to support this standard extension, so customers are frequently doing a custom implementation in order to implement the features they need from the UsernameToken Profile standard. I've seen a customer do it in the plain HTTP adapter and use XSLT in the message mapping for receiver cases.
I've yet to see a sender case. Adapter modules in the SOAP adapter might work, but I see this as a technical risk because I don't know if you can re-authenticate from within the adapter module, and I suspect that XI applies the business-service authorization rule (the user authorization to access that particular service) before the adapter modules are called.
--Dan King
Manager, SAP NetWeaver Integration
Capgemini
Similar Messages
-
When I try to watch any video clip I get this:
The version of “Adobe Flash Player” on your system does not include the latest security updates and has been blocked. To continue using “Adobe Flash Player”, download an updated version from Adobe’s website.
I tried clicking on the Adobe Flash Player. It said it accepted it but it did not make a difference.
Can anyone help?
Thank you!This did not work
On Mon, Oct 27, 2014 at 8:59 PM, Apple Support Communities Updates < -
The version of “Adobe Flash Player” on your system does not include the latest security updates and has been blocked. To continue using “Adobe Flash Player”, download an updated version from Adobe’s website.
You haven't actually asked a question, but as stated you should only download Flash Player directy from Adobe.
Nor have you said what version of OS X and Safari you are running.
You can check here: http://www.adobe.com/products/flash/about/ to see which version you should install for your Mac and OS. Note that version 10,1,102,64 is the last version available to PPC Mac users*. The latest version,10.3 or later, is for Intel Macs only, as Adobe no longer support the PPC platform. Version 11.0.1.152 is for Lion.
* Unhelpfully, if you want the last version for PPC Macs, you need to go here: http://kb2.adobe.com/cps/142/tn_14266.html and scroll down to 'Archived Versions/Older Archives'. Flash Player 10.1.102.64 is the one you download. More information here: http://kb2.adobe.com/cps/838/cpsid_83808.html
You should first uninstall any previous version of Flash Player, using the uninstaller from here (make sure you use the correct one!):
http://kb2.adobe.com/cps/909/cpsid_90906.html
and also that you follow the instructions closely, such as closing ALL applications first before installing. You must also carry out a permission repair after installing anything from Adobe. -
Security create-keychain does not add the keychain to search list
Hello guys,
It seems that since OS X Mavericks the security create-keychain does not add the keychain in the search list. I tried calling the SecKeychainCreate directly to verify that this is not a bug in the SecurityTool (the result is the same). Could you please help me verify if this is expected behavior or more like a bug that was not reported?
Is there other way to create a keychain and add it to the search list except modifying the whole search list (for ex. using the security list-keychain)? I would like to concurrently create more than one keychain and modifying the whole search list does not seem like a good practice, becuase it introduces a race condition.
P.S. I tested this in Yosemite and the behavior is the same.
Regards,
Ilian IlievHi Carla,
Sorry to ask such a basic question, but are talking about Oracle Sales Analyzer?
Thanks,
Stuart Bunby
OLAP Blog: http://oracleOLAP.blogspot.com
OLAP Wiki: http://wiki.oracle.com/page/Oracle+OLAP+Option
OLAP on OTN: http://www.oracle.com/technology/products/bi/olap/index.html
DW on OTN : http://www.oracle.com/technology/products/bi/db/11g/index.html -
"Quit" in ITS Header does not work properly
Hello,
we have a self-made ESS Service in use (http://itshost:port/scripts/wgate/zmfa/!). In this service the "Quit" Link in the ESS header does not work.
When we start e.g. the pz04 transaction on the ITS (http://itshost:port/scripts/wgate/pz04/!) the "Quit" button does work properly, and ends the ITS Session.
I already tried to set the ~exiturl to a close_window.html file, but still it doesn't work in the self-made service.
This line is included in the service:
`include(~service="system", ~language="", ~theme="dm", ~name="TemplateLibraryDHTML.html")`
I guesss changing the templatelibrarybasis.html won't work, since the pz04 also uses this template, and there it works. We don't want to remove these "Quit" and "Help" links in the header, since they are still being used (due to older Release of R/3, no Portal App).
It's a standalone ITS 6.20, latest patch, newly installed.
Anybody have an Idea?
Thanks.
Regards,
DanielUsually the profiler gives higher execution times than is true, since it is using resources itself. Make sure the profiler is started before starting the program (while in edit mode vs run time mode). Wait for the completion of all vis, then stop the profiler.
