Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Web service Security using X.509 certificate

Former Member

‎10-04-2007 7:50 AM

0 Kudos

Hi All,

I have a web service deployed on the SAP Web AS J2EE.

I want to include Authentication option in my web service

I have configured the settings for using X.509 certificate(HTTPS) in my

web service configuration and similarly I've configured my client proxy

for the same.

My question is..... from where do I get the X.509 certificate?

actually I have the .crt and .der files, which I created from

the visual administrator.

And also do I need to install anything on my SAP server

in order to use the authentication service? (Any prerequisite)

Thanks,

Talimeren

8 REPLIES 8

cand1
Advisor
Advisor

‎10-04-2007 9:33 AM

0 Kudos

Hi Talimeren,

your first question is not completely clear to me. Which X.509 certificate do you mean? The one from the user? The server certificate you have already.

When you made a HTTPS connection to the WebAS server you should usually get the client certificate chain via the standard J2EE attribute

X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

Mostly there is only one certificate in the array which is the user certificate after successful an authentication.

HTH

Daniel

Former Member
In response to cand1

‎10-04-2007 9:42 AM

0 Kudos

Hi Daniel ,

Thank you for your reply.

Actually I don't know where to begin with..

I created the .crt from the Visual admin

and don't know where to use that..

And also in some post I came across SAP Cryptographic library,

Do i need to install that?

thanks,

Talimeren

cand1
Advisor
Advisor
In response to cand1

‎10-04-2007 9:59 AM

0 Kudos

Hi Talimeren,

when you want to use certificates you have to setup SSL which you've started already. You have to get and import a server certificate which authenticates the server while the client creates a SSL connection. The cert has to assigned to the SSL port. For NW04 you can find the guide here http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm

If you want client authentication by certificates as well you have to import at least one root certificate from a certficate authority (CA) which you trust and by which all user certificates are signed.

SAP delivers the IAIK library for WebAS security, but this depends on your WebAS version and installation. I suggest you setup SSL and try to make a connection. If the connection can be made, the security library should be there.

HTH

Daniel

Message was edited by: Correct Link

Daniel Sass

Former Member
In response to cand1

‎10-04-2007 10:36 AM

0 Kudos

Hi Daniel ,

Thanks again for your quick response.

Ok I have done the setup for SSL and tested it.

Now how do I link the client with the certificate.

(Can I do it declaratively instead of programatically)

[I am using a proxy to access the web service]

and what about my web service??

Setting the Web service Configuration to use X.509 is enough

or do I need to link the certificate file to it..

Thanks,

Talimeren

cand1
Advisor
Advisor
In response to cand1

‎10-04-2007 11:02 AM

0 Kudos

Hi Talimeren,

you have to set up the strong authentication mechanism. Here you can find more information how to do this: http://help.sap.com/saphelp_nw70/helpdata/en/7c/a6d13f83a14d21e10000000a1550b0/frameset.htm

HTH

Daniel

Former Member
In response to cand1

‎10-05-2007 9:09 AM

0 Kudos

Hi Daniel,

Thanks for your reply again.

I have done the settings and created certificates for both the server and the client

and I've installed the certificate in my browser too.

But when I try to access my web service from the

Web Service navigator I get the following error:

Cannot download WSDL from https://localhost:50101/myService/Config2?wsdl: Cannot connect to https://localhost:50101/myService/Config2?wsdl: Peer sent alert: Alert Fatal: bad certificate

Thanks,

Talimeren

cand1
Advisor
Advisor
In response to cand1

‎10-08-2007 8:26 AM

0 Kudos

Hi Talimeren,

Unfortunately, I have no experience with this setup. You should try locate the error in the log files to find out which certificate has a problem and what the problem is.

Regards,

Daniel

Former Member
In response to cand1

‎10-08-2007 9:04 AM

0 Kudos

HI Daniel thanks again,

now I am getting an error

Cannot download WSDL from https://localhost:50101/myService/Config2?wsdl:

Cannot connect to https://localhost:50101/myService/Config2?wsdl: Software caused connection abort: socket write error

and in the log file I am geting the following:

Error#1#/System/Network#Plain###Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.#

#1.5#0011D8053E240014000000010000139000043BF689D4EE67#1191829967250#/System/Network##com.sap.engine.core.manipulator.TCPRunnableConnection.init()#######OrderedChannel for http service##0#0#

Error#1#/System/Network#Plain###Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.#

Thanks,

Talimeren