on 04-04-2006 12:01 PM
Dear Colleagues,
I have created a Web Service and now I want to test it via its Web Service Homepage (TA WSADMIN). The Homepage is displayed correctly, but testing leads to an error:
Authority check failed
Are there any prerequisites I maybe do not accomplish?
(I tested a very similar web service in another system, and there it works)
Here are some more information about my service:
- Service was build with Web Service Wizzard out of a function module
- Here you can see the conversation resulting of the test:
POST /sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003 HTTP/1.1
Host: bsl8011.wdf.sap.corp:50073
Content-Type: text/xml; charset=UTF-8
Connection: close
Cookie: <value is hidden>
Cookie: <value is hidden>
Authorization: <value is hidden>
Content-Length: 381
SOAPAction: ""
<?xml version="1.0" encoding="UTF-8" ?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<ns1:Z_TEST_WS_CONFIG xmlns:ns1='urn:sap-com:document:sap:rfc:functions'>
<INPUT>TEST</INPUT>
</ns1:Z_TEST_WS_CONFIG>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
HTTP/1.1 500 Internal Server Error
content-type: text/xml; charset=utf-8
content-length: 363
sap-srt_id: 20060404/125124/v1.00_final_6.40/1B0831447838C429E10000000A424016
server: SAP Web Application Server (1.0;700)
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Body>
<soap-env:Fault>
<faultcode xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">n0:FailedAuthentication</faultcode>
<faultstring xml:lang="e">Authority check failed</faultstring>
</soap-env:Fault>
</soap-env:Body>
</soap-env:Envelope>
The WSDL-Document looks as follows:
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions targetNamespace="urn:sap-com:document:sap:rfc:functions" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="urn:sap-com:document:sap:rfc:functions" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><wsdl:types><xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="urn:sap-com:document:sap:rfc:functions" targetNamespace="urn:sap-com:document:sap:rfc:functions" elementFormDefault="unqualified" attributeFormDefault="qualified"><xsd:simpleType name="char60"><xsd:restriction base="xsd:string"><xsd:maxLength value="60"/></xsd:restriction></xsd:simpleType><xsd:element name="Z_TEST_WS_CONFIG"><xsd:complexType><xsd:sequence><xsd:element name="INPUT" minOccurs="0" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element><xsd:element name="Z_TEST_WS_CONFIGResponse"><xsd:complexType><xsd:sequence><xsd:element name="OUTPUT" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element></xsd:schema></wsdl:types><wsdl:message name="Z_TEST_WS_CONFIG"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIG"/></wsdl:message><wsdl:message name="Z_TEST_WS_CONFIGResponse"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:message><wsdl:portType name="Z_TEST_Q73_CONFIG_WS"><wsdl:operation name="Z_TEST_WS_CONFIG"><wsdl:input message="tns:Z_TEST_WS_CONFIG"/><wsdl:output message="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:operation></wsdl:portType><wsdl:binding name="Z_TEST_Q73_CONFIG_WSSoapBinding" type="tns:Z_TEST_Q73_CONFIG_WS"><soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="Z_TEST_WS_CONFIG"><soap:operation soapAction=""/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service name="Z_TEST_Q73_CONFIG_WSService"><wsdl:port name="Z_TEST_Q73_CONFIG_WSSoapBinding" binding="tns:Z_TEST_Q73_CONFIG_WSSoapBinding"><soap:address location="http://bsl8011.wdf.sap.corp:50073/sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003"/></wsdl:port></wsdl:service></wsdl:definitions>
Can anyone help me, I have no Idea
Message was edited by: Hans-Peter Bauer
I am having the same issue also and don't have that SAP_QAP_WEBSERVICE_ALL role. Any screenshots on what Auth. Objects and values to those objects it has? So if we dont have that role, we can mimic it somehow?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey, for those still looking on what to do for the Authority check failed issue if you are in Web AS 6.40 patch 13, look at this link:
http://help.sap.com/saphelp_nw04/helpdata/en/2b/07074155bcf26fe10000000a1550b0/content.htm
Supposedly there is another role you can assign aside from SAP_QAP_WEBSERVICE_ALL, it is the SAP_BC_WEBSERVICE_ADMIN. And you add that role differently than you do other roles. Go to the Menu tab of your role configuration, click on Authorization defaults for services, last selection is called Type of Ext. Service, and choose WS from the dropdown list. Then in the Service field, when you do a lookup (F4), you should find your created ICF service.
