on 01-10-2012 11:20 AM
Hi expert.
I'm developping a synchronous interface in SAP PI 7.1 in order to consume one web service.
To do that, the web service needs one certificate to sing and encrypt the info. It's working fine and the web service is sending back to PI the response xml.
The problem is that the respose xml file is encrypted and I need to decrypt it.
Then, I configure the "Security proceduce (Response) = Decrypt" in Receiver Agreement and choosed the same certificate to sing and encrypt.
When test the whole interface via SoapUI, the interface doesn´t work.
The issue is raising in decrypt part:
com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte[], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[], CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: No SecurityTokenReference was found in the xenc:EncryptedKey/KeyInfo/SecurityTokenReference/KeyIdentifier element.
Any idea????
Thanks in advance.
Hi,
Thanks Udo for your anwser, but... I'm not testing directly the EXTERNAL webService in SoapUI. I'm testing my own service. I mean, I developed an interface in PI and generated the wsdl. That wsdl I'm testing with SoapUI.
So, in order to consume the EXTERNAL webService, I'm using a receiver SOAP com channel. In that, if I dissable "Security proceduce (Response) = Decrypt" and execute MY OWN wsdl, I can see the encrypted message that EXTERNAL webService is sending to PI.
Then, if I active the option "Security proceduce (Response) = Decrypt", because I need to decrypt the payload, the error is raising:
com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[, CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: http://ASJ.wssec.030187 No SecurityTokenReference was found in the xenc:EncryptedKey/KeyInfo/SecurityTokenReference/KeyIdentifier element.
The KeyIdentifier element is and optional element and I don't know why PI is checking that.
Is it posibble to configure "Security proceduce (Response)" anywhere??
Thanks a lot
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi.
First of all, Oi should be SoapUI, sorry!!!
Udo, YES, the webservice is https. This is the url: "https://intermediacionpp.redsara.es/AEAT/services/CorrientePago" that I'm using to consume the web service
When I test the url in a browser, the result is "cannot see the web page"
Regarding the last question, YES, is I changed Agreement, the encrypted xml can be seen in SoapUI.
Thanks a lot
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
The test in SOAP UI does not work because the url is unknown. The host is either wrong spelled or behind a firewall or only in a other network. As long as you cannot ping the host the test is senseless.
You can ask the owner for the certificate or you can download it from a calling browser. Of course only if can access the host
Finally you have to install the certificate to trusted CAs (Java stack).
> I changed Agreement, the encrypted xml can be seen in SoapUI.
I do not get that:
If you change an agreement you change the process PI -> WebServer -> PI
If you test with SOAP UI you test: SOAP UI -> WebServer -> SOAP UI
From my point of view these two processes are not associated in any form...
Regards,
Udo
Hi again.
Thanks Udo for your anwser. And yes!!!! sorry for the mistake!!!! The word is SIGN instead of sing.
Regarding to test the service in a browser (google chrome), I tried that but didn't work. But I think that the service is working fine because if I disabled in Receiver Agreement "Security Procedure (Response)", the interface in Oi is working fine and I can see the response encrypted xml in soapUI.
So i think that the problem is that the web service is sending me the xml without "xenc:EncryptedKey/KeyInfo/SecurityTokenReference/KeyIdentifier element"
Is it possible to configure which elements are to be checked in "Security Procedure (Response)"
Thanks a lot
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
again: Are you going to test a https webservice (what is called as well SSL encrypted)?
Can you explain what exactly is the behaviour if you test the url in a browser? (of course it will not "work")
Desarrolladores Externas wrote:
"But I think that the service is working fine because if I disabled in Receiver Agreement "Security Procedure (Response)", the interface in Oi is working fine and I can see the response encrypted xml in soapUI."
What do you mean with Oi?
You change an Agreement in PI and receive as result a response in soapUI??
Regards,
Udo
Hi,
are you trying to test a https encrypted webservice? It is hard to understand what you mean with "sing" - please check again your translation.
What does happen if you try to execute the service in a browser (e.g. firefox) - just type the endpoint url into browser's address field?
Regards,
Udo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.