on 01-10-2008 4:52 PM
Hi
We have a ECC 5.0 box that is based on WAS640. We created a Webservice definition on the ECC5.0 box based on a XI message interface endpoint and we released the webservice for SOAP runtime.
When we try to invoke the webservice from a SOAP client - I get the following response
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Body>
<soap-env:Fault>
<faultcode xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">n0:FailedAuthentication</faultcode>
<faultstring xml:lang="e">Authority check failed</faultstring>
</soap-env:Fault>
</soap-env:Body>
</soap-env:Envelope>
There is a single role for the userid that is used by the SOAP client to consume the webservice on R3 - SAP_XI_APPL_SERV_USER .
What role am I missing for the webservice user - inorder to fix this problem
Hi !
Your scenario is SOAP->XI->IDOC/RFC/PROXY ? I mean, you published a webservice in XI (not in ECC) to allow access to a ECC process. And then use another type of connection (IDOC/RFC/Abap Proxy) to connect XI to ECC. Is that right?
If yes, you should have 2 users, one that is used in every soap client to connect to XI, that should be an XI user with role SAP_XI_APPL_SERV_USER. then another user, created in ECC that should be used in XI to connect to ECC depending on the type of connection.
Regards,
Matias.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Matias
My scenario does not involve XI at runtime
Webservice is exposed directly out of the R3 box - it just user Xi message interface and the proxy implementation for the webservice response.
Now I am invoking this webservice that is on the R3 box from a SOAP client tool. What are the credentials required for the user on R3 that is used by the SOAP client tool ?
Hi !
Try a user with the S_SERVICE authorization in ECC.
From
Accessing SAP functions via Web services follows the standard SAP authorization concept.
This concept is based on authorizations for specific authorization objects. The system checks
for the required authorization for an authorization object during the execution of a Web
service. If a user does not have this authorization, the execution is terminated, and an error
message is returned.
SAP ERP ES uses the standard authorization objects that are available for mySAP ERP,
including authorization default values for Web services. In addition, you need the
authorization S_SERVICE to start external services. To create and consume Web services,
you require the authorizations belonging to the role SAP_BC_WEBSERVICE_ADMIN as well
as authorization for the Internet Communication Framework (S_ICF_ADMIN).
For more information about authorizations for Web services, see the SAP NetWeaver
documentation at help.sap.com ® SAP NetWeaver ® SAP NetWeaver 2004s ® SAP
NetWeaver Developers Guide ® Fundamentals ® Using Java ® Core Development Tasks
® Providing and Consuming Web Services ® Web Service Toolset ® Web Services Security
® Authorization.
Regards,
Matias.
Edited by: Matias Denker on Jan 10, 2008 2:27 PM
Hi,
Try these authorizations..
SAP_XI_DEVELOPER (Composite)
SAP_SLD_DEVELOPER
SAP_XI_DEMOAPP
SAP_XI_DEVELOPER_ABAP
SAP_XI_DEVELOPER_J2EE
and also refer to http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
I hope this will help you.
Regards
Aashish Sinha
PS : reward points if helpful
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
are you using SOAP adapter between ECC and XI? I think PROXY, RFC or IDoc are the best adapters for communicatiob between SAP systems.
Someone correct me if was wrong..!!
VJ
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.