on 11-23-2009 8:14 PM
Hi, I am trying to consume a secure web service on ECC 6.0 - so far without much luck.
When I try to connect to the ws server, it seems there are three certificates in action: a CICS certificate for establishing the SSL connection, a 'root' certificate from the PKI certificate issuer, and a private certificate issued by the above issuer (please forgive me if a have the syntax wrong - certificates are not my primary line of work). So, using Trust Manager (STRUST), I have created a PSE named 'OES' and imported all three certificates into it.
In SOAMANAGER I have set up the end-point using the WSDL-file and set the following parameters:
- Authentication Method = X.509 Client Certificate
- Trustworthiness Method = Holder of Key
- Issuer = <issuer from the root certificate>
- Name of Attester = <blank>
- Validity of SAML Assertion = 180
- Caching of SAML Assertions = False
- Attester System Destination = <blank>
- Name of Attester = <blank>
- User = SRxxxWS
- Password = <blank>
- Client PSE = OES
When I try to consume the web service, I can see in the log files that the CICS certificat is used for establishing the SSL connection but all I receive back is an HTTP 403 "Client Authentication Error". If I remove the CICS certificate from the PSE, the connection is not made.
How do I make the client certificate available for the connection? Have I approached the problem from the wrong side? Has anybody experienced something similar? Any help will be highly appreciated.
Thanks,
Bo
Hi,
I am not Certificate expert either but you can get plenty of help from "Security" forum on SDN. I can help you bit with some related SAP notes and forum answers:
See following notes :
1324884 - Analysis of ABAP Web Service SOA Configuration
1318906 - Trace analysis of SSL problems
1319507 - Overview: Analysis of ABAP Web Service Configuration
See this forum discussed about consuming secured ws in webdynbpro:
Articles:
Web Services Security Configuration Guide (discussed IBM and NW WS security but you can find some examples and hints there)
Regards,
Gourav
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.