Of course, the sub vis may actually execute faster than the profiler can discriminate (eg faster than a microsecond), which happens frequently.
2006 Ultimate LabVIEW G-eek. -
Saved pdf file does not include filled in text
i am using adobe acrobat pro; trail version. I can fill in a fillable pdf file but after saving the file and then emailing the filethe received email attachment does not include my text included in the pdf form?
It most likely does include it in the form, but the PDF viewer that's being used does not display it. If the user were to use Adobe Reader/Acrobat, the form data should appear as expected. The default PDF viewer that mobile devices and some browsers use don't have sufficient support for forms.
If the recipient does not need to interact with the form fields, you can flatten the form before sending it out. This converts the form field appearances to regular page content, so it will very likely appear fine in most any PDF viewer. Post again if you need help flattening form fields using Acrobat. -
Spotlight search does not include map, iTunes, google...
I upgraded to yosemite from mavericks after seeing the latest feature videos from WWDC
But greatly disappointed to see so many features showcased does not work the same way as it was showcased
For example
The spotlight is not working as expected, it does not include maps, web search, photos etc., i even changed the default search engine to bing still does not work
Any idea, if i am missing something
Also is it possible to include github, stack overflow, wikipedia in the spot light search
~BasavarajTry re-indexing Spotlight.
Spotlight – Re-index -
ORA-19007: Schema - does not match expected T0090.xsd for non xsd owner
I have registered an xsd in /home/divload/xsd/T0090.xsd. User "prmt" is the owner of this resource. User prmt can schemavalidate xml against this xsd just as it is now. However, I have package code in "prmt_app" user account that will actually do the schemavalidate - not prmt user. When I run the exact same code using the exact same xml with the T0090.xsd above I am getting ORA-19007: Schema - does not match expected T0090.xsd. prmt_app has "all" privs on "/home", "/home/divload", "/home/divload/xsd", and "/home/divload/xsd/T0090.xsd". What am I missing?
XSD header info
<?xml version="1.0" encoding="utf-8"?>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xdb="http://xmlns.oracle.com/xdb">
<xs:element name="T0090" xdb:defaultTable="T0090">
...XML header info
<?xml version="1.0" encoding="ISO-8859-1"?>
<T0090 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="T0090.xsd">
<PERMIT>
...The error occurs when I am inserting into this table off disk..
create table prmt.cview_xml (filename varchar2(256), xmldoc xmltype) xmltype xmldoc xmlschema "T0090.xsd" element "T0090";
Edited by: Mark Reichman on Jun 28, 2010 2:42 PMI did all that before posting the orignial post..
declare
v_schema_exists varchar2(1) := 'N';
res boolean;
schemaURL varchar2(100) := 'T0090.xsd';
schemaPath varchar2(100) := '/prmt/xsd/T0090.xsd'; --'/public/T0090.xsd';
xmlSchema xmlType := XMLTYPE(bfilename('DIR_PRMT_OUT_CVIEW','T0090.xsd'),NLS_CHARSET_ID('AL32UTF8'));
begin
begin
select 'Y'
into v_schema_exists
from sys.all_xml_schemas -- changed from user_xml_schemas
where schema_url = schemaURL;
dbms_xmlSchema.deleteSchema(schemaURL,4);
exception
when NO_DATA_FOUND then
null;
end;
if (dbms_xdb.existsResource(schemaPath)) then
dbms_xdb.deleteResource(schemaPath);
end if;
res := dbms_xdb.createResource(schemaPath,xmlSchema);
dbms_xmlschema.registerSchema ( schemaURL, xdbURIType(schemaPath).getClob(), TRUE, TRUE, FALSE, TRUE );
end;
/ I guess my understanding was that I could grant another oracle user access to my registered schema just like I can grant a single user access to a table. Evidently I only have two options. Only the schema owner can use the schema or everyone can use the schema and I cannot grant access to a single user other than myself.
Edited by: Mark Reichman on Jul 2, 2010 9:08 AM
Edited by: Mark Reichman on Jul 2, 2010 9:09 AM -
GA749 start date does not include any senders in FAGLGA35
Hello Guru:
I do FAGLGA31 for sender = account 1-99999 profit center 1 and receiver = profit center 2
version = 1 .
when run cycle execute message "GA749 start date does not include any senders"
I check in table FAGLFLEXT , there is data in Sender cost center and Profit center according to my criteria.
