on 05-13-2007 12:25 PM
Hello,
We have the following scenario:
We have a webdynpro we created on our portal (EP6.0 SP19) which calls a webservice hosted on our XI (XI3.0 SP19) via SOAP. This webservice actualy calls an RFC on our R34.6c system (Basis COP51) and returns synchronosly some data to the webdynpro.
When running this scenario without any users/PP it runs fine.
When we are changing the agreements in XI to use <b>Principal Propagation</b> and do not pass any user/pass with the webdynpro, we fail on accessing the XI with error <b>401 - unauthorized</b> (from the engine ICM port).
We have configured everything for PP according to the guides (SP19), created the user with the required auths in all systems, etc.
we have set in the webdynpro application the parameter sap.authorization=true even.
What we think might be the problem is that no ticket is passed to the XI from the portal so it gets the 401 error.
How can this be checked?
We have noticed no problems in the security log traces on either XI or portal.
Regards,
Yaki
Hi,
can you double check with Alexander's blog?
/people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi
Regards,
michal
-
<a href="/people/michal.krawczyk2/blog/2005/06/28/xipi-faq-frequently-asked-questions"><b>XI / PI FAQ - Frequently Asked Questions</b></a>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
We have found note: Note 856597 - FAQ: XI 3.0 SOAP Adapter
in it, there is a section speaking about our 401 error:
Q: I get an authorization error "401 Unauthorized" from the adapter's servlet. What went wrong?
A: The adapter's servlet is protected by default. You must use one of the user names assigned in security role xi_adapter_soap_message for component XISOAPAdapter. Please consult the documentation for Visual Administrator to view and change the security setting.
The user authentication of the SOAP adapter is not part of the SOAP adapter but of the web container of the J2EE engine. The default authentication setting is defined in the web.xml descriptor file of the SOAP dapter web application. This setting may be modified from Visual Administrator with some restriction. Please refer to the security documentation for the J2EE engine.
Can this be related to our problem?
If so, where should we configure this role?
It does not exist by default in our system.
Regards,
Yaki
Hi,
We still not found a solution, we had a direction but it didn't succeeded, you can also try it, maybe ....
note 856597 that you found may be relevant for this issue, i.e. :
Q: I get an authorization error "401 Unauthorized" from the
adapter's servlet. What went wrong?
Please review the following links which should help you in configuring
this role:
'User Roles for Adapter and Module Development'
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/1e1bbc5d9206fde10000000a422035/frameset.htm
'SOAP Adapter'
http://help.sap.com/saphelp_nw2004s/helpdata/en/02/6d5c034c182e4fbe7bfd25c2b56f9b/frameset.htm
If this does not help please review the following note and change the
password for the user accordingly:
- 810621 UME with ABAP persistence: Error in back end connection
Anyway, if we will have a solution, I will update this message.
Regards,
Yaki
<a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/69d95112-0d01-0010-8297-fa31feea26e0">How to Enable Single-Sign-On for SAP Exchange Infrastructure</a>
hope help you!
Please Award points if help is useful .
jun huang
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.