cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error while valdiating the digital signature

Former Member

on ‎03-02-2016 1:19 PM

0 Kudos

hi all,

We are sending data from SOAP system to ECC(RFC) system via PI. We are on AS java  and using soap sender and RFC receiver synchronous communication.  All the keys and certificates required are installed in NWA.

We got the below error in SOAP UI.

Scenario: SOAP -> SAP PI -> ECC (RFC) (Synchronous)

SOAP Error:

<!--see the documentation-->

<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">

   <SOAP:Body>

      <SOAP:Fault>

<faultcode>SOAP:Server</faultcode>

<faultstring>Server Error</faultstring>

<detail>

<s:SystemError xmlns:s="http://sap.com/xi/WebService/xi2.0">

<context>XIAdapter</context>

<code>ADAPTER.JAVA_EXCEPTION</code>

<text>com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte[], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[], CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration... To-String: com.sap.security.core.policy.exceptions.VerifyException: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..; To-String: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: run(). Message: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration... To-String: com.sap.security.core.policy.exceptions.VerifyException: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration...

please help to solve this issue.

regards,

Dileep

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member186851
Active Contributor
‎03-03-2016 9:43 AM
0 Kudos

Hello Dileep,

Please post your XML structure and Soap Sender channel conifgs

Show replies
Show replies
Former Member
‎03-07-2016 9:42 AM
0 Kudos

Hi, 

Please find the screen shots below for SOAP channel & ICO.

We have stored Senders Client Certificate under Trusted CA of Netweaver Administration & used the same in ICO config & we have shared our PI system Public certificate with Sender.


Former Member
‎03-07-2016 1:22 PM
0 Kudos

hi,

Thanks for the advise. ill try to find out the exact issue.

regards,

Dileep s

wu_feng2
Explorer
‎06-21-2016 11:37 AM
0 Kudos

hi,

   Have u solved it?

   I got same error in our https connection, and don't  know how to come over it.

Any Suggestion?

Former Member
‎06-21-2016 11:46 AM
0 Kudos

Hi,

which level are using in HTTPS

THERE are two options 1. with client authentication and without client authentication

Regards,

Dileeep S

wu_feng2
Explorer
‎06-21-2016 12:07 PM
0 Kudos

I use the https  without client Authentication

Former Member
‎06-21-2016 12:10 PM
0 Kudos

okay paste your channel and receiver determination screenshot.

wu_feng2
Explorer
‎06-21-2016 12:23 PM
0 Kudos

Former Member
‎06-21-2016 12:53 PM
0 Kudos

In issuer and subject tab for partner certificate you need to select light and root certificates extracted from partner public certificate. 

are you using password and username for transport level security?? first make sure that it is working i.e, transport level security by unchecking select security profile in the channel(by removing digital signing).

wu_feng2
Explorer
‎06-21-2016 1:11 PM
0 Kudos

Thanks for your reply.

In fact, it works fine without the security profile setting in sender channel.

I use basic login for the connection to PI.

And , I choose root certificate for the issuer and partner certificate for the subject too.

By the way, I also try to generate key pair in pi to test it with  the soapui tool, still report that error.

Former Member
‎06-21-2016 1:22 PM
0 Kudos

keep headers option should be checked in the communication channel. other than this i dont have any other suggestions. You can use XPI inspector to find out the exact cause.

wu_feng2
Explorer
‎06-21-2016 1:36 PM
0 Kudos

right, that option is checked.

However, I get some  doubt about the WSDL file. Either select the security profile or not in sender channel, the server generates the same WSDL file content. Is it a problem?

Ask a Question