cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WS-Security (Message Level) using SOAP Receiver in SAP PI 7.11

Former Member

on ‎06-25-2015 4:22 PM

0 Kudos

Hi Experts,

My requirement is to perform the Certificate based authentication using Username and certificate through WS-Security mechanism at Message level. This is supposed to be Client Authentication methodolgy where we share the Public key to 3rd party. I have been browsing through the SCN Links and found below Blog

Questions -

1. Does it require any other settings in PI (Admin level..etc) other than Channel configurations - given that the certificates are already deployed in J2EE Keystore already?

2. Can we achieve this using one set of keypair?

3. Can we enable my requirement using Classic configuration as well apart from using ICOs?

4. Does this feature support is enabled only few Versions and corresponding service packs?

Appreciate your response back.

Regards,

N. Jayanth Kumar.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-29-2015 8:36 AM
0 Kudos

Hi Experts -

We have made further tests and were able to see the Message security tab, but it is failing by throwing an error - invalid username and password.

From a certificate front - does one pair of certificates be sufficient?

Regards,

N. Jayanth Kumar

Show replies
Show replies
RaghuVamseedhar
Active Contributor
‎06-29-2015 2:10 PM
0 Kudos

Jay,

For invalid user and password, please check with target system admin for valid details.

One PI certification key pair is sufficient. Target system will also have their pair of keys.

Former Member
‎06-29-2015 3:32 PM
0 Kudos

Hi Raghu,

Thanks for the information. The question is something not related to PGP Encryption, but it is to do with WS Security using SOAP Adapter at transport layer.

Regards,

N. Jayanth Kumar.

pvishnuvardan_reddy
Active Contributor
‎06-29-2015 5:46 PM
0 Kudos

Hi Jay,

Yes, I also think the error is saying about the invalid username and password related to the SOAP adapter.

Can you please cross check whether the right credentials you are using to establish the connection with the webservice.

Regards

Vishnu

Former Member
‎06-30-2015 11:32 AM
0 Kudos

Hi Vishnu,

Should the certificates deployed in PI be associated with any username specifically, which I dont think though?

Regards,

N. Jayanth Kumar

pvishnuvardan_reddy
Active Contributor
‎06-30-2015 11:42 AM
0 Kudos

Hi Jay,

yes, I don't think the certificates should contain username details.

Normally we use certificates to establish connection to a secure server.

Can you check whether the web service needs to connect through any username/password mode?

Regards

Vishnu

maheswarareddykonda
Active Contributor
‎06-30-2015 12:19 PM
0 Kudos

Hi Jay,

i think problem with credentials which you have used in channel level,

can you please try to pass user name and password as per below link, which is raised by me and it had resolved too.

Thanks,

Maheswarareddy

Former Member
‎06-30-2015 12:45 PM
0 Kudos

Hi Maheswar,

We have the requirement to authenticate using Username and Certificate, the blog you have provided is very informative but it seems to be using only username and password, but not certificate. Appreciate your help on using the Username and Certificate authentication.

Regards,

N. Jayanth Kumar

maheswarareddykonda
Active Contributor
‎06-30-2015 2:02 PM
0 Kudos

Jay,

i was referring you must have done that certification before itself and i dont think that error related to certificate, so you just keep as it is certificate and also since you are using wss security , please try to pass those credentials in mapping level as per that link steps which i posted in previous.

Former Member
‎06-30-2015 2:31 PM
0 Kudos

Hi Maheshwar,

Yeah I did the same, I have passed the credentials with in the Message structure directly, but still ending up in same error.

Regards,

N. Jayanth Kumar.

maheswarareddykonda
Active Contributor
‎06-30-2015 2:55 PM
0 Kudos

Jay,

have you tested in soap UI and worked?

if yes, while testing in soap ui, once you run the request you can see raw data in raw tab, there you can see user name password in header,

and make sure you have to send username & password as per that raw data.

Former Member
‎06-30-2015 2:57 PM
0 Kudos

Hi Maheshwar,

We tried to send by just using username and password it worked well, now we need to establish the connectivity using Username and certificate in terms of authentication. It seems to work when our downstream system provider has tested from SOAP UI.

Regards,

N. Jayanth Kumar

maheswarareddykonda
Active Contributor
‎06-30-2015 3:10 PM
0 Kudos

ok.since its working fine with out certificate then , i don't think that certificate is required, in case really that required , data must have failed in PI.

however,

We tried to send by just using username and password it worked well,

have you used username password in cc or sent same in data level?

if you use user credentials along with client certificate wat error you are getting now?

and also check with your web-service team that really client certificate or server certificate, if that is server certificate, you no need to generate keys and you can just import that cert in nwa

Former Member
‎06-30-2015 3:32 PM
0 Kudos

Hi Maheswar,

The successful test was done by sending the username and password from message mapping not from CC. We are performing Client authentication - which means we share the public key to 3rd party and keep the private key with us. The requirement is to authenticate using the Username (provided by 3rd party) and Certificate.

When we used the client certificate - WS-Security seems to be applied successfully, but it is failing quoting invalid username. We did use the username in CC as well as sent it from mapping directly - but both resulting in same error.

Regards

N. Jayanth Kumar.

RaghuVamseedhar
Active Contributor
‎06-29-2015 4:21 AM
0 Kudos

Jay,

Please use PGP module. It is free.

1. No.

2. Yes.

3. Both.

4. 7.11+

Show replies
Show replies
Ask a Question