07-13-2011 5:39 PM
Hi,
We are using ECC with SAP_ABA 6.40 and are consuming Webservices from a external party. This always worked except now this external party is using the UsernameToken security profile in the SOAP header for authentication. Basicly this means the following addon to the SOAP header message in our outbound message:
<soapenv:Header>
<soapenv:Security>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>####</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">####</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
We are using a Logical Port to define the end-point URL from the external party and add a WS Security profile to the available soap methods in LPCONFIG.
In this WS Security Profile we added the requested username and password in the hope this will be automaticle be added in the header of the SOAP envelope.
Unfortunally the request of our WS Response is as follow: "SoapFaultCode:4 Anonymous access is denied for the method". This means that the security header is not correct or not available.
Does anyone have a idea of our version of SAP supports the UsernameToken profile? And how can we configure our webservice to add the right header to the request?
Thanks in advance!
Best regards,
Joost Weghorst
07-14-2011 12:46 AM
Hi,
I guess that you request username/password on transport level. So the system tries to authenticate using HTTP header. You need to switch to document level (message level). In this case it should add additional fields to SOAP header.
Cheers
07-14-2011 9:49 AM
Hi Martin,
Yes we do need the authentication on SOAP level and not on HTML level. Could you tell me where i can configure the authentication on SOAP level.
Currently we fixed the problem by programming the header within the ABAP program, this solved our problem!.
05-30-2013 3:27 PM
10-27-2014 8:19 AM
Hi Joost,
Can you please let us know how you solved this above problem.
Currently i am facing the similar kind of issue when trying to implement the SOAP header authentication.
Please kindly let me know how you solved this above issue.
My Issue details as below :
We are trying to write SOAP Header Authentication to an consuming web service.
In This process we are facing a SOAP exception, which is as mentioned below :
Code : SoapFaultCode:4
Errortext : NOT_LOGGED_IN
This same peace of code which we have written is tested in the SOAP UI tool - here its executing perfectly fine.
Where as when i try to execute the same code through the sap, i am finding the above EXCEPTION.
Please find my below the code which i am trying to execute.
*****************************************************************************************************************************************************************
METHOD call_op.
DATA: lo_avail TYPE REF TO zop_co_op_oms_integrationport,
go TYPE REF TO zop_co_op_oms_integrationport,
lo_cx_ai_system_fault TYPE REF TO cx_ai_system_fault,
lo_cx_oms_excep TYPE REF TO zop_cx_oms_generic_order_excep,
lo_cx_ai_application_fault TYPE REF TO cx_ai_application_fault.
DATA: ls_request TYPE zop_oms_generic_order,
ls_response TYPE zop_oms_generic_order_respon12,
ls_header TYPE zop_response_header.
DATA: ls_inq1 TYPE zop_response,
lt_inq1 TYPE zop_response_t.
DATA: ls_inq2 TYPE zop_response,
lt_inq2 TYPE zop_response_t.
DATA: ls_inq3 TYPE zop_response,
lt_inq3 TYPE zop_response_t.
DATA: lv_skip(1) TYPE c.
* Build Request
CLEAR lv_skip.
if sy-tcode = 'VA11' or sy-tcode = 'VA12' or sy-tcode = 'VA13'.
if ( im_transaction_type = 'CANCEL' and im_change_type = 'CANCEL' ) or im_transaction_type = 'SAVE'
or ( im_transaction_type = 'CHANGE' and im_change_type = 'CANCEL' ) .
exit.
endif.
im_transaction_type = 'INQUIRY'.
im_change_type = 'ADD' .
endif.
CALL METHOD build_request
EXPORTING
im_transaction_type = im_transaction_type
im_change_type = im_change_type
im_atpdoc = im_atpdoc
im_opid = im_opid
im_vbeln = im_vbeln
im_trtyp = im_trtyp
im_itmsplt = im_itmsplt
im_filtplcy = im_filtplcy
im_sortplcy = im_sortplcy
is_kuwev = is_kuwev
is_vbak = is_vbak
is_vbpa = is_vbpa
is_atpcfg = is_atpcfg
it_mverf = it_mverf
it_mverf_header = it_mverf_header
im_promplcy = im_promplcy
im_promplcyused = im_promplcyused
im_mansched = im_mansched
IMPORTING
es_input = ls_request
ev_skip = lv_skip.
****************************** Soap Header Authentication *********************************************
DATA: lo_prot TYPE REF TO if_wsprotocol_ws_header,
user TYPE string ,
password TYPE string.
DATA: ixml TYPE REF TO if_ixml,
xml_document TYPE REF TO if_ixml_document,
xml_root TYPE REF TO if_ixml_element,
xml_element TYPE REF TO if_ixml_element,
xml_node TYPE REF TO if_ixml_node.
DATA: lv_raw TYPE string,
lv_x TYPE xstring,
name TYPE string,
namespace TYPE string.
* create instance
* CREATE OBJECT go
* exporting
* logical_port_name = 'OP_OMS_PORT'.
CREATE OBJECT go."go is a reference to your abap proxy
data: lr type REF TO if_proxy_basis.
lr = go.
lo_prot ?= go->get_protocol( if_wsprotocol=>ws_header )."
user = 'System'.
password = 'password'.
CONCATENATE
'<soapenv:Header>'
'<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">'
'<wsse:UsernameToken>'
'<wsse:Username>System</wsse:Username>'
'<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>'
'</wsse:UsernameToken>'
'</wsse:Security>'
'</soapenv:Header>'
INTO lv_raw.
