10-04-2007 7:50 AM
Hi All,
I have a web service deployed on the SAP Web AS J2EE.
I want to include Authentication option in my web service
I have configured the settings for using X.509 certificate(HTTPS) in my
web service configuration and similarly I've configured my client proxy
for the same.
My question is..... from where do I get the X.509 certificate?
actually I have the .crt and .der files, which I created from
the visual administrator.
And also do I need to install anything on my SAP server
in order to use the authentication service? (Any prerequisite)
Thanks,
Talimeren
10-04-2007 9:33 AM
Hi Talimeren,
your first question is not completely clear to me. Which X.509 certificate do you mean? The one from the user? The server certificate you have already.
When you made a HTTPS connection to the WebAS server you should usually get the client certificate chain via the standard J2EE attribute
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
Mostly there is only one certificate in the array which is the user certificate after successful an authentication.
HTH
Daniel
10-04-2007 9:42 AM
Hi Daniel ,
Thank you for your reply.
Actually I don't know where to begin with..
I created the .crt from the Visual admin
and don't know where to use that..
And also in some post I came across SAP Cryptographic library,
Do i need to install that?
thanks,
Talimeren
10-04-2007 9:59 AM
Hi Talimeren,
when you want to use certificates you have to setup SSL which you've started already. You have to get and import a server certificate which authenticates the server while the client creates a SSL connection. The cert has to assigned to the SSL port. For NW04 you can find the guide here http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
If you want client authentication by certificates as well you have to import at least one root certificate from a certficate authority (CA) which you trust and by which all user certificates are signed.
SAP delivers the IAIK library for WebAS security, but this depends on your WebAS version and installation. I suggest you setup SSL and try to make a connection. If the connection can be made, the security library should be there.
HTH
Daniel
Message was edited by: Correct Link
Daniel Sass
10-04-2007 10:36 AM
Hi Daniel ,
Thanks again for your quick response.
Ok I have done the setup for SSL and tested it.
Now how do I link the client with the certificate.
(Can I do it declaratively instead of programatically)
[I am using a proxy to access the web service]
and what about my web service??
Setting the Web service Configuration to use X.509 is enough
or do I need to link the certificate file to it..
Thanks,
Talimeren
10-04-2007 11:02 AM
Hi Talimeren,
you have to set up the strong authentication mechanism. Here you can find more information how to do this: http://help.sap.com/saphelp_nw70/helpdata/en/7c/a6d13f83a14d21e10000000a1550b0/frameset.htm
HTH
Daniel
10-05-2007 9:09 AM
Hi Daniel,
Thanks for your reply again.
I have done the settings and created certificates for both the server and the client
and I've installed the certificate in my browser too.
But when I try to access my web service from the
Web Service navigator I get the following error:
Cannot download WSDL from https://localhost:50101/myService/Config2?wsdl: Cannot connect to https://localhost:50101/myService/Config2?wsdl: Peer sent alert: Alert Fatal: bad certificate
Thanks,
Talimeren
10-08-2007 8:26 AM
Hi Talimeren,
Unfortunately, I have no experience with this setup. You should try locate the error in the log files to find out which certificate has a problem and what the problem is.
Regards,
Daniel
10-08-2007 9:04 AM
HI Daniel thanks again,
now I am getting an error
Cannot download WSDL from https://localhost:50101/myService/Config2?wsdl:
Cannot connect to https://localhost:50101/myService/Config2?wsdl: Software caused connection abort: socket write error
and in the log file I am geting the following:
Error#1#/System/Network#Plain###Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.#
#1.5#0011D8053E240014000000010000139000043BF689D4EE67#1191829967250#/System/Network##com.sap.engine.core.manipulator.TCPRunnableConnection.init()#######OrderedChannel for http service##0#0#
Error#1#/System/Network#Plain###Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.#
Thanks,
Talimeren