- SAP Community
- Products and Technology
- Additional Q&A
- Consuming an External Web Service using HTTPS and ...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Consuming an External Web Service using HTTPS and WS Security
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 08-03-2011 3:30 PM
Hello everyone,
I'm having a problem setting the security information in a SOAP header using a generated ABAP Client Proxy to consume an external web service that requires a User ID and Password in the Header section of the SOAP message. I need to use HTTPS. I'm on a WAS 7.01 SP08 system so from my readings, SAP is supposed to be able to add the username and password into the header section of the message. I can't seem to get SAP to add this information added to the header.
Here are the steps that I have taken to set the security values.
1) Created the client proxy from the WSDL in SE80. Basic Authentication on the Configuration tab was turned on automatically.
Note, Transport Security is set to None. I cannot change it.
2) Created an outbound set user name profile in transaction WSPROFILE with the appropriate username and password.
3) Added the profile to the default port in transaction LPCONFIG as an outbound under the WS Security section of the screen.
When I called the external Web Service, I got back the following error message:
com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5509E: A security token whose type is [http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken] is required.
So, after reading through this Forum, I saw that I needed to use the SOAMANAGER. I set up a Proxy in the SOAMANAGER and manually created the Logical Port. This was the only way I could figure out how to set the Authentication Settings in the Logical Port to "User ID / Password". I then entered the User ID and Password.
However, I am still getting the same error message. I feel I am close but missing some small configuration to tell SAP to use WS Security with a Username token.
I'm not sure what I'm doing wrong, so any help would be appreciated.
Thanks,
Stephen
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I had this error again so I thought I would post my solution:
The issue is SAP needs to know the certificates being used by the web site being called. These certificates are automatically installed in your browser but need to be manually installed in SAP. This is what I did:
How to find/install new certificates
- Make sure you run Internet Explorer as an Administrator so you can export the certificates
- Go to the web site that SAP is trying to call in Internet Explorer
- Double click on the lock in the address bar
- View certificates
- Find the certificates that are being used
- Tools --> Internet Options --> Content --> Certificates
- Click on the “Trusted Root Certification Authorities” tab
- Find the certificate identified in step iii
- Export as a CER certificate
- Click on the “Intermediate Certification Authorities” tab
- Find the certificate identified in step iii
- Export as a CER certificate
- Go to STRUST in SAP
- Import the Certificates in the “Anonymous” or “Standard” SSL client
- Save
- RESTART the ICM via t-code SMICM <-- Critical!!!
- Test
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
What error did you get in SAP? Usually if you don't setup the certificates you should get an ICM_SSL error when testing the web service.
I usually start by setting up an HTTP RFC just to try the secure connection. Once it's works I then move to SOAMANAGER and continue testing. This is useful when setting up a WS against a new system as quite often the networks connections are closed and the RFC test report this.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi David;
When you say "setting up an HTTP RFC" connection, I think mean an entry in SM59. I didn't set one up. I used the consumer proxy setup in SOAMANAGER and tested with WSNAVIGATOR.
I was getting the following error message:
om.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5509E: A security token whose type is [http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken] is required.
Stephen
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Yes, in SM59 you can define an RFC with type HTTP.
Concerning WSNAVIGATOR, that tool, afaik, has nothing to do with your setup in SOAMANAGER. It will consume your webservice directly and not using your abap proxy. So the user and password will not be taken in to account.
To test the proxy just go to SE80, select the enterprise service where you defined the consumer proxy and then execute it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Supporting Multiple API Gateways with SAP API Management – using Azure API Management as example in Technology Blogs by SAP
- Working with SAFe Epics in the SAP Activate Discover phase in CRM and CX Blogs by SAP
- Improving Time Management in SAP S/4HANA Cloud: A GenAI Solution in Technology Blogs by SAP
- SAP HANA Cloud Vector Engine: Quick FAQ Reference in Technology Blogs by SAP
- What's new with Collaborative Maintenance? in Supply Chain Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.