cancel
Showing results for 
Search instead for 
Did you mean: 

Another ME 6.0 Webservice Authorization Problem

Former Member
0 Kudos

Hello,

in ME 5.2 on NetWeaver 7.1 it was possible to go to NWA's SOAP Single Service Administration and activate the "User ID/Passwort" for "HTTP Authentication" AND for "Message Authentication". Afterwards you may call the webservice with either HTTP Basic Authentication or SOAP Authentication.

SOAP Authentication Example

<soapenv:Envelope xmlns:me="http://sap.com/xi/ME" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken wsu:Id="UsernameToken-35" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>ME_INTEGRATOR_USER</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">MyPassword</wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">r9ccFMjiZgrvpfsqTIceig==</wsse:Nonce>
        <wsu:Created>2011-10-26T13:12:06.268Z</wsu:Created>
      </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
  ...

In ME 6.0 on NetWeaver 7.3 this seems to be no longer possible. NetWeaver sends an HTML error page indicating an "401 Unauthorized" error.

@ME Developers: Have you changed something? What has to be done to make it work again?

Please don't tell me just to use the Basic Authentication. It is not possible to change the HTTP Header in an Adobe Flex Application. The Browser does not allow it. We have to use the SOAP Authentication.

Best regards,

Martin

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Citing SAP Note #1654434:

'An issue was found whereby the security declarations in ME's web

services applications (standard web services, ERP web services,

and audit web services) was interfering with the web service

security configuration within those applications.  The issue

resulted in web service clients having to send credentials via

HTTP Basic Authentication regardless of the web service security

settings.  The declarative security (consisting of inserting an

ME login module and requiring HTTP Basic Authentication) was

removed.  The web services are still secured via NetWeaver's web

service security configuration and still defaults to HTTP Basic

Authentication over HTTPS.'

So, ME 6.0.2.2 resolved this problem.

Answers (0)