on 10-26-2011 2:37 PM
Hello,
in ME 5.2 on NetWeaver 7.1 it was possible to go to NWA's SOAP Single Service Administration and activate the "User ID/Passwort" for "HTTP Authentication" AND for "Message Authentication". Afterwards you may call the webservice with either HTTP Basic Authentication or SOAP Authentication.
SOAP Authentication Example
<soapenv:Envelope xmlns:me="http://sap.com/xi/ME" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-35" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>ME_INTEGRATOR_USER</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">MyPassword</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">r9ccFMjiZgrvpfsqTIceig==</wsse:Nonce>
<wsu:Created>2011-10-26T13:12:06.268Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
...
In ME 6.0 on NetWeaver 7.3 this seems to be no longer possible. NetWeaver sends an HTML error page indicating an "401 Unauthorized" error.
@ME Developers: Have you changed something? What has to be done to make it work again?
Please don't tell me just to use the Basic Authentication. It is not possible to change the HTTP Header in an Adobe Flex Application. The Browser does not allow it. We have to use the SOAP Authentication.
Best regards,
Martin
Citing SAP Note #1654434:
'An issue was found whereby the security declarations in ME's web
services applications (standard web services, ERP web services,
and audit web services) was interfering with the web service
security configuration within those applications. The issue
resulted in web service clients having to send credentials via
HTTP Basic Authentication regardless of the web service security
settings. The declarative security (consisting of inserting an
ME login module and requiring HTTP Basic Authentication) was
removed. The web services are still secured via NetWeaver's web
service security configuration and still defaults to HTTP Basic
Authentication over HTTPS.'
So, ME 6.0.2.2 resolved this problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
7 | |
6 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.