I haven't fully tested it yet, but it looks like that would work.
Hi Angel,
Can you please elaborate more on this?
Our security team refused to provide SAP_BC_WEBSERVICE_ADMIN role as I am developer not administrator.
I am getting error "Authority check failed" when trying to test my web services.
How can I get authorization of SAP_QAP_WEBSERVICE_ALL role. This role doesn't exist in system. What objects are included in this role?
Waiting for your reply.
Thanks in advance,
Bhavik
I had the same exact error that you encountered and I am trying to resolve it. You said the issue was resolved by adding the profile SAP_QAP_WEBSERVICE_ALL to your ID.
We are on 6.40 with SAP BASIS Patch 13. But we cannot see this role. Any clues on where we can retrieve this role?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Hans-Peter,
I was not able to execute other service present in the system as well.
I think there is some authorization problem with the server itself.
Can you try creating an IT/IBC message under the component DEV-BICONT-USER and explain this problem there.
Hope this helps,
Regards,
Vikas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi,
IMHO you should nevertheless file an OSS because it shouldn't throw an error 500 in such a case. users will again and again not understand what's wrong.
moreover it doesn't seem to be the best solution if a serviceconsumer needs an ...-_ALL authorization. or did you mean you already had an error during service creation
which you didn't recognize in time?
regards,
anton
HI,
the client no it is showing is 003.
if the client is not correct you can access the service by passing the client in the following way.
here i have specified client as 800 you can specify your right client.
Jaffer vali shaik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Welcome to SDN.
from WSADMIN when you click webservice homepage the wsnavigator of J2EE engine opens and the first thing it will ask is
"<i>The selected endpoint requires basic authentication. Please, enter correct username and password:"</i>
Did you provide this and still get the error?
Regards
Raja
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The message server defined in the SAP-Logon is us4278.wdf.sap.corp
But the url of the web service starts with http://us4185:58500/wsnavigator/jsps/explorer.jsp?description=WebServiceZ_TEST_Q73_CONFIG_WS
But I think that's not the problem, is it? As I mentioned above the test page can be shown, but the after filling in the input parameters an pressing send, there appears the authorisation error.
For better illustration I made some screenshots for you:
1) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_OVERVIEW.gif
2) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_INPUT_FORM.gif
3) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_reqest_response.gif
What can be wrong, if the error "n0:FailedAuthentication" appears?
Regards,
Peter
Message was edited by: Hans-Peter Bauer
Hi there,
I suppose you accidentially defined your service to use WS-Security, a webservice security extension.
If WS-Security isn't customized properly on your system or if you haven't assigned a security profile (transactions WSCONFIG and WSSPROFILE) or if the testing tool simply isn't able to create WS-Security-Messages then you might get this error.
hope that helps,
anton
Hello Anton!
Thank you for that information. But I am using the default security settings. I built my fuction module, started the Web-Service Wizzard and accepted all settings as they are by default (basic auth). So that should not be the problem.
Has anybody another ideea?
Thanks in advance,
Peter
hi,
hard to diagnose from a distance. whats interesting is that you get an HTTP error 500 = internal server error.
it should be 401 - Unauthorized - if authorization worked but you supplied wrong (or no) credentials. sometimes webservers erroneously reply a 403 - forbidden - in that case, but 500 points to some misconfiguration. Also the returned namespace of the soap fault seems strange to me in a case where WS security is not enabled. Even the content of SOAP fault code hints at an error since there where no need to prefix the code with n0.
you can try to debug it at runtime...goto transaction SICF, select the service and choose Start Debugging from the menu. Call the service and see a debugger window open in the sapgui. step through this but hurry, the client closes the connection after 60 or 90 secs.
regards,
anton
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.