cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Consuming a Web Service with PasswordDigest Authentication in ABAP

Former Member

on ‎02-03-2009 11:20 PM

0 Kudos

Hello,

I need to consume a web service in ABAP from a non-SAP application. The web service uses wsse:UsernameToken with PasswordDigest in the SOAP Header for authentication. However, I havent seen any documentation for using Password Digest in ABAP.

Is it possible to use Password Digest in ABAP?

Thanks

Ajay

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎02-09-2010 10:57 PM
0 Kudos

Hi Ajay,

We are having a similar issue in using WebService in AS ABAP.

In SOAManager, I cannot see the option to use Username Token authentication.

The logical port in SOAManager is created using the WSDL URL, and by default I get Basic Authentication only (Transport level), but we need to use the message level authentication (Username Token).

I hope using Username Token authentication, the SOAP header will be populated with the Username, Password, Nonce, Created parameters in the SOAP request.

Can you please let me know how to get the Username Token authentication in SOAManager?

Thanks,

Sanjay

Show replies
Show replies
Former Member
‎02-20-2009 3:18 PM
0 Kudos

Hi,

Just in case this might help someone else.

I created the requried string for the SOAP header using the function modules CALCULATE_HASH_FOR_RAW and SCMS_BASE64_ENCODE. The exact logic used to create the SOAP header is described in http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf. Then an XML document was created with the string using FM SDIXML_XML_TO_DOM.

Then get the soap header using proxyInstance -> get_protocol('IF_WSPROTOCOL_WS_HEADER') and set the new soap header to this class.

Regards

Ajay

Show replies
Show replies
Former Member
‎04-12-2012 12:24 PM
0 Kudos

Hi Ajay,

I have a similar issue. I need to use a password digest but i cant find any option to do so in SOA manager.

I am not submitting a request xml per say. My report provides a value as input to call one of the web service's methods and i use the response xml. So i'am not sure if using the FM's suggested above would work for me.

Do you think there's a way i can do this through SOA manager?

Thanks for your help.

Regards,

Deepti

Former Member
‎09-03-2013 3:05 PM
0 Kudos

Hi Ajay,

I see you were logged today so there's a chance you reply.

Do you stil have the abap code for creating the requried string for the SOAP header using the function modules CALCULATE_HASH_FOR_RAW and SCMS_BASE64_ENCODE ?

Thanks,

Marc

Former Member
‎09-09-2013 5:00 PM
0 Kudos

Hi Marc,

Here is the ABAP Code to build the SOAP header.

FUNCTION Z_GET_SOAP_REQUEST_HEADER.

*"----------------------------------------------------------------------

*"*"Local Interface:

*"  EXPORTING

*"     VALUE(ER_SECURITY_ELEMENT) TYPE REF TO  IF_IXML_ELEMENT

*"----------------------------------------------------------------------

*date and time data

  data: lv_sys_date like sy-datum,

        lv_sys_time like sy-uzeit,

        lv_year(4) type c,

        lv_month(2) type c,

        lv_date(2) type c,

        lv_hour(2) type c,

        lv_min(2) type c,

        lv_sec(2) type c.

  data : lv_created type string,

        lv_snonce type string,

        lv_b64nonce type string,

        lv_webservice_password type string,

        lv_webservice_userid type string,

        lv_spassword type string,

        lv_xpassword type xstring,

        lv_hpassword type hash160x,

        lv_b64password(255) type c,

        lv_xpasslen type i,

        lv_hpasslen type i.

*xml declartions

  data : lv_sheader type string,

        lv_xheader type xstring,

        xml_document TYPE REF TO if_ixml_document,

        xml_root TYPE REF TO if_ixml_element,

        xml_element TYPE REF TO if_ixml_element,

        xml_node TYPE REF TO if_ixml_node.

*get the c-link password.

CALL METHOD ZCL_CDB_SYNC_CFG_READER=>GET_USERID_PASSWORD

  IMPORTING

    EV_USER_ID  = lv_webservice_userid

    EV_PASSWORD = lv_webservice_password

    .

*Evaluate created date time

  lv_sys_date = sy-datum.

  lv_sys_time = sy-uzeit.

  lv_year = lv_sys_date(4).

  lv_month = lv_sys_date+4(2).

  lv_date = lv_sys_date+6(2).

  lv_hour = lv_sys_time(2).

  lv_min = lv_sys_time+2(2).

  lv_sec = lv_sys_time+4(2).

  CONCATENATE lv_year '-' lv_month '-' lv_date 'T' lv_hour ':' lv_min ':' lv_sec '.000Z' into lv_created.