* '</soapenv:Envelope>'
* '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:op="http://www.i2.com/OP_OMS_INTEGRATION">'
* 'xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"'
* 'xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">'
*'<soapenv:Header>'
*
*'<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"'
*'xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"'
* CONCATENATE
* '<soapenv:Header>'
* '<wsse:Security xmlns:wsse="http://www.i2.com/OP_OMS_INTEGRATION"'
* 'xmlns:wsu="http://www.i2.com/OP_OMS_INTEGRATION"'
* 'xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">'
* '<wsse:UsernameToken>'
* '<wsse:Username>' user '</wsse:Username>'
* '<wsse:Password>' password '</wsse:Password>'
**'<wsse:Nonce>' XXXXX'</wsse:Nonce>'
**'<wsu:Created>' XXXXX '</wsu:Created>'
* '</wsse:UsernameToken>'
* '</wsse:Security>'
* '</soapenv:Header>'
* INTO lv_raw.
* CONCATENATE
* '<soap:Header>'
* '<AuthenticationInfo xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">'
* '<userName>' user '</userName>'
* '<password>' password '</password>'
* '</AuthenticationInfo>'
* '</soap:Header>' INTO lv_raw.
lv_x = cl_proxy_service=>cstring2xstring( lv_raw ).
CALL FUNCTION 'SDIXML_XML_TO_DOM'
EXPORTING
xml = lv_x
IMPORTING
document = xml_document
EXCEPTIONS
invalid_input = 1
OTHERS = 2.
IF sy-subrc = 0 AND NOT xml_document IS INITIAL.
xml_root = xml_document->get_root_element( ).
xml_element ?= xml_root->get_first_child( ).
*add header element by element to soap header
WHILE NOT xml_element IS INITIAL.
name = xml_element->get_name( ).
namespace = xml_element->get_namespace_uri( ).
lo_prot->set_request_header( name = name namespace =
namespace dom = xml_element ).
xml_element ?= xml_element->get_next( ).
ENDWHILE.
ENDIF.
****************************** Soap Header Authentication *********************************************
CREATE OBJECT lo_avail.
TRY.
CALL METHOD lo_avail->oms_generic_order
EXPORTING
input = ls_request
IMPORTING
output = ls_response.
CATCH cx_ai_system_fault INTO lo_cx_ai_system_fault.
CATCH zop_cx_oms_generic_order_excep INTO lo_cx_oms_excep .
CATCH cx_ai_application_fault INTO lo_cx_ai_application_fault.
ENDTRY.
IF lv_skip IS INITIAL.
CLEAR gv_error.
IF lo_cx_ai_system_fault IS NOT INITIAL.
MESSAGE lo_cx_ai_system_fault->errortext TYPE 'I'.
gv_error = 'X'.
ENDIF.
IF lo_cx_oms_excep IS NOT INITIAL.
IF im_transaction_type NE c_cancel.
IF lo_cx_oms_excep->error_description IS NOT INITIAL.
MESSAGE lo_cx_oms_excep->error_description TYPE 'I'.
gv_error = 'X'.
ELSEIF lo_cx_oms_excep->status = 'Error'.
* gv_error = 'X'.
ENDIF.
ENDIF.
ENDIF.
IF lo_cx_ai_application_fault IS NOT INITIAL.
gv_error = 'X'.
ENDIF.
CLEAR ex_error.
IF gv_error IS NOT INITIAL.
MESSAGE 'Error calling OP Engine' TYPE 'I'.
ex_error = 'X'.
ENDIF.
ELSE.
CLEAR ex_error.
ENDIF.
FREE lo_avail.
* DATA: lv_id TYPE indx-srtfd.
* CONCATENATE sy-datum sy-uzeit INTO lv_id.
* EXPORT ls_request FROM ls_request
* ls_response FROM ls_response
* TO DATABASE indx(op) ID lv_id.
REFRESH: lt_inq1, lt_inq2, lt_inq3.
IF lv_skip IS INITIAL.
* Build response structures
CALL METHOD build_response
EXPORTING
is_request = ls_request
is_response = ls_response
it_mverf = it_mverf
IMPORTING
es_header = ls_header
et_inq1 = lt_inq1[]
et_inq2 = lt_inq2[]
et_inq3 = lt_inq3[].
es_header = ls_header.
et_inq1[] = lt_inq1[].
et_inq2[] = lt_inq2[].
et_inq3[] = lt_inq3[].
ELSE.
DATA: ls_mverf_header TYPE hv03v.
READ TABLE it_mverf_header INTO ls_mverf_header INDEX 1.
LOOP AT gt_inq1 INTO gs_inq1 WHERE source = ls_mverf_header-werks and promitem = ls_mverf_header-matnr.
gs_inq1-werks = gs_inq1-source.
APPEND gs_inq1 TO lt_inq1.
ENDLOOP.
loop at gt_multiple_plant into gs_multiple_plant.
read table gt_atpdoc into gs_atpdoc with key posnr = gs_multiple_plant-split_posnr.
if sy-subrc ne 0.
clear gs_atpdoc.
gs_atpdoc-atpdoc = gv_atpdoc.
gs_atpdoc-posnr = gs_multiple_plant-split_posnr.
gs_atpdoc-updkz = 'I'..
append gs_atpdoc to gt_atpdoc.
endif.
endloop.
et_inq1[] = lt_inq1[].
ev_skip = lv_skip.
ENDIF.
ENDMETHOD. "call_op
**************************************************************************************************************
Please kindly let me know how you solved this above issue.
Warm Regards,
Vinay.K