cancel
Showing results for 
Search instead for 
Did you mean: 

issues decrypting en Receiver SOAP COMM CHANNEL

0 Kudos

Hi expert.

I'm developping a synchronous interface in SAP PI 7.1 in order to consume one web service.

To do that, the web service needs one certificate to sing and encrypt the info. It's working fine and the web service is sending back to PI the response xml.

The problem is that the respose xml file is encrypted and I need to decrypt it.

Then, I configure the "Security proceduce (Response) = Decrypt" in Receiver Agreement and choosed the same certificate to sing and encrypt.

When test the whole interface via SoapUI, the interface doesn´t work.

The issue is raising in decrypt part:

com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte[], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[], CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: No SecurityTokenReference was found in the xenc:EncryptedKey/KeyInfo/SecurityTokenReference/KeyIdentifier element.

Any idea????

Thanks in advance.

Accepted Solutions (0)

Answers (4)

Answers (4)

0 Kudos

Hi,

Thanks Udo for your anwser, but... I'm not testing directly the EXTERNAL webService in SoapUI. I'm testing my own service. I mean, I developed an interface in PI and generated the wsdl. That wsdl I'm testing with SoapUI.

So, in order to consume the EXTERNAL webService, I'm using a receiver SOAP com channel. In that, if I dissable "Security proceduce (Response) = Decrypt" and execute MY OWN wsdl, I can see the encrypted message that EXTERNAL webService is sending to PI.

Then, if I active the option "Security proceduce (Response) = Decrypt", because I need to decrypt the payload, the error is raising:

com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[, CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: http://ASJ.wssec.030187 No SecurityTokenReference was found in the xenc:EncryptedKey/KeyInfo/SecurityTokenReference/KeyIdentifier element.

The KeyIdentifier element is and optional element and I don't know why PI is checking that.

Is it posibble to configure "Security proceduce (Response)" anywhere??

Thanks a lot

0 Kudos

Hi.

First of all, Oi should be SoapUI, sorry!!!

Udo, YES, the webservice is https. This is the url: "https://intermediacionpp.redsara.es/AEAT/services/CorrientePago" that I'm using to consume the web service

When I test the url in a browser, the result is "cannot see the web page"

Regarding the last question, YES, is I changed Agreement, the encrypted xml can be seen in SoapUI.

Thanks a lot

udo_martens
Active Contributor
0 Kudos

Hi,

The test in SOAP UI does not work because the url is unknown. The host is either wrong spelled or behind a firewall or only in a other network. As long as you cannot ping the host the test is senseless.

You can ask the owner for the certificate or you can download it from a calling browser. Of course only if can access the host

Finally you have to install the certificate to trusted CAs (Java stack).

> I changed Agreement, the encrypted xml can be seen in SoapUI.

I do not get that:

If you change an agreement you change the process PI -> WebServer -> PI

If you test with SOAP UI you test: SOAP UI -> WebServer -> SOAP UI

From my point of view these two processes are not associated in any form...

Regards,

Udo

0 Kudos

Hi again.

Thanks Udo for your anwser. And yes!!!! sorry for the mistake!!!! The word is SIGN instead of sing.

Regarding to test the service in a browser (google chrome), I tried that but didn't work. But I think that the service is working fine because if I disabled in Receiver Agreement "Security Procedure (Response)", the interface in Oi is working fine and I can see the response encrypted xml in soapUI.

So i think that the problem is that the web service is sending me the xml without "xenc:EncryptedKey/KeyInfo/SecurityTokenReference/KeyIdentifier element"

Is it possible to configure which elements are to be checked in "Security Procedure (Response)"

Thanks a lot

udo_martens
Active Contributor
0 Kudos

Hi,

again: Are you going to test a https webservice (what is called as well SSL encrypted)?

Can you explain what exactly is the behaviour if you test the url in a browser? (of course it will not "work")

Desarrolladores Externas wrote:

"But I think that the service is working fine because if I disabled in Receiver Agreement "Security Procedure (Response)", the interface in Oi is working fine and I can see the response encrypted xml in soapUI."

What do you mean with Oi?

You change an Agreement in PI and receive as result a response in soapUI??

Regards,

Udo

udo_martens
Active Contributor
0 Kudos

Hi,

are you trying to test a https encrypted webservice? It is hard to understand what you mean with "sing" - please check again your translation.

What does happen if you try to execute the service in a browser (e.g. firefox) - just type the endpoint url into browser's address field?

Regards,

Udo