on 02-03-2009 11:20 PM
Hello,
I need to consume a web service in ABAP from a non-SAP application. The web service uses wsse:UsernameToken with PasswordDigest in the SOAP Header for authentication. However, I havent seen any documentation for using Password Digest in ABAP.
Is it possible to use Password Digest in ABAP?
Thanks
Ajay
Hi Ajay,
We are having a similar issue in using WebService in AS ABAP.
In SOAManager, I cannot see the option to use Username Token authentication.
The logical port in SOAManager is created using the WSDL URL, and by default I get Basic Authentication only (Transport level), but we need to use the message level authentication (Username Token).
I hope using Username Token authentication, the SOAP header will be populated with the Username, Password, Nonce, Created parameters in the SOAP request.
Can you please let me know how to get the Username Token authentication in SOAManager?
Thanks,
Sanjay
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Just in case this might help someone else.
I created the requried string for the SOAP header using the function modules CALCULATE_HASH_FOR_RAW and SCMS_BASE64_ENCODE. The exact logic used to create the SOAP header is described in http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf. Then an XML document was created with the string using FM SDIXML_XML_TO_DOM.
Then get the soap header using proxyInstance -> get_protocol('IF_WSPROTOCOL_WS_HEADER') and set the new soap header to this class.
Regards
Ajay
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ajay,
I have a similar issue. I need to use a password digest but i cant find any option to do so in SOA manager.
I am not submitting a request xml per say. My report provides a value as input to call one of the web service's methods and i use the response xml. So i'am not sure if using the FM's suggested above would work for me.
Do you think there's a way i can do this through SOA manager?
Thanks for your help.
Regards,
Deepti
Hi Marc,
Here is the ABAP Code to build the SOAP header.
FUNCTION Z_GET_SOAP_REQUEST_HEADER.
*"----------------------------------------------------------------------
*"*"Local Interface:
*" EXPORTING
*" VALUE(ER_SECURITY_ELEMENT) TYPE REF TO IF_IXML_ELEMENT
*"----------------------------------------------------------------------
*date and time data
data: lv_sys_date like sy-datum,
lv_sys_time like sy-uzeit,
lv_year(4) type c,
lv_month(2) type c,
lv_date(2) type c,
lv_hour(2) type c,
lv_min(2) type c,
lv_sec(2) type c.
data : lv_created type string,
lv_snonce type string,
lv_b64nonce type string,
lv_webservice_password type string,
lv_webservice_userid type string,
lv_spassword type string,
lv_xpassword type xstring,
lv_hpassword type hash160x,
lv_b64password(255) type c,
lv_xpasslen type i,
lv_hpasslen type i.
*xml declartions
data : lv_sheader type string,
lv_xheader type xstring,
xml_document TYPE REF TO if_ixml_document,
xml_root TYPE REF TO if_ixml_element,
xml_element TYPE REF TO if_ixml_element,
xml_node TYPE REF TO if_ixml_node.
*get the c-link password.
CALL METHOD ZCL_CDB_SYNC_CFG_READER=>GET_USERID_PASSWORD
IMPORTING
EV_USER_ID = lv_webservice_userid
EV_PASSWORD = lv_webservice_password
.
*Evaluate created date time
lv_sys_date = sy-datum.
lv_sys_time = sy-uzeit.
lv_year = lv_sys_date(4).
lv_month = lv_sys_date+4(2).
lv_date = lv_sys_date+6(2).
lv_hour = lv_sys_time(2).
lv_min = lv_sys_time+2(2).
lv_sec = lv_sys_time+4(2).
CONCATENATE lv_year '-' lv_month '-' lv_date 'T' lv_hour ':' lv_min ':' lv_sec '.000Z' into lv_created.
*Create and encode the nonce
CALL FUNCTION 'GENERAL_GET_RANDOM_STRING'
EXPORTING
NUMBER_CHARS = 24
IMPORTING
RANDOM_STRING = lv_snonce.
CALL METHOD cl_http_utility=>ENCODE_BASE64
EXPORTING
UNENCODED = lv_snonce
RECEIVING
ENCODED = lv_b64nonce.
*create the password to be sent to web service
CONCATENATE lv_snonce lv_created lv_webservice_password into lv_spassword.
*encode password to xstring
CALL FUNCTION 'SCMS_STRING_TO_XSTRING'
EXPORTING
TEXT = lv_spassword
IMPORTING
BUFFER = lv_xpassword.
lv_xpasslen = xstrlen( lv_xpassword ).
CALL FUNCTION 'CALCULATE_HASH_FOR_RAW'
EXPORTING
ALG = 'SHA1'
DATA = lv_xpassword
LENGTH = lv_xpasslen
IMPORTING
HASHX = lv_hpassword
HASHXLEN = lv_hpasslen.
CALL FUNCTION 'SCMS_BASE64_ENCODE'
EXPORTING
INPUT = lv_hpassword
INPUT_LENGTH = lv_hpasslen
IMPORTING
OUTPUT = lv_b64password
EXCEPTIONS
OUTPUT_TOO_SMALL = 1
OTHERS = 2.
IF SY-SUBRC <> 0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
* WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
* build the header
CONCATENATE
'<soap-env:Header xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">'
'<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">'
'<wsse:UsernameToken wsu:Id="########" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'
'<wsse:Username>'
lv_webservice_userid
'</wsse:Username>'
'<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'
lv_b64password
'</wsse:Password>'
'<wsse:Nonce>'
lv_b64nonce
'</wsse:Nonce>'
'<wsu:Created>'
lv_created
'</wsu:Created>'
'</wsse:UsernameToken>'
'</wsse:Security>'
'</soap-env:Header>'
INTO lv_sheader.
*Build the xml header element
lv_xheader = cl_proxy_service=>cstring2xstring( lv_sheader ).
TRY.
CALL FUNCTION 'SDIXML_XML_TO_DOM'
EXPORTING
xml = lv_xheader
IMPORTING
document = xml_document
EXCEPTIONS
invalid_input = 1
OTHERS = 2.
IF sy-subrc = 0 AND NOT xml_document IS INITIAL.
xml_root = xml_document->get_root_element( ).
er_security_element ?= xml_root->get_first_child( ).
gr_soap_security_header = er_security_element.
ENDIF.
CATCH cx_ai_system_fault .
ENDTRY.
ENDFUNCTION.
Hi Oliver,
Thanks for your reply.
I have done quite a bit of search and experimentation, and posted in the forum only after that. In SOAManager, there is a provision to use the UsernameToken with a password, but not with a password digest.
I am also aware that password digest is supported in the Java stack. However, I need to use the web services in the ABAP stack.
Thanks
Ajay
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ajay,
I have told you that the password digest is also supported by the abap stack (if the documentation is right, I did not test it).
The only test I did was to configure an abap service endpoint to use the username token and to generate the wsdl.
The wsdl file had the Username token entry.
Did you check
[Message-Based Authentication with WS-Security|http://help.sap.com/saphelp_nw70/helpdata/EN/c0/d809a4e0bf493b9aed84c6912a1759/frameset.htm] ?
It seems that you have to run the wss_setup report first.
Regards,
Olivier
Hi,
>Is it possible to use Password Digest in ABAP?
It should be as it is possible to configure the use of wsse:UsernameToken from transaction SOAMANAGER.
You have to experiment to find out.
By the way, do you know how to use the SEARCH function in help.sap.com ?
I just did a search in Netweaver 7.0 help with the keyword UsernameToken and I found :
[WS-Security UsernameToken |http://help.sap.com/saphelp_nw70/helpdata/EN/47/23fc6d9a0b2debe10000000a1553f7/frameset.htm]
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.