Solved: SOAP adapter - unauthorized problem

Former Member · ‎07-07-2008

Hi all,

Our third party receive an unauthorized (401) message back when they send a soap request via http protocol to our XI server.

In the soap request, the following location adapted.

http://integration.test.com/XISOAPAdapter/MessageServlet?channel=P_Cop:BSrv_EDS:CC_Cop_SOAP_Sender_buf&version=3.0&Sender.Party=http://sap.com/xi/XI:XIParty:P_COP&Sender.Service=BSrv_EDS&Interface=http://test.com/interfacing/lp/eds/cop^MI_O_vatCOP_BUF

Changing the location into did not work also

http://XIusername:XIpassword@*integration.test.com/XISOAPAdapter/MessageServlet?channel=P_Cop:BSrv_EDS:CC_Cop_SOAP_Sender_buf&version=3.0&Sender.Party=http://sap.com/xi/XI:XIParty:P_COP&Sender.Service=BSrv_EDS&Interface=http://test.com/interfacing/lp/eds/cop^MI_O_vatCOP_BUF

Using a the Oxygen web service testing tool works fine (after enter a valid XIusername and XIpassword).

Using the SOAP UI web service testing tool does not work (after enter a valid XIusername and XIpassword).

Are there any other options or ideas?

Please help

wilsonrsantos · ‎07-08-2008

Hi E.J.C. Theuns !

Maybe the problem is being caused because the way that the user and password is being sent to XI WebService.

I have used to send user and password joined to the url in the format that you specified in your first message but, this worked in Java, not in PHP.

When I used PHP to call a RFC function as a WebService, I do it using NuSOAP package, and using NuSOAP, the code was something like this:



require_once('nusoap.php');


$client=new soapclient('http://<server>:<port/sap/bc/soap/rfc');
$client->setCredentials('<user>','<password>');

$msg='<BAPI_MATERIAL_GETLIST xmlns="urn:sap-com:document:sap:rfc:functions">
   <MAXROWS>200</MAXROWS>
   <MATNRSELECTION>
    <item>
     <SIGN xsi:type="xsd:string">I</SIGN>
     <OPTION xsi:type="xsd:string">GE</OPTION>
     <MATNR_LOW xsi:type="xsd:string">000000000000000001</MATNR_LOW>
    </item>
   </MATNRSELECTION>
   <MATNRLIST></MATNRLIST>
   <MATERIALSHORTDESCSEL></MATERIALSHORTDESCSEL>
  </BAPI_MATERIAL_GETLIST>';

$msg1 = $client->serializeEnvelope($msg);

echo "Makes the call !";
$client->send($msg1,"BAPI_MATERIAL_GETLIST");

echo '<br><br><br><br><b>Request:</b><xmp>'.$client->request.'</xmp>';
$material = $client->response["MATNRLIST"];
$item = $material["item"];
echo '<b>Test:</b> <xmp>'.$item["MATERIAL"].'</xmp>';
echo '<b>Response:</b> <xmp>'.$client->response.'</xmp>';
echo '<b>Debug log:</b> <pre><code>'.$client->debug_str.'</code></pre>';

echo "End of execution";

How you can see in this sample code, the user and password are sent using this code:

$client->setCredentials('<user>','<password>');

Where $client is a instance of the NuSOAP soapclient class.

This code always work very well, I don´t know if your third part system is using NuSOAP too but, case not, tell the php programmer to check if the library that is being used doesn´t have some class/method like NuSOAP, to set credentials.

Thank you for your attention, and I hope this info helps you !

Best regards,

Wilson

Former Member · ‎07-09-2008

Hi all,

Now it is working great. Just talk with one of the third party PHP programmer. They found out that in their PHP programm a parameter is available where they can set the username and password.

Thxs all for the ideas!

Greetings,

Edwin

Former Member · ‎07-08-2008

Hi Wilson,

Thanks for your detail explanation. I will ask the third party (and the PHP programmer) to look at this.

As soon as I know more, I will inform.

Greetings,

Edwin

Former Member · ‎07-08-2008

Hi vemuganti naga phalguna,

I just check your suggestion in the Visual Administrator.

