cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Soap ---to ----file scenario

Go to solution
Former Member

on ‎01-05-2011 7:54 AM

0 Kudos

Hi All,

i have done Soap ---to -

file scenario scenario, in the HTTP security level( with HTTP)i am able to do,and

with HTTP security levevel(with the option HTTPS without client authenticatin,here i have enabled selelect security profile option) i am able to do

but here my problem is with HTTP security levevel(with the option HTTPS with client authenticatin,here i have enabled selelect security profile option) i am not able to do

I would request you all,could you please explain the difference between HTTPS without client authenticatin and HTTPS with client authenticatin

Thanks,

AVR

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-05-2011 11:03 AM
0 Kudos

Hi,

HTTPS without Client Authentication:

When you use SOAP Sender, SAP PI is the server and client sends SOAP Request over HTTPs. Now here PI (Server) receives the request which is secured(encrypted) but doesn't require the client to authenticate itself. So SOAP client may or may not send client certificate but server(PI) doesn't complain.

HTTPS with Client Authentication:

Same as above but here SAP PI will also require a client certificate so that it can authenticate the sender of the message. If this is not sent from the client side then SAP PI would throw an Authentication exception. Hope this clarifies the difference.

Best Regards,

Pratik

Show replies
Show replies
Former Member
‎01-06-2011 4:49 AM
0 Kudos

Hi pratik,

Please find the below scenario

R/3---->client PI

>Server PI---->File

Here client PI will send the data to server PI through the HTTPS.And some encryption/decryption techniques we are using.

while sending the data from client PI,client PI will sign and encrypt by enabling the select security profile at client PI end.

But at server PI without applying the decryption and validate option (without enabling the select security profile option), server PI able to receiving the data.

As per my knowledge client PI applying th e message security,but at server PI end, without applying the message security,server PI receiving the data.

what could be the reason.

Thanks in advance,

AVR

Former Member
‎01-06-2011 5:33 AM
0 Kudos

Hi,

If the server PI is not configured for checking the authentication...then

It doesnt matter if client is sending the data with authentication or withoout authentication.. thtas why in your case the server

PI is accepting with or without authentication.

If server PI should not receive the data if no authentication then enable security at receiver also..

Babu

Former Member
‎01-06-2011 6:15 AM
0 Kudos

Hi Babu,

while sending the data from client PI,client PI will sign and encrypt by enabling the select security profile at client PI end.

But at server PI without applying the decryption and validate option (without enabling the select security profile option), server PI able to receiving the data.

Means is it possible to receive the data without enabling the decrypt/validate option at server PI?

Thanks in advance

AVR

Former Member
‎01-06-2011 6:23 AM
0 Kudos

Hi Babu,

while sending the data from client PI,client PI will sign and encrypt by enabling the select security profile at client PI end.

But at server PI without applying the decryption and validate option (without enabling the select security profile option), server PI able to receiving the data.

Means is it possible to receive the data without enabling the decrypt/validate option at server PI?

Thanks in advance

AVR

Former Member
‎01-06-2011 8:59 AM
0 Kudos

Hi Babu,

Any inputs for the below query,

while sending the data from client PI,client PI will sign and encrypt by enabling the select security profile at client PI end.

But at server PI without applying the decryption and validate option (without enabling the select security profile option), server PI able to receiving the data.

Means is it possible to receive the data without enabling the decrypt/validate option at server PI?

Thanks in advance

AVR

Former Member
‎01-10-2011 10:34 AM
0 Kudos

Hi,

See first try to understand the difference between SSL(HTTPS) and WSSecurity. Initially what you mentioned was to use HTTPS with(out) client Authentication. This is transport level security and when you choose With client Authentication until the client sends the client certificate and server validates it as trusted, SAP PI (or the Java WS) will throw an exception and data cannot be received.

But when you try to configure a scenario with Message Level security (WS or SMIME), you are enrypting and/or signing the message content and we are not referring to transport layer security. So what this means is that your content would be encrypted by whatever public key you choose and this content would be sent to the Server PI. At Server PI if you don't want to perform a mapping or modify the content, PI would accept it as binary message without any problems as it is still a valid message with base 64 encoded encrypted data .But if you want to send the actual unencrypted message to the file then you need to decrypt the encrpted message with the Private Key before forwarding it to file.

Hope this explains the scenario to you.

Best Regards,

Pratik

Edited by: pratik_du on Jan 10, 2011 11:35 AM

baskar_gopalakrishnan2
Active Contributor
‎01-10-2011 5:02 PM
0 Kudos

>>> Means is it possible to receive the data without enabling the decrypt/validate option at server PI?

Are you using transport level security or message level security? Looks like you do Message level security.

Yes, it is possible to receive the data without decrypt or validate the message. But you are violating the security purpose.

Note: if you use only digital signing then signing at the request side and not validating while receiving would not cause any problem. but your purpose of using digital signature is not fully utilized for the security purpose. You can still view the content of the data.

if you use message encryption and encrypt the message. You can still receive the message but your message needs to be decrytped to view the content . otherwise no use even after recving it.

Hope you understand.

Answers (3)

Answers (3)

Former Member
‎08-08-2011 1:11 PM
0 Kudos

hi all,

thanks alot,solved my problem.

Thanks & Regards,

AVR

Show replies
Show replies
baskar_gopalakrishnan2
Active Contributor
‎01-05-2011 9:30 PM
0 Kudos

>> please explain the difference between HTTPS without client authenticatin and HTTPS with client authenticatin

Difference between HTTP and HTTPS (SSL)

HTTP is Hyper Text Transport Protocol and normal port is 8080. HTTPS (over secured socket layer) and the port number is different from HTTP and port is 443.

HTTPS without Client authentication:

HTTPS means secured in transport level (communication level) but no need of client authentication. (In your case)The soap sender does not expect certificate authentication from the soap client.

HTTPS with Client Authentication:

The soap sender expects certificate authentication from the soap client for accepting the message. Otherwise we get Authentication error.

Hope I answered your question.

Show replies
Show replies
srikanth_srinivasan3
Active Participant
‎01-05-2011 8:50 AM
0 Kudos

HTTPS Without Client Authentication:

Just establishes SSL connectivity. Authentication will have to be achieved using User ID/Password at Transport channel level (SOAP) or Messgae level (WS).

HTTPS with Client Authentication:

Establishes SSL connectivity & enables your Sender-PI connectivity for a certificate based authenticaiton mechanism.

-

Srikanth Srinivasan

Show replies
Show replies
Ask a Question