on 04-18-2009 10:05 AM
Gents,
We have a B2B interface that uses XI SOAP adapter to exchange messages
with another partner who is using webMethods 7.X.
The problem only happens when we apply the WS-Security to the interface.
Our WS-Security requirements is to sign the outgoing message and verify
the incoming. When applying the WS-Security we noticed a duplicate tag
<wsse:BinarySecurityToken> with the exact same value . Hence, our partner is unable to process the SOAP message
and returns and error message
(com.sap.aii.af.ra.ms.api.DeliveryException: Unexpected element in
SOAP:Fault; HTTP 500 Internal Server Error).
Below is the signed soap message we are sending to webmethods
- <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
- <SOAP:Header>
- <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sap-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIFSjCCB.................</wsse:BinarySecurityToken>
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <ds:Reference URI="#wsuid-body-9e8bbf90-274c-11de-a3a2-00145ebca23f">
- <ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>XAx72ptHDLnGEJhrfZN4GVZoWGA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>iHO2r1EV40Nl3SqJfBZndvZGK2w2LcBwZyCwwDUdAlMMjKX+2aD4EJ3mbF80v55A/Yb1+dm3d4SZ7OX+JyMrNZrb4/Xm3gB6OIx0He5bDazojiYU6PbjXHfSTw681Gh1qN6OrvSOnA4cBeAHkV1DzqNYqJhQiDyoTUw3u9zBKbA=</ds:SignatureValue>
- <ds:KeyInfo>
- <wsse:SecurityTokenReference>
<wsse:Reference URI="#sap-1" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sap-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIF.........</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sap-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIF...........</wsse:BinarySecurityToken>
</wsse:Security>
</SOAP:Header>
- <SOAP:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-body-9e8bbf90-274c-11de-a3a2-00145ebca23f">
- <ns0:MasterData xmlns:ns0="http://s24dh043/SA2SEC/WSD/SATOSEC">
- <MasterData_Input>
<PARTNER_ID>SAUDI-ELE-CO</PARTNER_ID>
</MasterData_Input>
</ns0:MasterData>
</SOAP:Body>
</SOAP:Envelope>
Your help is highly appreicated
Regards,
Santhosh
Check SAP Note 1115420.
Regards,
Prateek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Parteek,
As you suggested we have successfully applied SAP note 1115420, now another error started
showing on the SOAP interface as shown:
SOAP: call failed: java.security.PrivilegedActionException:
com.sap.aii.af.security.impl.exception.MessageSecurityException: Message
SecurityException in Method: VerifyMessageLevelSecurity.run().
AccessControlException. Please check that your Code has the
XiSecurityRuntimePermission.Context:
com.sap.aii.af.security.impl.exception.MessageSecurityException:
Exception in Method: verify( Message, byte[], CPALookupObject ). General
exception, no further informations. Message: MessageSecurityContext in
Method: verify( Message, byte[], CPALookupObject ). VerifyThread
Message: VerifyException in Method: run(). Key: 0200; To-String:
com.sap.aii.af.security.impl.exception.MessageSecurityException:
VerifyException in Method: run(). Key: 0200. To-String:
com.sap.aii.af.security.impl.exception.MessageSecurityException:
MessageSecurityContext in Method: verify( Message, byte[],
CPALookupObject ). VerifyThread Message: VerifyException in Method:
run(). Key: 0200; To-String:
com.sap.aii.af.security.impl.exception.MessageSecurityException:
VerifyException in Method: run(). Key: 0200.
We tried creating this permission in the visual admin by selecting
java.lang.RuntimePermission Class Name and entering the Target Name as
XiSecurityRuntimePermission. But the error is still there. Any help?
Regards,
Santhosh
Hi,
We also facing the same issue, please let me know if anyone has information regarding it. We have also done the configuration as mentioned in below link:
http://help.sap.com/saphelp_nw04/helpdata/en/fb/bc4d401be96913e10000000a1550b0/frameset.htm
Thanks,
Alok
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey we are having the same issue with a Web Service we have tailored with WS-Security. Did you ever get resolution on this issue, and if so do you remember the fix? Thanks in Advance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Kindly see this
[http://help.sap.com/saphelp_nw04/helpdata/en/4e/af3a40243c174ee10000000a1550b0/frameset.htm]
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.