The securtity role xi_adapter_soap_message is already assigned to the component XISOAPAdapter.

Hi Ron,

the suggested URL is checked without a positive result.

Greetings,

Edwin

Former Member · ‎07-08-2008

I'd think the problem is in the php script. Maybe they log on as anonymous, or there's an upper/lowercase mistake in it. Can you get hold of their source code? Maybe you can see in the default trace if someone is trying to log on under the wrong user name?

Ron

Former Member · ‎07-08-2008

Hi Edwin,

Just to be sure, did you follow Aamir's suggestion to use URL:

http://integration.test.com/XISOAPAdapter/MessageServlet?channel=P_Cop:BSrv_EDS:CC_Cop_SOAP_Sender_b...

Groeten,

Ron

Former Member · ‎07-08-2008

Hi Ron,

The test is realized in a secured VPN, which is working well. All test (like ping and trace) are working correctly. The firewall is configurated correctly for this specific SOAP request from a specific IP address.

Unfortunately, when the third party does a soap request via a PHP script they get an authorized message back from the XI server.

Greetings,

Edwin

Former Member · ‎07-08-2008

Hi Edwin,

It might just be a firewall issue. Did they test with Oxygen on a local desktop or on the server that's calling the webservice? They should test on the machine that calls the webservice. From that, can they ping the url of the XI server or try a telnet session?

Regards,

Ron

Former Member · ‎07-07-2008

Hi Aamir,

Thanks for your reply.

The SOAP URL is in a correct format otherwise you get an another error message, looks like

 <detail>
            <s:SystemError xmlns:s="http://sap.com/xi/WebService/xi2.0">
               <context>XIAdapter</context>
               <code>ModuleUnknownException</code>
               <text>com.sap.aii.af.mp.module.ModuleException: either no channelID specified or no channel found for the specified party, service, and channel name,

The error the third party receive is an unauthorized error (401).

Also with a test tool Oxygen (similar with Altova XML spy) works great when I test my scenario.

Hi Sameer,

Thanks for your reply.

XI user has the authorization of the group SAP_XI_APPL_SERV_USER

Hi vemuganti naga phalguna,

Thanks for your reply.

This is something I have to check, but why is it possible that it work perfect with a the test tool Oxygen?

Thank you all for the quick response.

Greetings,

Edwin

Former Member · ‎07-07-2008

hi E.J.C. Theuns

check whether the user with which you are sending the soap request has assigned the role

XI_ADAPTER_SOAP_MESSAGE.

Regards

kummari

Edited by: kummari on Jul 8, 2008 6:16 AM

Former Member · ‎07-07-2008

Hi

Check if the XI user has the authorization of the group SAP_XI_APPL_SERV_USER.

BR

Sameer

Former Member · ‎07-07-2008

HI

: The adapter's servlet is protected by default. You must use one of the user names assigned in security role xi_adapter_soap_message for component XISOAPAdapter.

documentation for Visual Administrator to view and change the security setting.

The user authentication of the SOAP adapter is not part of the SOAP adapter but of the web container of the J2EE engine. The default authentication setting is defined in the web.xml descriptor file of the SOAP dapter web application. This setting may be modified from Visual Administrator with some restriction. Please refer to the security documentation for the J2EE engine.

cheers

Former Member · ‎07-07-2008

Hey

the SOAP URL must be in the format

http://<serverhost>:<port>/XISOAPAdapter/MessageServlet?channel=<party>:<ServiceName>:<Channel Name>

the URL which you are using looks a bit diferrent to me,Please dont use "Propose URL" button when you generate WSDL file.

secondly try to download Altova XML spy(its free download) and use it to test your scenario.

Thanx

Aamir

SOAP adapter - unauthorized problem

Accepted Solutions (1)

Accepted Solutions (1)

Answers (12)

Answers (12)

Re: CF Deployment Error: Error getting tenant t0

Expand and Collapse at Group Level for sap.m.Table

Re: TR is imported into production but status in S...

Re: date convertion YYYYMMDD to MM/DD/YYYY in sap ...

Re: Object store secret mys-object-store-secret no...