cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Missing Security header in SOAP

Go to solution
former_member185943
Participant

on ‎05-23-2007 2:51 PM

0 Kudos

Hello!

I used WSDLs to generate a few client proxy classes in order to access web services of a 3rd party application. The first call was successfull: I called START_SESSION method passing username and password and got proper response (ticket, session ID). Afterwards, I wanted to call methods of other proxy classes of the same application and always got 

SoapFaultCode:1  WSDoAllReceiver: Request does not contain required Security header

How do I pass security header and what does it consist of? I suppose ticket and/or session ID, but it is not part of any method's interface.

What should I do?

Thanks in advance!

Kind regards,

Igor

Unfortunately, WSDL is not available in public. If necessary; I'll post it, but for the first post I'll try not to occupy space.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

yonko_yonchev
Active Participant
‎05-23-2007 3:41 PM
0 Kudos

Hi Igor,

you have to assign security profiles for each of the proxy classes. The type of security profile (username, signature, etc.) that you assign has to be synchronized with what the service provider requires for security in a specific operation - this is described in the WSDL, based on which you generate the proxy class. You can configure a security profile and resuse it for different proxy classes.

The steps to do this config in SAP NetWeaver 04s are described in this document:

http://help.sap.com/saphelp_nw2004s/helpdata/en/f7/993240713be801e10000000a155106/frameset.htm

Having made the config, the server will generate the security header for you. You only have to provide valid security credentials in the profile.

Regards,

Yonko

Show replies
Show replies
former_member185943
Participant
‎05-24-2007 10:11 AM
0 Kudos

Thanks, Yonko!

I'll try and let you know. Is there some help doc on the same subject for NW ABAP?

Igor

yonko_yonchev
Active Participant
‎05-24-2007 12:53 PM
0 Kudos

Hi Igor,

yes, it's here:

http://help.sap.com/saphelp_nw2004s/helpdata/en/9b/dad1ae3908ee44a5caf57e10918be9/frameset.htm

In broad lines it follows the same approach, however, you execute the configuration via WSSPROFILE in the SAP GUI.

Regards,

Yonko

former_member185943
Participant
‎05-25-2007 3:16 PM
0 Kudos

Hi!

I did research on this topic with server application and I quote what I found:

<i>The Alfresco web services have always used the WS Security header to pass the ticket information to the server.

The ticket is plucked out of the password parameter and cross checked within the server to ensure the request can proceed.

So long as you construct the WS Security header correctly authentication at the repository should occure without problem</i>

I get the ticket from the successfull call of START_SESSION method of different (authentication) proxy class, but don't know what to do with it. How to include it in security header of another proxy method call? Or should I do something else?

I'll describe what I tried - please see if I did something wrong:

1. In SE80 -> Client proxy maintenance, I selected tab Preconfiguration, selected "Session-Oriented communication" -> Checked "Select Feature"

2. Same tab, selected "Authentication" -> Basic

3. Activated the proxy

4. WSSPROFILE -> Created profile based on CHECK_USERNAME template

5. LPCONFIG -> Selected operation GET_USER, entered the newly created profile both in ProfileIn and ProfileOut, activated

6. Activated client trace, called method and got SOAP request without any security info in header:

<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
  <soap-env:Header>
    <n0:Trace xmlns:n0="http://www.sap.com/webas/630/soap/features/runtime/tracing/">
      <TraceLevel xmlns="http://www.sap.com/webas/630/soap/features/runtime/tracing/">Error</TraceLevel>
    </n0:Trace>
  </soap-env:Header>
  <soap-env:Body>
    <nr1:getUser xmlns:nr1="http://www.alfresco.org/ws/service/administration/1.0" xmlns:nr2="http://www.alfresco.org/ws/model/content/1.0">
      <nr1:userName>ADMIN</nr1:userName>
    </nr1:getUser>
  </soap-env:Body>
</soap-env:Envelope>

I must have done something wrong.

Regards,

Igor

yonko_yonchev
Active Participant
‎05-25-2007 4:30 PM
0 Kudos

Hi Igor,

you have to select SET_USER for the Profile template - this option adds the Username Token to the security header for the request.

You can use CHECK_USERNAME template if you want to check the security header for a response. You then also have to configure the ICF, as described here:

http://help.sap.com/saphelp_nw2004s/helpdata/en/e1/af3a40243c174ee10000000a1550b0/frameset.htm

Regards,

Yonko

athavanraja
Active Contributor
‎05-26-2007 7:00 AM
0 Kudos

check out this thread on how to pass header authentication while executing the client proxy.

Raja

Answers (1)

Answers (1)

former_member185943
Participant
‎06-02-2007 10:54 PM
0 Kudos

It works now - thanks, guys! Has anyone ever made security profiles in logical ports work in regular way, without hacking SOAP header manually? According to the thread suggested by Raja, no. And that's exactly my experience. I wonder how it works with more serious stuff then, like certificates?

Anyway, I am happy with the way it works, for the time being.

Now I have another problem, but this is for another thread.

Igor

Show replies
Show replies
Ask a Question