cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

X.509 Web Service Authentication for ABAP AS Web Service Interaction

Former Member

on ‎01-31-2011 2:51 PM

0 Kudos

We are trying to use X.509 web service authentication with SAP Web AS ABAP between 2 different SAP installations. Company 1 is trying to consume a web service set up by Company 2.

Company 1 has installed Company 2's public key, generated the client proxy using Company 2's WSDL and created a corresponding lpconfig entry.

Then company 2 has set up the profile parameter ICM/HTTPS/verify_client to accept certificates and imported Company 1's SLL client certificate and mapped the user in USREXTID. Note that Company 1 uses self-signed certificates, so it does not have a root certificate, which is what the documentation says should be imported into the PSE instead of the SSL client certificate.

When Company 1 tries the web service call, it receives a request to authenticate the web service from Company 2. (basic authentication logon screen, even though the web service configuration is set to X.509 Client Certificate.

Should this work or is there a problem because Company 1 uses self-signed certificates or is there something else we are missing?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

former_member678355
Participant
‎06-14-2011 4:40 PM
0 Kudos

The error:

SRT: Unexpected failure in SOAP processing occurred: ("No Web service configuration for this access path: """)

turned out to be a bad URL parameter pass on our side. Once we got the parameters working, it ran.

Show replies
Show replies
Former Member
‎02-08-2011 12:08 PM
0 Kudos

Company 2 does use a load balancer, but the SSL is passed through to the SAP application servers.

We gave up on the X.509 authentication since we have a self-signed certificate and are already using it for connections to other companies.

So now company 2 has provided a user ID and password and switch back to basic user authentication. When I try the web service call now, I get the error

SRT: Unexpected failure in SOAP processing occurred: ("No Web service configuration for this access path: """)

We do not see any errors on our side. They are able to access the service internally. We have lpconfig set up to use SM59 and if we test the connection in SM59, and enter the user ID/password, we get the same error. I have not found any help on SDN for this message.

We are calling other external web services with no problems.

Thanks for any help.

Show replies
Show replies
Former Member
‎02-03-2011 2:13 PM
0 Kudos

Hi,

Do you have a Reverse Proxy (like SAP Web Dispatcher or Apache) in front of Company 2 system ?

If yes, where does the SSL connection end ?

Regards,

Olivier

Show replies
Show replies
Former Member
‎02-02-2011 7:04 AM
0 Kudos

--

Edited by: Gourav Khare on Feb 2, 2011 12:40 PM

Show replies
Show replies
Former Member
‎01-31-2011 3:14 PM
0 Kudos

> 

> We are trying to use X.509 web service authentication with SAP Web AS ABAP between 2 different SAP installations. Company 1 is trying to consume a web service set up by Company 2.
> 
> Company 1 has installed Company 2's public key, generated the client proxy using Company 2's WSDL and created a corresponding lpconfig entry.
> 
> Then company 2 has set up the profile parameter ICM/HTTPS/verify_client to accept certificates and imported Company 1's SLL client certificate and mapped the user in USREXTID.  Note that Company 1 uses self-signed certificates, so it does not have a root certificate, which is what the documentation says should be imported into the PSE instead of the SSL client certificate.
> 
> When Company 1 tries the web service call, it receives a request to authenticate the web service from Company 2. (basic authentication logon screen, even though the web service configuration is set to X.509 Client Certificate.
> 
> Should this work or is there a problem because Company 1 uses self-signed certificates or is there something else we are missing?

I think that the problem is in Service Authentication (in transaction sicf). You have to consume web-service, transmitting user-password for access.

Show replies
Show replies
Ask a Question