on 08-10-2010 10:16 AM
Hi,
The PI system is PI 7.1 EHP1 SP4. I need to consume a third party web service. The WS is using Web Service Security with UsernameToken and Timestamp properties. The example consumer programs written with Apache Axis 2 but PI uses Apache Axis 1.4.
I have prepared the axis provider lib and deployed to PI system. The axis adapter test page told me axis adapter is ready with all mandatory and optional libraries. At this point what should i do for UsernameToken and Timestamp ?
Kind regards,
Altuğ Bayram
see Sap Note 1039369 for an example
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
The FAQ note is very complex. I found a SDN blog which is explaining it very simple. /people/pravesh.puria/blog/2009/08/26/adding-usernametoken-timestamp-in-soap-adapter-using-axis-framework You could have problem to see the pictures because wrong certificate issue. You should open one of the pictures in another browser and accept the certificate.
Anyway i applied teh blog but got the below error.
Axis: error in invocation: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
How can i import server certificate to the PI or Java stack?
Kind regards,
Altuğ Bayram
Hi Stefan
I arranged them as below and it gave me "Axis: error in invocation: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" error.
What is missing?
Kind regards,
Altuğ Bayram
1 AF_Adapters/axis/AFAdapterBean Local Enterprise Bean afreq
2 AF_Adapters/axis/HandlerBean Local Enterprise Bean xireq
3 AF_Adapters/axis/HandlerBean Local Enterprise Bean wssec
4 AF_Adapters/axis/HandlerBean Local Enterprise Bean trp
5 AF_Adapters/axis/HandlerBean Local Enterprise Bean xires
6 AF_Adapters/axis/AFAdapterBean Local Enterprise Bean afres
trp handler.type java:com.sap.aii.adapter.axis.ra.transport.http.HTTPSender
trp module.pivot true
wssec action UsernameToken Timestamp
wssec handler.type java:com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender
wssec passwordType PasswordDigest
wssec pwd.password yyyyyyyyyy
wssec user xxxxxxxxx
xireq handler.type java:com.sap.aii.axis.xi.XI30OutboundHandler
xires handler.type java:com.sap.aii.axis.xi.XI30OutboundHandler
try:
wssec passwordType PasswordText
See this page for reference:
Hi Stefan,
I tried but it didn't help. I tried also other parameters because it was advised by the third party WS privider.
trp handler.type java:com.sap.aii.adapter.axis.ra.transport.http.HTTPSender
trp module.pivot true
wssec action UsernameToken Timestamp
wssec addUTElement Nonce Created
wssec handler.type java:com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender
wssec password xxxxxxxxx
wssec passwordCallbackClass com.sap.aii.axis.security.DefaultPasswordCallbackHandler
wssec passwordType PasswordDigest
wssec pwd xxxxxxxxx
wssec pwd.password xxxxxxxxx
wssec user baskentedas
xireq handler.type java:com.sap.aii.axis.xi.XI30OutboundHandler
xires handler.type java:com.sap.aii.axis.xi.XI30OutboundHandler
I am getting "<SAP:AdditionalText>com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.lang.IllegalArgumentException: pwd == null but a password is needed</SAP:AdditionalText> " error.
But when i checked the message content in RWB i couldnt found any wsse:Security SOAP header. The WS provider told us the example SOAP message should have SOAP header as below
"<wsse:Security soapenv:mustUnderstand="true">"
"<wsu:Timestamp wsu:Id="Timestamp-27789929">"
Hi Altuğ,
I tried but it didn't help. I tried also other parameters because it was advised by the third party WS privider.
When someone tells you to do something without any explanation, it is wise not to blindly follow the advice.
As you can see in the error test, your original problem had something to do with the transport level security SSL.
You should make sure that your SSL connection is working (I suppose you intended to use SSL).
After fixing your SSL issue, revert the handler/module configuration. You had been mislead to change the configuration for no reason. Your latest error "pwd == null" says you have the broken parameter "pwd". "pwd" is the prefix to hide the password text in the configuration UI, so you can't just use it as a parameter as it is.
And also get rid of the passwordCallbackClass parameter.
If you want to test the module/handler configuration, I suggest you to send a message to some plain http port so that you can verify the message is correctly transmitted. RWB can only display a message at the messaging system and not at an adapter, so there is no point in using it.
Regards, Yza
> But when i checked the message content in RWB i couldnt found any wsse:Security SOAP header. The WS provider told us the example SOAP message should have SOAP header as below
You TCPGateway to check the real SOAP message:
/people/stefan.grube/blog/2007/03/29/troubleshooting-soap-http-and-mail-adapter-scenarios-with-tcpgateway
Check also ressources on Axis:
Hi Yza,
Thanks for advice. I have resolved the issue yesterday myself but the advice from third party WS provider was explained. It was lack of knowledge how to use them.
First, i detected that SAP JVM 1.5 doesnt have GlobalSign as trusted Certificate Issuer. I found InstallCert java source code on internet and generated a keystore for GlogalSign and deployed it to PI SAP JVM. That solved certificate issue.
Second, i have removed passwordCallbackClass etc but left the "addUTElement" as it is. But this time i got an error that says soapaction wasnt in SOAP header. When i set soapaction in ReceiverChannel, I could consume WS and get the response.
Thanks and Kind regards,
Altuğ Bayram
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.