cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Soap Receiver Adapter

Go to solution
Former Member

on ‎10-03-2007 7:18 PM

0 Kudos

Hello,

I am trying to call web service which is hosted on axis from xi.

It works fine if I use Basic Authentication for client authentication but if I change it to certificate authentication and provide a certificate from service_ssl keystore, I get following error:

<SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">

<SAP:Category>XIAdapterFramework</SAP:Category>

<SAP:Code area="MESSAGE">GENERAL</SAP:Code>

<SAP:P1 />

<SAP:P2 />

<SAP:P3 />

<SAP:P4 />

<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: invalid content type for SOAP: TEXT/HTML</SAP:AdditionalText>

<SAP:ApplicationFaultMessage namespace="" />

<SAP:Stack />

<SAP:Retry>M</SAP:Retry>

</SAP:Error>

I think there is no issue with certificate as there is entry 'certificate found' in logs of axis server.

Please help to resolve this.

Thanks in advance.

Beena,

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-03-2007 7:24 PM
0 Kudos

Hi Beena !

Check this thread for a clue:

Also check if you are using the same version of SOAP in both end-points (1.1 or 1.2)

Regards,

Matias.

Show replies
Show replies
Former Member
‎10-03-2007 7:29 PM
0 Kudos

Hi Matias,

It works if I use Username/Password for client authentication.

But if I use certificate it gives error.

So I dont think there is any version mismatch.

Thanks,

Beena.

Former Member
‎10-03-2007 7:54 PM
0 Kudos

Hi Beena !

I did some research.

check this links:

As in /people/shabarish.vijayakumar/blog/2008/01/08/troubleshooting--rfc-and-soap-scenarios-updated-on-20042009:

<i> com.sap.aii.af.ra.ms.api.DeliveryException: invalid content type for SOAP: TEXT/PLAIN

Try contacting the WS team and finding out the Content Type expected by them.

Using the MessageTransformBean, the content type can be changed.

It uses a standard adapter module to set the content type of the response.</i>

Did you try to catch the response using soapUI or other SOAP client software?

Did you try to use URL?wsdl instead of URL in SOAP receiver?

Regards,

Matias.

Answers (1)

Answers (1)

henrique_pinto
Active Contributor
‎10-03-2007 10:20 PM
0 Kudos

Make sure the Web Service you're trying to access support certificate authentication. Also, make sure your certificate will be accepted by them (it needs to be in the Axis server client certificates pool and its certificate chain needs to be in the Axis server trusted CAs certificates pool).

Since it works fine with simple http authentication, it is probably some unauthorized error (401), or some other error related to the certificates.

Try to catch the return message in XI Server or Axis Server using a sniffer or TcpGateway (described in this blog: /people/stefan.grube/blog/2007/03/29/troubleshooting-soap-http-and-mail-adapter-scenarios-with-tcpgateway).

Regards,

Henrique.

Show replies
Show replies
Former Member
‎10-03-2007 11:51 PM
0 Kudos

Hi Henrique,

Thanks for reply.

Can you eloberate this?

<i>it needs to be in the Axis server client certificates pool and its certificate chain needs to be in the Axis server trusted CAs certificates pool</i>

I have generated certificate in service_ssl keystore of xi and the public key i.e. certificate is imported in Trust keystore of Axis.

Also the certificate from axis is imported in xi in TrustedCAs keystore.

The scenario works fine if I use Basic Authentication.

but If I use client authentication it gives error.

I tried TCP gateway running on my computer and redirected the URL to Axis server.

However I get Request in encoded format and I dont know which charset to be used for this?

Thanks,

Beena.

henrique_pinto
Active Contributor
‎10-04-2007 3:56 PM
0 Kudos

Hi Beena,

don't mind the message (it is probably encrypted because of ssl), check for the http header fields. Can you see at least what is the http return code (200, 404, 401, 403 etc)?

Regarding the certificates: you don't need to import the axis server certificate in your TrustedCAs. You need to get the certificates of the Issuers of the server certificate (if more than 1, you have to have all of them) in your TrustedCAs keystore view. The same goes for your certificate's chain in the axis trusted keystore.

Also, you have to check on how to configure the client certificates in Axis server.

For example, in Web AS Java you proceed like this: http://help.sap.com/saphelp_nw70/helpdata/en/b0/881e3e3986f701e10000000a114084/frameset.htm

Regards,

Henrique.

Former Member
‎10-04-2007 4:20 PM
0 Kudos

Hi,

When you get a TEXT/HTML response back from a Web Service call, this is actually generated by the host server and not the Web Service.

Therefore my best suggestion is to install an HTTP sniffer on the XI box and then you will be able to see the response you are getting.

This will then hopefully tell you where it is going wrong.

Cheers

Colin.

Former Member
‎10-04-2007 5:25 PM
0 Kudos

Hi Henrique,

I don't see http return code. I get only encrypted message.

I am using self-signed certificates. For XI it is ssl-credentials of keystore service_ssl for testing purpose.

The public key of this certificate is imported in Axis server.

Also in the soap receiver communication channel I am using ssl-credentials in keystore entry for configure certification authentication.

Is this correct?

Is it mandatory to get signed certificate from CA.

Thanks,

Beena.

henrique_pinto
Active Contributor
‎10-05-2007 2:30 PM
0 Kudos

Since they are self signed, then it should be ok as long as they are in the TrustedCAs view.

Since the message is encrypted, you probably won't be able to check it with tcpgateway or sniffer.

Another approach would be to set the log leve of Soap adapter to 'Debug' (in Log Congurator, in Visual Admin), reproduce the error and then check the defaulttrace.trc file in Log Viewer of Visual Admin to check for the return message. You'll be able to see it there (it's just a pain in the @$$ to look for it among those several thousand messages...).

Remember to change the soap adapter log level back to 'Error'.

Regards,

Henrique.

Former Member
‎10-05-2007 4:05 PM
0 Kudos

Thanks Henrique.

Could you please clarify this?

I am using XI J2EE engine as client.

Is it required to enable Request certificates and import certificate in SSL Provider in visual admin.

<i> If the server process is to accept the use of client certificates for authentication, then set this option in the Client Authentication tab page. Also maintain the list of trusted certificates in the Trusted Certification Authorities section.</i>

Or is it enough for client authentication

i. to specify the certificate (from keystore service_ssl) in receiver communication channel and

ii. import the server's certificate in TrustedCAs

as far as XI configuration is considered .

Am I missing anything?

Thanks,

Beena.

henrique_pinto
Active Contributor
‎10-05-2007 7:29 PM
0 Kudos

Beena,

you're right, from the client perspective that's enough.

Those extra configurations are to be done when you have J2EE as a server.

That being said, the time I had that same problem of yours, I did several things in order to try to solve it, and one of them was to set the SSL for J2EE server also. So I also did those steps.

You may wanna try it, but I'm not sure you'll have any effects...

Regards,

Henrique.

Ask a Question