Please advise where to check up and thanks in advanceHI,
please check the following:
The problem could be caused by the cycle header definition. Instead of
'0' you have to enter '1' as a version. All actual data gets posted
under version 001 in NewGL by system default, so if you specify the
version other than '1', the sender value is not found when executing the
cycle.
Regards
Madhu M -
CA certificate does not include basic constraints extension
why do i get the error message ? how to decide it ?
SSLSocket socket = (SSLSocket) factory.createSocket("www.chinatrust.com.tw",443);
boolean client_use = socket.getUseClientMode();
boolean client_auth = socket.getNeedClientAuth();
System.out.println(client_use);//<-true
System.out.println(client_auth);//<-false
socket.startHandshake(); //<- error
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: CA certificate does not include basic constraints extensionI had this problem around Valintine's Day 2004, and discovered that Sun's CA Certs for JDK 1.0 to 1.4.0 expired in January 2004!
Visit this link for step-by-step instructions on how to correct the problem.
Jai
http://www.hp.com/products1/unix/java/infolibrary/install_verisign.html -
Loans document error Document header does not have a reconciliation key
Hi All,
I am trying to post a loans document through EK25 and while saving the document following erros is coming
Formal error: Document header does not have a reconciliation key
Message no. >0037
Diagnosis
You tried to post a document but a reconciliation key is missing from the document header. Since mass processing does not apply here (where the reconciliation key is automatically created) you must enter a reconciliation key.
System Response
Error message. Processing is terminated.
Procedure
Contact your system administrator.
Procedure for System Administration
If the program error occurred in an
SAP standard program, enter a problem message
Own program, correct the program
Any input appreciated.
Thanks,
VRHi,
You need to assign the reconcilation group to the SAP user ID you are using to post the loan document.
The reconciliation group is required if user-specific reconciliation keys are to be proposed automatically.
The reconciliation group is freely selectable.
Go to the following path in IMG-
IMG->Financial Accounting->Contract Accounts Receivable and Payable->Basic Functions->Postings and Documents->Document-.Define Default Values->Maintain Rules for Reconciliation Key Default Values->Maintain Reconciliation Groups for Default Values
Maintain the SAP User ID that you are using along with a reconciliation group.
After, you maintained the user ID and saved it, try to post the loan document again.
Hope it helps..
Thanks,
Amlan -
when the apple review team review our app,they point out that our app uses a background mode but does not include functionality that requires that mode to run persistently。but in fact,when the app in background ,the app need data update to make the function of trajectory replay come ture。in fact, we have added function when the app is in background mode。we have point out the point to them by email。but they still have question on the background mode,we are confused,does anyone can help me,i still don't know why do review team can't find the data update when the app is in background and how do i modify the app,or what is the really problem they refered,do i misunderstand them?
the blow is the content of the review team email:
We found that your app uses a background mode but does not include functionality that requires that mode to run persistently. This behavior is not in compliance with the App Store Review Guidelines.
We noticed your app declares support for location in the UIBackgroundModes key in your Info.plist but does not include features that require persistent location.
It would be appropriate to add features that require persistent use of real-time location updates while the app is in the background or remove the "location" setting from the UIBackgroundModes key. If your application does not require persistent, real-time location updates, we recommend using the significant-change location service or the region monitoring location service.
For more information on these options, please see the "Starting the Significant-Change Location Service" and "Monitoring Shape-Based Regions" sections in the Location Awareness Programming Guide.
If you choose to add features that use the Location Background Mode, please include the following battery use disclaimer in your Application Description:
"Continued use of GPS running in the background can dramatically decrease battery life."
Additionally, at your earliest opportunity, please review the following question/s and provide as detailed information as you can in response. The more information you can provide upfront, the sooner we can complete your review.
We are unable to access the app in use in "http://www.wayding.com/waydingweb/article/12/139". Please provide us a valid demo video to show your app in use.
For discrete code-level questions, you may wish to consult with Apple Developer Technical Support. When the DTS engineer follows up with you, please be ready to provide:
- complete details of your rejection issue(s)
- screenshots
- steps to reproduce the issue(s)
- symbolicated crash logs - if your issue results in a crash log
If you have difficulty reproducing a reported issue, please try testing the workflow as described in <https://developer.apple.com/library/ios/qa/qa1764/>Technical Q&A QA1764: How to reproduce a crash or bug that only App Review or users are seeing.Unfortunately, these forums here are all user to user; you might try the developer forums or get in touch with the team that you are working with.
