on 06-18-2012 10:27 AM
Hi,
I am trying to get principal propagation working on PI 7.31 single-stack AEX my scenario is as follows.
ThirdParty (SOAPui) -- soap with ssl -> PI -- rfc -> SAP
Everything works fine between PI and SAP where i have made a trust but not from SOAPui to PI.
Current setup which is not working:
I have added ClientCertLoginModule to component sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter with the following options.
Rule1.AttributeName = CN
Rule1.getUserFrom = subjectName
i created the certificate in PI NWA Certificates and Keys and imported it in SOAPui under preferences SSL.
Tried to send the message and get below error in SOAPui:
Error: 401 Unauthorized
In the NWA log it says:
Client certificate error.IP address
Please help me out...
Hi Christian,
We are also having similar requirement on PI 7.31 Single Stack for Principal Propagation.
3rd party --> PI --> SRM (SOAP to Proxy Scenario)
Were you able to configure and test it successfully?
Appreciate if you can share any docs / working links.
Regards,
Azhar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Christian,
Error 401 unauthorized have following chances,
1. your user id don't have authorizations to test from SOAP UI.
2. your user or password provided in the UI was wrong.
BTW , wht is your soap ui version?
Regards
Hari.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Christian,
I am also trying to configure a similar scenario.
Can you please share some more information/references as to how you configured this scenario in PI7.31?
Is your scenario now working fine? What was the issue and how did you manage to get it resolved?
Any details on this will be highly appreciated.
Thanks & Warm Regards,
Anshul
Hi Anshul,
We have successfully configured SAML (with Principal
Propagation) using the WS adapter on PI7.31 dual-Stack (this is no different to
how it would be configured in 7.11)
SAP confirmed to us that SAML is not currently supported in the
SOAP adapter and therefore SAML cannot be configured for a single-stack
instance. They have indicated that the implementation of SAML in the SOAP
adapter is not currently in any planned EHP/SPs, but this could be considered
if enough requests are made for this functionality.
Regards,
Dave
I was still not able to get this working...
Does anyone know when SAML will be supported in AEX?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Does anyone have an idea how to get this working?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Christian
Did you get any luck with this?
Could you help with the steps involved in setting up this scenario please I need the same scenario without the SOAPui. I got the webservice setup in SR but the app needs to logon each time which is no good so if you could help with the steps in setting up the principal propagation i would be grateful.
Thx
Hi Christian,
I had a similar issue, but the error now disappeared. I've done a lot of changes in that area, so I don't know what exactly fixed the issue.
Have you checked the obvious things? Is the certificate valid? Is it transmitted at all? Can you get more information in SoapUI? I believe the SAP warning message is truncated.
Good luck!
Jörg
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Thank you for replying.
How did you set up the ClientCertificateModule Options?
Message was edited by: Christian Vilhelm Henriksen
Hi Christian,
I'm sorry, the scenarios are not the same. I tried to leave out PI and just establish SAML communication between an SAP portal 7.3 and an ECC 6.0. I received the same error as you do. I just checked again and unfortunately, it is still there. In my case I am pretty sure the sender doesn't generate a SAML token, so no certification is done. That's why I asked if this could be the problem. I don't have so much experience in checking whether the certificate was included, but I would start with tools like tcpmon to watch traffic going on between the two applications.
Another thing I learnt: Have you installed the whole certificate chain in PI? If the referenced certificates are missing PI cannot validate the whole chain.
I am struggling with this one as well and I also hope to learn how this works.
Regards,
Jörg
Hi Christian,
I'm trying to implement a similar scenario...
Did you get a clear statement from SAP saying that SAML is not supported in 7.31 Single-stack? If not, what other evidence do you have that is not supported?
Regarding your original scenario, did you manage to get certificate authentication & principal progagation working - or did you also discover that this doesn't work either?
Thanks,
Dave
Hi David,
I was told by my Ramp-Up coach that only SAP Assertion Ticket is supported for principal propagation.
About client certification i was not able to get it working and didnt have anymore time to look into this.. If you get it working please let me know..
If you need help setting up client certification i might be able to assist you to get started 🙂
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.