cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PI 7.31 AEX - Principal Propagation

Former Member

on ‎06-18-2012 10:27 AM

0 Kudos

Hi,

I am trying to get principal propagation working on PI 7.31 single-stack AEX my scenario is as follows.

ThirdParty (SOAPui) -- soap with ssl -> PI -- rfc -> SAP

Everything works fine between PI and SAP where i have made a trust but not from SOAPui to PI.

Current setup which is not working:

I have added ClientCertLoginModule to component sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter with the following options.

Rule1.AttributeName = CN

Rule1.getUserFrom = subjectName

i created the certificate in PI NWA Certificates and Keys and imported it in SOAPui under preferences SSL.

http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certifica...

Tried to send the message and get below error in SOAPui:

Error: 401 Unauthorized

In the NWA log it says:

Client certificate error.IP address

Please help me out...

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

azharshaikh
Active Contributor
‎05-20-2014 11:43 AM
0 Kudos

Hi Christian,

We are also having similar requirement on PI 7.31 Single Stack for Principal Propagation.

3rd party --> PI --> SRM (SOAP to Proxy Scenario)

Were you able to configure and test it successfully?

Appreciate if you can share any docs / working links.

Regards,

Azhar

Show replies
Show replies
former_member190624
Active Contributor
‎09-10-2012 11:59 AM
0 Kudos

Hi Christian,

Error 401 unauthorized have following chances,

1. your user id don't have authorizations to test from SOAP UI.

2. your user or password provided in the UI was wrong.

BTW , wht is your soap ui version?

Regards

Hari.

Show replies
Show replies
Former Member
‎09-17-2012 1:23 PM
0 Kudos

This is not an issue with my User/Pass.

It is simply a question about Principal Propagation not being supported yet.

Former Member
‎12-23-2012 11:29 PM
0 Kudos

Hi Christian,

Did you get client certificate authentication working with Principle propagation?

Please let us know. It it is not working, did you find any other alternatives?

KP

Former Member
‎02-10-2013 8:01 PM
0 Kudos

Dear Christian,

I am also trying to configure a similar scenario.

Can you please share some more information/references as to how you configured this scenario in PI7.31?

Is your scenario now working fine? What was the issue and how did you manage to get it resolved?

Any details on this will be highly appreciated.

Thanks & Warm Regards,

Anshul

Former Member
‎02-19-2013 10:28 AM
0 Kudos

Hi Anshul,

We have successfully configured SAML (with Principal
Propagation) using the WS adapter on PI7.31 dual-Stack (this is no different to
how it would be configured in 7.11)

 

SAP confirmed to us that SAML is not currently supported in the
SOAP adapter and therefore SAML cannot be configured for a single-stack
instance. They have indicated that the implementation of SAML in the SOAP
adapter is not currently in any planned EHP/SPs, but this could be considered
if enough requests are made for this functionality.

Regards,

Dave

Former Member
‎09-10-2012 11:42 AM
0 Kudos

I was still not able to get this working...

Does anyone know when SAML will be supported in AEX?

Show replies
Show replies
Former Member
‎08-01-2012 11:42 AM
0 Kudos

Does anyone have an idea how to get this working?

Show replies
Show replies
Former Member
‎08-02-2012 9:50 AM
0 Kudos

Hi Christian,

no, not yet, but the problem is still on our table. I'll let you know here if we get it working.

Regards

,Jörg

Former Member
‎09-08-2012 9:39 AM
0 Kudos

Hi Christian

Did you get any luck with this?

Could you help with the steps involved in setting up this scenario please I need the same scenario without the SOAPui. I got the webservice setup in SR but the app needs to logon each time which is no good so if you could help with the steps in setting up the principal propagation i would be grateful.

Thx

Former Member
‎06-19-2012 2:49 PM
0 Kudos

Hi Christian,

I had a similar issue, but the error now disappeared. I've done a lot of changes in that area, so I don't know what exactly fixed the issue.

Have you checked the obvious things? Is the certificate valid? Is it transmitted at all? Can you get more information in SoapUI? I believe the SAP warning message is truncated.

Good luck!

Jörg

Show replies
Show replies
Former Member
‎06-19-2012 3:13 PM
0 Kudos

Hi,

Thank you for replying.

  • The certificate is valid
  • I dont know if the certificate is transmitted? How can i see this? I just added it to SSL settings in SoapUI..       

     http://content.screencast.com/users/christianvh/folders/Jing/media/6b23e555-7b67-4b75-b235-224e75d0332f/2012-06-19_1617.png

  • I dont get any message in SoapUI except for Error: 401 Unauthorized

How did you set up the ClientCertificateModule Options?


Message was edited by: Christian Vilhelm Henriksen

Former Member
‎06-19-2012 3:28 PM
0 Kudos

Hi Christian,

I'm sorry, the scenarios are not the same. I tried to leave out PI and just establish SAML communication between an SAP portal 7.3 and an ECC 6.0. I received the same error as you do. I just checked again and unfortunately, it is still there. In my case I am pretty sure the sender doesn't generate a SAML token, so no certification is done. That's why I asked if this could be the problem. I don't have so much experience in checking whether the certificate was included, but I would start with tools like tcpmon to watch traffic going on between the two applications.

Another thing I learnt: Have you installed the whole certificate chain in PI? If the referenced certificates are missing PI cannot validate the whole chain.

I am struggling with this one as well and I also hope to learn how this works.

Regards,

Jörg

Former Member
‎06-20-2012 9:02 AM
0 Kudos

Hi Jörg,

I know for a fact that SAML is not supported in 7.31 single-stack, but SAP told me that client certificate should be enough.

I will keep on trying until it works or someone answers me in her 😉

Former Member
‎10-04-2012 5:34 PM
0 Kudos

Hi Christian,

I'm trying to implement a similar scenario...

Did you get a clear statement from SAP saying that SAML is not supported in 7.31 Single-stack? If not, what other evidence do you have that is not supported?

Regarding your original scenario, did you manage to get certificate authentication & principal progagation working - or did you also discover that this doesn't work either?

Thanks,

Dave

Former Member
‎10-05-2012 7:24 AM
0 Kudos

Hi David,

I was told by my Ramp-Up coach that only SAP Assertion Ticket is supported for principal propagation.

About client certification i was not able to get it working and didnt have anymore time to look into this.. If you get it working please let me know..

If you need help setting up client certification i might be able to assist you to get started 🙂

Ask a Question