cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WS-Security with Axis adapter - decryption failure

Go to solution
Former Member

on ‎04-21-2013 9:02 AM

0 Kudos

Hi,

For interoperability reasons we have to use the AXIS SOAP receiver for a ws-security setup with an external party.

signing and encrypting the request is working and a response is received. During the WSDoAllReceiver step the following error is encountered:

com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.engine.interfaces.messaging.api.exception.MessagingException: WSDoAllReceiver: security processing failed; nested exception is:

org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: Callback supplied no password for: EDSNTMR)

The module settings are

crypto.view = DEFAULT

handler.type = java:com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllReceiver

passwordCallbackClass = com.sap.aii.axis.security.DefaultPasswordCallbackHandler (same error if this is left out)

It looks as if the WSDoallReceiver expects a password to be supplied for accessing the private key EDSNTMR in the keystore. However this makes little sense as the keystore should be fully readable to the axis adapter.

Is there an alternate password callbackhandler I could use or some way to provide a password to the function? (pwd.password as module paramter has no effect

Our system is:

SAP PO 7.31 SP6

Axis adapter with wss4j 1.5.10

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-23-2013 4:03 PM
0 Kudos

Hi,

From the AXIS FAQ:

----

If the user name retrieved from the message does not match the name specified in

the user parameter, the WSDoAllReceiver handler throws an exception

org.apache.ws.security.WSSecurityException: General security error
(WSSecurityEngine: Callback supplied no password for: uname where

uname is the user name retrieved from the message. To resolve this

problem by accepting an arbitrary user, you can set the user parameter to

*

-------

This solved the problem for me. Now the signature validation fails instead but that is another problem.

Show replies
Show replies
cdias
Product and Topic Expert
Product and Topic Expert
‎02-19-2014 8:50 PM
0 Kudos

Hello!

But using * for the user property, but in that case what private key you are using to decrypt the message content?

I'm using * but then i'm getting another error

org.apache.ws.security.WSSecurityException: The signature or decryption was invalid; nested exception is:

  java.lang.NullPointerException: Key is null! Anyone knows what is happening?

I'm sure that I have my private key deployed in keystore.

Thanks

Answers (1)

Answers (1)

former_member191911
Contributor
‎04-22-2013 10:39 AM
0 Kudos

Hi Keld,

Can you please check this blog, it might be helpful: http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/04/12/how-to-configure-axis-framework-f...

Kind regards,

Mark

Show replies
Show replies
Former Member
‎04-22-2013 10:46 AM
0 Kudos

Hi Mark,

Thanks for responding,

That blog does not address receiver issues.

Kind Regards

Keld

Ask a Question