-
Material document 4900000006 does not include an accounting document
Hi guys
I created normal sales order, delivery and and released it thr VF01.
Then I created the RE document without order reference and PGR. But while checking the accounting documents in VL02N it gives the error as follows
Material document 4900000006 does not include an accounting document
Diagnosis
The system cannot find an accounting document for the material document 4900000006.
Possible reasons for this are:
The goods movement has no relevance to accounting. Therefore, the system did not generate an accounting document for the material document.
The material document is a document that was posted before Release 2.1. Such documents must be converted so that the system can find the relevant accounting document.
The procedure for the subsequent calculation of value is not active in your system. For further information, refer to the documentation on the program for valuating goods movements: RM07MWBU.
Procedure
Choose Continue and then choose another function.
Find out when the material document was created. If the document was created prior to the Release changeover, ask your system administrator to carry out the conversion of the documents. The individual steps required for document conversion are described in the Release Notes for Release 2.1B
Please give me the solution
Thanks in advance
RahulHi Rahul,
Can you tell me how did you resolve this error indetail or step by step? I have a same error in test client. I am doing returns with stock catergory of E while PGI and then it throws error message.
Material document 4900000006 does not include an accounting document
Diagnosis
The system cannot find an accounting document for the material document 4900000006.
Possible reasons for this are:
The goods movement has no relevance to accounting. Therefore, the system did not generate an accounting document for the material document.
The material document is a document that was posted before Release 2.1. Such documents must be converted so that the system can find the relevant accounting document.
The procedure for the subsequent calculation of value is not active in your system. For further information, refer to the documentation on the program for valuating goods movements: RM07MWBU.
Procedure
Choose Continue and then choose another function.
Find out when the material document was created. If the document was created prior to the Release changeover, ask your system administrator to carry out the conversion of the documents. The individual steps required for document conversion are described in the Release Notes for Release 2.1B
regards
rc gopi -
The content menu in my Acrobat X Standard does not include the "multimedia" selection??
What am I missing? The Adobe Classroom In A Book clearly refers to it...
Hi,
I am sorry to hear that you're having trouble in locating 'Multimedia' tools in Acrobat.
Acrobat X Standard does not include most of the interactive object tools. You need to use Acrobat X Pro for those features. Kindly check the comparison matrix at:
http://www.adobe.com/products/acrobat/matrix.html
~Sandeep V. -
Object in import-file header does not correspond to the migration object
Hi Forum,
I have loaded Business partner successfully with the file created in Workbench with test data.
Now I want to load the data from Application server. But i am getting the error
"Object in import-file header does not correspond to the migration object".
I have read that the import file should have 3 types of record
1. Header record corrs to the structure TEMINFO
2. Actual data records
3. Final record for individual object.
I am not sure where I am making a mistake
my files header looks like
<004F><Space><&INFO><Company><Migration Object><User><Date><Time>
Please help.
Thanks in advanceI am assuming you are in transaction EMIGIMP loading a converted migration file for import, correct?
If so, you should be able to read the company, mig. object, user name, etc. in the import file tab overview. If conversion did not work correctly, this info will not display here.
It is possible you are missing some data in the header, or spacing is not correct. Are you converting the input file with program REMIG_FILE_TRANSFORM or are you trying to create the migration file yourself?
Maybe you are looking for
-
Since installing 10.5, Itunes will no longer open automatically when I connect my Iphone or insert a CD. Nor will it, when I insert a CD, recognize the CD unless I close Itunes and open it again. Any ideas?
-
Syncing my iPod classic with Itunes on Windows 8
Hello, I completed an itunes update a few days ago. Since that time; I have been unable to sync my iPod classic with my library or even manage it. I have been searching and see that this has become an issue for many people who use Windows 8. Is there
-
Why does iTunes on my iPhone keep rewinding songs after pausing?
If I pause iTunes on my iPhone by either removing my headphone jack or pressing pause, if I then restart after about an hour later, the music jumps backwards several songs that have just been played. The longer I leave it, the more songs it rewinds.
-
I purchase N79 recently. I saw on this forum that v30 is the latest available. However when I try to update my v11, NSU says no update available. Why is that so ? I was searching for the update by entering the product code at http://europe.nokia.com/
-
Users can not subscribe to podcast
I have had several people tell me that they are receiving error = 9006 when they are trying to subscribe to my podcast. When I went to go investigate I noticed that if I hit Check for Available Downloads that the cue would turn on and off in a second