Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Username Token with digest password on AS ABAP

Go to solution
Former Member

‎09-24-2010 1:10 PM

0 Kudos

Hi security experts,

I have set up a web service on my ECC with username Token security. Here is my SOAP header :

<soapenv:Header xmlns:bus="xxxxxx">

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsse:Username>myUser</wsse:Username>

<wsse:Password>myPassword</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soapenv:Header>

-> This is working fine.

As mentionned in the WS-Security standard, we can also use the digest password authentication :

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf

So it seems possible to use it with web service calls on AS ABAP, can someone confirm ?

I have then tried to do so, with the following SOAP header :

<soapenv:Header xmlns:bus="xxxxx">

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsse:Username>myUser</wsse:Username>

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">myHashedPassword</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soapenv:Header>

-> This is not working, I have a "login failed" error, as if the password was not correct.

I have used the following steps to generate my password :

CALCULATE_HASH_FOR_RAW

then

SCMS_BASE64_ENCODE

as per the following thread :

Has someone a detailed procedure on how I can handle digest passwords in AS ABAP 7.0 ?

Many thanks,

Best regards,

GL

1 ACCEPTED SOLUTION

Go to solution
martin_voros
Active Contributor

‎09-25-2010 2:15 PM

0 Kudos

Hi,

unfortunately, it looks like it's not supported. First, from this [doco|http://help.sap.com/saphelp_nw70/helpdata/EN/47/23fc6d9a0b2debe10000000a1553f7/frameset.htm] it looks to me that only Java stack supports this option. I looked for corresponding code in ABAP and I found class CL_WS_SECURITY_PROFILE. This class has a method called VERIFY_USERNAME_TOKEN which performs a check of security data passed in SOAP header. From this method you can see that it does not support password digest. Just search for code 


* cannot handle digest password
  if security_part->username_token-password-type =
                                               CO_TYPE_PASSWORD_DIGEST.
    CALL METHOD me->raise_exception
      EXPORTING
         faultcode       = 'FailedAuthentication'           "#EC NOTEXT
*        detail          =
         code            =  tsoap_fc_server
         reason_text     = 'Password digest not supported'
         reason_language = 'E'.
  endif.

Cheers

4 REPLIES 4

Go to solution
martin_voros
Active Contributor

‎09-25-2010 2:15 PM

0 Kudos

Hi,

unfortunately, it looks like it's not supported. First, from this [doco|http://help.sap.com/saphelp_nw70/helpdata/EN/47/23fc6d9a0b2debe10000000a1553f7/frameset.htm] it looks to me that only Java stack supports this option. I looked for corresponding code in ABAP and I found class CL_WS_SECURITY_PROFILE. This class has a method called VERIFY_USERNAME_TOKEN which performs a check of security data passed in SOAP header. From this method you can see that it does not support password digest. Just search for code 


* cannot handle digest password
  if security_part->username_token-password-type =
                                               CO_TYPE_PASSWORD_DIGEST.
    CALL METHOD me->raise_exception
      EXPORTING
         faultcode       = 'FailedAuthentication'           "#EC NOTEXT
*        detail          =
         code            =  tsoap_fc_server
         reason_text     = 'Password digest not supported'
         reason_language = 'E'.
  endif.

Cheers

Go to solution
Former Member
In response to martin_voros

‎10-04-2010 1:19 PM

0 Kudos

Thank you Martin for your answer, I think I will open an OSS message to have a confirmation from SAP but indeed, according to your information, it does not seem possible.

Go to solution
gunnlaugurth_einarsson
Participant

‎10-08-2010 6:23 PM

0 Kudos

How did to you config the proxy, logical port and wss profile.

I have set the proxy to basic authentication. The logical port / operation is assigned to a wss profile, and the profile is a simple username / timestamp.

But I am not able to get the wss security into the xml request.

Regards,

GTE

Go to solution
jan_dahl
Explorer
In response to gunnlaugurth_einarsson

‎07-08-2013 7:38 AM

0 Kudos

The same here. In the SOA Manager at the logical port I set "Consumer Security" to User ID/Password. At the proxy configuration I set Authentication level to Basic. I did not set up any "Operation specific" at the logical port.

Nothing changed in my SOAP request. Is there a main switch I missed?

We are running NW7.0 EHP1

Thanks for any help,

Jan