cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

com.seeburger.ksm.cryptoapi.exception.CryptoApiException in Seeburger AS2

Go to solution
Former Member

on ‎08-04-2010 9:15 PM

0 Kudos

Hi Experts ,

I am facing some very weird issue of getting below error whenever I try to enable the Encryption in my Receiver AS2 Seeburger Adapter :

Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.

But the moment I send data without signing and encryption it goes well. We have tried placing certificates in receiver agreement and in key store.

Thanks

Abhishek

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-05-2010 8:51 PM
0 Kudos

Prateek ,

Thanks we were able to identify the user to be mentioned but now we are facing below error while using certificates with SH1withRSA Encryption and in receiver channel Encryption algorithm as 3DES :

Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm.

The problem doesnt ends here ... while our partner trying to send us data to the URL we have provided its getting 403 Forbidden Error. We have tried resolving the steps which were given in manual but again the sxase is same.

URL : http://server:port/SeeburgerAS2/AS2Server

Any inputs if you can provide on the above 2 errors .

Thanks

Abhishek

Show replies
Show replies
Former Member
‎08-05-2010 9:09 PM
0 Kudos

Abhishek,

This is a key related issue, please check the security jar files. You might be required to download the latest version. Check with your basis team, they should be able to verify this.

Regards,

Neetesh

Former Member
‎08-05-2010 9:28 PM
0 Kudos

Abhishek,

All you have to do is ask your Basis contact to have max java Cryptography on the server...because PI 7.1 will need higher cryptography...because the algorithms or scripts on AS2 adapter have changed on Seeburger side...I'm not sure if Seeburger is supporting EHP1 yet...it might be supporting so you need to ask them if they have any hot fixes in place for PI EHP1...because "bouncycastle" indicates either you are on low java cryptography or need a hot fix patch from seeburger if on newer version (as is in your case)...

Thanks,

Srinivas

Former Member
‎08-05-2010 9:31 PM
0 Kudos

Also check if you have generated the SSL certificate after installing EHP1...and if your partner is not using the old cert...

Former Member
‎08-05-2010 9:42 PM
0 Kudos

Hi Neetesh/Srinivas ,

Thanks. I will try to get this clarified with our Basis contact and would be great if you can forward me the link which provdes the anme of all jars to be required which I can provide it to Basis.

Thanks

Abhishek

prateek
Active Contributor
‎08-06-2010 9:44 AM
0 Kudos

CMSException: key inappropriate for algorithm.

Either the certificate imported in incorrect or the communication channel parameters doesn't comply with the certificate. Ask the client about the encryption algo to be used.

The problem doesnt ends here ... while our partner trying to send us data to the URL we have provided its getting 403 Forbidden Error

This is not related to your "key inappropriate for algorithm" problem. So basically you have two problems to solve. Check for the steps to resolve 403 error:

/people/milan.thaker/blog/2009/08/31/403-forbidden-error-in-a-secured-b2b-edi-xi-connection

@Srinivas

I'm not sure if Seeburger is supporting EHP1 yet...

It is supported. I am sure

it might be supporting so you need to ask them if they have any hot fixes in place for PI EHP1

There is no hot fix. You have to use Seeburger 2.1x version.

Regards,

Prateek

Former Member
‎08-06-2010 2:26 PM
0 Kudos

Prateek,

Thanks. We checked with the partner and as per them we are configuring the Encrypt as 3DES but still getting the same error. I saw many posts which talk about checking the jar files for seeburger AS2 adapter. Could you please provide the names of those jars or any link to document which contains that jar files name for SAP PI 7.1 seeburger installation. Thanks for your reponse.

Thanks

Abhishek

prateek
Active Contributor
‎08-06-2010 6:29 PM
0 Kudos

Open the SeeMasterInstallationGuide available with the Seeburger installation CD and goto section "Java Cryptography Extension". Install this JCE as per the steps mentioned in the guide.

Note that this is not AS2 specific. It is generic to all Seeburger communication.

Regards,

Prateek

Former Member
‎08-09-2010 2:40 PM
0 Kudos

Prateek,

Thanks again. We asked our Basis and they installed the latest Crypto files into our PI 7.1 EHP1 Server. But again we are facing the same bouncycastle exception. We are nowhere able to find the resolution for this kind of exception. Can you please provide us the names of the jars which are required for this version of PI.

Error : Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm.

When we searched for this error it talks about some Secured Jars to be present. We also provided all the permissions to the policy files.

Thanks

Abhishek

Former Member
‎08-10-2010 8:12 PM
0 Kudos

Hi

please follow the below steps to solve the AS2 Crypto problem

Download the ZIp file from the below url

http://java.sun.com/javase/downloads/index_jdk5.jsp > Other Downloads > Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0.

Copy the local_policy.jar and US_export_policy.jar from the ZIp file and paste it in the following locations

C:\Program Files\Java\jdk1.5.0_21\jre\lib\security

D:\usr\sap\SID\DVEBMGS00\exe\sapjvm_5\jre\lib\security

D:\usr\sap\SID\DVEBMGS00\j2ee\JSPM\sapjvm\jre\lib\security

D:\usr\sap\SID\SYS\exe\jvm\NTAMD64\sapjvm_5.1.052\sapjvm_5\jre\lib\security

Restart the Java Engine.

Thanks

Kiran Nekkanti

Former Member
‎08-10-2010 9:50 PM
0 Kudos

Thanks Kiran and Prateek. The issue is resolved now with your inputs.

Answers (3)

Answers (3)

Former Member
‎01-31-2011 6:11 PM
0 Kudos

HI,

My apologies! I really didn´t see that there is a second page on this thread history. Just when I asked for the solution I perceived the second page.

Regards!

Rodrigo Aoki

Show replies
Show replies
Former Member
‎01-31-2011 6:04 PM
0 Kudos

Hello,

How do you resolve the bouncycastle key inappropriate error?

SEEBURGER AS2: AS2 Adapter failure \# java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm.

I update the JVM to 5.1.059 and checked the JCE files but the error persists (similar to the last post).

Regards,

Rodrigo Aoki

SAP Basis

Show replies
Show replies
Former Member
‎08-04-2010 10:01 PM
0 Kudos

Hi,

Make sure that the user provided exists, is correct and is not locked. Also recheck the authentication certificate settings.

Regards,

Neetesh

Show replies
Show replies
Former Member
‎08-04-2010 10:21 PM
0 Kudos

Hi,

Where I have to check weather the user has got locked. Either in SU01 or the java stack. I can see there is no user locked and whiich user Seeburger AS2 adapter using.

Thanks

Abhishek

Former Member
‎08-04-2010 10:22 PM
0 Kudos

Hi,

Also in our Receiver Seeburger adapter we are not mentioning any user id password as we are using Encryption.

Do we mandatory require any User ID , password and realm for basic authorization ?

Thanks

Abhishek

prateek
Active Contributor
‎08-05-2010 7:52 AM
0 Kudos

You haven't mentioned your PI version. If you have Visual Admin, then navigate to Connector Container service -> Connector and goto seeburger.com/com.seeburger.xi.AS2. There you need to provide Seeburger username and password. The username should have SAP_J2EE_ADMIN authorization.

Regards,

Prateek

Former Member
‎08-05-2010 2:30 PM
0 Kudos

Prateek ,

Thanks. Our PI version is 7.1 and upgraded to EPH1 recently. The Seeburger AS2 adapter are of version 7.1 . What will be navigation path to mention the same in nwa .

Thanks & Regards,

Abhishek

Ask a Question