cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

Go to solution
Former Member

on ‎04-24-2009 8:36 AM

0 Kudos

Hello All,

We are currently building up a HTTPS message exchange with an external client.

Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.

The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)

Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.

Now we have to configure the addtional Client Authentication.

At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".

But what are the next steps to get this scenario successfully in place?

Many thanks in advance!

Jochen

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-24-2009 8:50 AM
0 Kudos

Hi,

you need to change the icm/HTTPS/verify_client parameter value to 2. Exchange the client certificates which is required.

Regards,

Prakasu.M

Show replies
Show replies

Answers (2)

Answers (2)

former_member200962
Active Contributor
‎04-24-2009 8:53 AM
0 Kudos

Hi,

Check this note:

https://service.sap.com/sap/support/notes/891877

Not all steps are mentioned...but still useful...check the HTTPS configuration section

Regards,

Abhishek.

Show replies
Show replies
Former Member
‎07-16-2009 8:01 AM
0 Kudos

Hi Colleagues,

following Steps still have to be done:

- Mapping public key to technical user at Java Stack

As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate

- Be sure CA root certivicate at Database under STRUSTSSO2

- Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note

- use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".

Many thanks to all for support!

Regards,

Jochen

prateek
Active Contributor
‎04-24-2009 8:53 AM
0 Kudos

You must have SSL enabled on J2EE if you are planning to use Soap Sender to send data to adapter engine. If it is HTTP sender, then certificate imported using STRUST would be of use.

Regards,

Prateek

Show replies
Show replies
Ask a Question