cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to hide login and password transported in interface ?

wilsonrsantos
Active Participant

on ‎06-26-2008 1:18 PM

0 Kudos

Hi !

In the current project that I´m working, the customer is developing a website in .Net and intend to use XI to communication between website and ECC 6.0. One of their needs is to create an interface to call a RFC in ECC 6.0 to validate login+password provided in the website(they created a Z table to persist login data, and a RFC to receive login and password and check in this table).

My problem is, to solve this situation, I would use a simple sincronous interface but, the login+password information will be logged into monitoring screens of XI, and it´s not desireble, so I´m finding a way to hide this information.

Initially, I was thinking to make 2 adapter modules, 1 to be used joined to the Sender SOAP Channel that will be used to the website call, that could get the data send by the website and encrypt it, to be sent to the XI pipeline encripted(only the fields login and password), and the 2nd to be used joined to the RFC Receiver channel, to decrypt login and password to be sent to the RFC call. Another alternative that I found was to use the MessageTransformBean and XLST mapping + java, but I´m looking for another alternatives.

Somebody knows if there are some way to achieve this(hide some information in a message being processed by XI)?

In time, I can´t to disable the logging of syncronous interfaces, because it´s customer requirement.

Any help is welcome !

Thank you in advance, and best regards,

Wilson

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

wilsonrsantos
Active Participant
‎06-30-2008 5:57 PM
0 Kudos

Hi !

I have solved the problem.

I used to develop 2 adapter modules, one to intercept the message arriving to SOAP Sender communication channel, encrypt the content of parametrized fields(in the module tab of the comm. channel) and deliver the updated message to the processing chain of the comm. channel.

This message is so processed correctly by the XI pipeline, and delivered to the RFC Receiver Comm. Channel. I developed another adapter module to receive the data sent to the receiver RFC Comm. Channel, decrypt the contents of parametrized fields(like the another module, parametrized in the module tab), and deliver the updated message to the processing chain of the comm. channel.

After some tests, I verified that the message doesn´t remain logged unencrypted into XI(I checked Message Monitoring for Adapter Engine at Runtime Workbench, and the SXI_MONITOR trn).

Like mentioned by Jaishankar, the SOAP Adapter initially didn´t accepted the module adapter that I wrote following the stardards existing in several documents about adapter modules here in SDN, but after some research, and debbuging sections of the adapter module, I achieved to develop the correct code to work.

Thank you for your attention, and best regards,

Wilson

Show replies
Show replies
Former Member
‎06-30-2008 7:50 PM
0 Kudos

Hi

Normally, you can directly call the RFC from ur web and get the things solved.I saw a similar kind earlier.

but ur solution is quite intresting.

can you plz post the code you used in both the modules.

I am sure it can help many of us.

Appreciate your help,

Thanks

Kiran

wilsonrsantos
Active Participant
‎07-02-2008 2:24 PM
0 Kudos

Hi Kiran !

Yes, I know that is possible to call the RFC directly from .Net, I have mentioned in this thread this option as a possible solution, but, how I mentioned too, call the RFC directly will lead this interface to be out of the standards defined by the customer(all interfaces being controlled by XI).

I will write a WebLog detailling this solution, I think it´s a better way to explain that.

Thank you for your response,

Wilson

Former Member
‎07-03-2008 9:24 PM
0 Kudos

Hi Wilson,

Thats a nice idea.

It will be easy task for any one to access from the repository.

Let me know when you post that BLOG, Please.

Thanks

Kiran

Former Member
‎06-26-2008 2:17 PM
0 Kudos

Wilson,

Did you try Message Level security? There are guides available in SDN explaining the process. I guess this could be a better choice.

P.S: You can not use adapter modules on SOAP sender adapter.

Regards,

Jaishankar

Show replies
Show replies
wilsonrsantos
Active Participant
‎06-26-2008 2:35 PM
0 Kudos

Hi Jaishankar !

Thank you for your response !

I read something about Message Level Security as you suggested, but what I understood was that the MLS will be need in my scenarios too, to improve the security in the communication between XI and the website, but I understood that MLS doesn´t encript the message when it´s inside XI pipeline.

What the customer want is that operations team(support guys), when using SXI_MONITOR, be not able to see the XML message for the website login interface containing login and password decrypted.

I looked into configuration of sender soap adapter and, the module section of the configuration of communication channel is available, there is some documentation about the restriction that you mentioned ?

Another alternative is this interface doesn´t use XI, so the website can call the RFC for login directly, using SOAP, or even .Net connectors, but this will make this interface out of the standards defined in the customer(all interfaces being processed by XI).

Thank you again, and best regards.

Wilson

Ask a Question