*Create and encode the nonce

  CALL FUNCTION 'GENERAL_GET_RANDOM_STRING'

    EXPORTING

      NUMBER_CHARS  = 24

    IMPORTING

      RANDOM_STRING = lv_snonce.

  CALL METHOD cl_http_utility=>ENCODE_BASE64

    EXPORTING

      UNENCODED = lv_snonce

    RECEIVING

      ENCODED   = lv_b64nonce.

*create the password to be sent to web service

  CONCATENATE lv_snonce lv_created lv_webservice_password into lv_spassword.

*encode password to xstring

  CALL FUNCTION 'SCMS_STRING_TO_XSTRING'

    EXPORTING

      TEXT   = lv_spassword

    IMPORTING

      BUFFER = lv_xpassword.

  lv_xpasslen = xstrlen( lv_xpassword ).

  CALL FUNCTION 'CALCULATE_HASH_FOR_RAW'

    EXPORTING

      ALG      = 'SHA1'

      DATA     = lv_xpassword

      LENGTH   = lv_xpasslen

    IMPORTING

      HASHX    = lv_hpassword

      HASHXLEN = lv_hpasslen.

  CALL FUNCTION 'SCMS_BASE64_ENCODE'

    EXPORTING

      INPUT            = lv_hpassword

      INPUT_LENGTH     = lv_hpasslen

    IMPORTING

      OUTPUT           = lv_b64password

    EXCEPTIONS

      OUTPUT_TOO_SMALL = 1

      OTHERS           = 2.

  IF SY-SUBRC <> 0.

* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO

*         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.

  ENDIF.

* build the header

  CONCATENATE

'<soap-env:Header xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">'

'<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">'

'<wsse:UsernameToken wsu:Id="########" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'

'<wsse:Username>'

lv_webservice_userid

'</wsse:Username>'

'<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'

lv_b64password

'</wsse:Password>'

'<wsse:Nonce>'

lv_b64nonce

'</wsse:Nonce>'

'<wsu:Created>'

lv_created

'</wsu:Created>'

'</wsse:UsernameToken>'

'</wsse:Security>'

'</soap-env:Header>'

INTO lv_sheader.

*Build the xml header element

  lv_xheader = cl_proxy_service=>cstring2xstring( lv_sheader ).

  TRY.

      CALL FUNCTION 'SDIXML_XML_TO_DOM'

        EXPORTING

          xml           = lv_xheader

        IMPORTING

          document      = xml_document

        EXCEPTIONS

          invalid_input = 1

          OTHERS        = 2.

      IF sy-subrc = 0 AND NOT xml_document IS INITIAL.

        xml_root = xml_document->get_root_element( ).

        er_security_element ?= xml_root->get_first_child( ).

        gr_soap_security_header = er_security_element.

      ENDIF.

    CATCH cx_ai_system_fault .

  ENDTRY.

ENDFUNCTION.

Former Member
‎02-04-2009 10:50 AM
0 Kudos

Hi Oliver,

Thanks for your reply.

I have done quite a bit of search and experimentation, and posted in the forum only after that. In SOAManager, there is a provision to use the UsernameToken with a password, but not with a password digest.

I am also aware that password digest is supported in the Java stack. However, I need to use the web services in the ABAP stack.

Thanks

Ajay

Show replies
Show replies
Former Member
‎02-04-2009 12:17 PM
0 Kudos

Hi Ajay,

I have told you that the password digest is also supported by the abap stack (if the documentation is right, I did not test it).

The only test I did was to configure an abap service endpoint to use the username token and to generate the wsdl.

The wsdl file had the Username token entry.

Did you check

[Message-Based Authentication with WS-Security|http://help.sap.com/saphelp_nw70/helpdata/EN/c0/d809a4e0bf493b9aed84c6912a1759/frameset.htm] ?

It seems that you have to run the wss_setup report first.

Regards,

Olivier

Former Member
‎02-04-2009 9:48 AM
0 Kudos

Hi,

>Is it possible to use Password Digest in ABAP?

It should be as it is possible to configure the use of wsse:UsernameToken from transaction SOAMANAGER.

You have to experiment to find out.

By the way, do you know how to use the SEARCH function in help.sap.com ?

I just did a search in Netweaver 7.0 help with the keyword UsernameToken and I found :

[WS-Security UsernameToken |http://help.sap.com/saphelp_nw70/helpdata/EN/47/23fc6d9a0b2debe10000000a1553f7/frameset.htm]

Regards,

Olivier

Show replies
Show replies
Ask a Question