cancel
Showing results for 
Search instead for 
Did you mean: 

MLS security error

Former Member
0 Kudos

Hi all,

Our scenario is IDoc to SOAP with MLS.

Facing following error in CC Monitoring log,

Processing assertion ConfidentialityAssertion (ID ConfidentialityAssertion-20-93365913) failed. Message was: [com.sap.ASJ.wssec.030155] Error during the generation of encryption element. Error was: com.sap.security.core.securitypolicy.assertions.cert.CertException Error reading the  certificate from the keystore (view SCB_MLS). Error: com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreException Access to keystore failed: null...

[EXCEPTION]

com.sap.security.core.policy.exceptions.ProcessException: [com.sap.ASJ.wssec.030155] Error during the generation of encryption element. Error was: com.sap.security.core.securitypolicy.assertions.cert.CertException Error reading the  certificate from the keystore (view SCB_MLS). Error: com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreException Access to keystore failed: null..

at com.sap.security.core.securitypolicy.assertions.ConfidentialityAssertion.apply(ConfidentialityAssertion.java:235)

at com.sap.security.core.policy.expressions.AllExpression.apply(AllExpression.java:106)

at com.sap.security.core.policy.WSPolicy.apply(WSPolicy.java:38)

at com.sap.security.core.ws.wss.WSSecurityImpl.applyPolicy(WSSecurityImpl.java:100)

at com.sap.engine.services.wssec.service.WSSecurityServiceImpl.applyPolicy(WSSecurityServiceImpl.java:99)

at com.sap.aii.security.impl.wsse.WSSEThread.run(WSSEThread.java:286)

at com.sap.engine.frame.core.thread.Task.run(Task.java:73)

at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:178)

at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:316)

Caused by: com.sap.security.core.securitypolicy.assertions.cert.CertException: [com.sap.ASJ.wssec.030285] Error reading the  certificate from the keystore (view SCB_MLS). Error: com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreException Access to keystore failed: null.

at com.sap.security.core.securitypolicy.assertions.cert.KeystoreCertificateElement.getCertificates(KeystoreCertificateElement.java:92)

at com.sap.security.core.securitypolicy.assertions.SecurityTokenElement.getCertificate(SecurityTokenElement.java:213)

at com.sap.security.core.securitypolicy.assertions.ConfidentialityAssertion.apply(ConfidentialityAssertion.java:188)

... 8 more

Caused by: com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreException: [com.sap.ASJ.wssec.030334] Access to keystore failed: null.

at com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreImpl.getX509Certificate(WSSEKeystoreImpl.java:235)

at com.sap.security.core.securitypolicy.assertions.cert.KeystoreCertificateElement.getCertificates(KeystoreCertificateElement.java:90)

... 10 more

Caused by: java.security.PrivilegedActionException: java.security.cert.CertificateException: No such alias:SCB_MLScert_prod

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreImpl.getX509Certificate(WSSEKeystoreImpl.java:229)

... 11 more

Caused by: java.security.cert.CertificateException: No such alias:SCB_MLScert_prod

at com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreImpl$GetCertPrivilegedAction.run(WSSEKeystoreImpl.java:377)

... 13 more

Please help to resolve in high priority.

Regards

Amarnath M

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

Hi all,

It got resolved. It not fetched due to cache problem.

But I had a query that, how to identify whether the MLS is applied properly in the scenario during run time?

Regards

Amarnath M

Former Member
0 Kudos

Hi Amarnath,

You can find the security applied status in communication channel log. If you want in detail trace you can use XPI Inspector.

Thanks,

Krupa

Former Member
0 Kudos

Dear Atluri,

In CC Monitoring web service security is enabled.

In xpi trace, we are getting MLS certificate for Sign & Encrypt applied successfully. But the strange is, we are having log as follows(which seems to be a exception I hope).

Exception : Unable to locate getter method getFile in class com.sap.security.core.securitypolicy.assertions.cert.KeystoreKeyElement.

java.lang.Exception

at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1230)

at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:233)

at com.sap.exception.BaseException.<init>(BaseException.java:145)

at com.sap.security.core.server.util0.IDException.<init>(IDException.java:49)

at com.sap.security.core.server.xmlbind.exception.XMLBindException.<init>(XMLBindException.java:23)

at com.sap.security.core.server.xmlbind.exception.XMLBindConfigException.<init>(XMLBindConfigException.java:24)

at com.sap.security.core.server.xmlbind.XMLMarshaller.getFieldValue(XMLMarshaller.java:797)

at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:554)

at com.sap.security.core.server.xmlbind.XMLMarshaller.addChild(XMLMarshaller.java:1083)

at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:726)

at com.sap.security.core.server.xmlbind.XMLMarshaller.addChild(XMLMarshaller.java:1083)

at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:695)

at com.sap.security.core.server.xmlbind.XMLMarshaller.marshal(XMLMarshaller.java:187)

at com.sap.security.core.ws.mapping.WSMappingUtil.marshall(WSMappingUtil.java:99)

at com.sap.security.core.policy.expressions.AllExpression.getPolicyObjectAsXML(AllExpression.java:236)

at com.sap.security.core.policy.expressions.AllExpression.apply(AllExpression.java:103)

at com.sap.security.core.policy.WSPolicy.apply(WSPolicy.java:38)

at com.sap.security.core.ws.wss.WSSecurityImpl.applyPolicy(WSSecurityImpl.java:100)

at com.sap.engine.services.wssec.service.WSSecurityServiceImpl.applyPolicy(WSSecurityServiceImpl.java:99)

at com.sap.aii.security.impl.wsse.WSSEThread.run(WSSEThread.java:286)

at com.sap.engine.frame.core.thread.Task.run(Task.java:73)

at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:178)

at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:316)

Caused by: java.lang.NoSuchMethodException: com.sap.security.core.securitypolicy.assertions.cert.KeystoreKeyElement.getFile()

at java.lang.Class.getMethod(Class.java:1607)

at com.sap.security.core.server.xmlbind.XMLMarshaller.getFieldValue(XMLMarshaller.java:793)

at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:554)

at com.sap.security.core.server.xmlbind.XMLMarshaller.addChild(XMLMarshaller.java:1083)

at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:726)

at com.sap.security.core.server.xmlbind.XMLMarshaller.addChild(XMLMarshaller.java:1083)

at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:695)

at com.sap.security.core.server.xmlbind.XMLMarshaller.marshal(XMLMarshaller.java:187)

at com.sap.security.core.ws.mapping.WSMappingUtil.marshall(WSMappingUtil.java:99)

at com.sap.security.core.policy.expressions.AllExpression.getPolicyObjectAsXML(AllExpression.java:236)

at com.sap.security.core.policy.expressions.AllExpression.apply(AllExpression.java:103)

at com.sap.security.core.policy.WSPolicy.apply(WSPolicy.java:38)

at com.sap.security.core.ws.wss.WSSecurityImpl.applyPolicy(WSSecurityImpl.java:100)

at com.sap.engine.services.wssec.service.WSSecurityServiceImpl.applyPolicy(WSSecurityServiceImpl.java:99)

at com.sap.aii.security.impl.wsse.WSSEThread.run(WSSEThread.java:286)

at com.sap.engine.frame.core.thread.Task.run(Task.java:73)

at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:178)

at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:316)

But the receiver side file is receiving without encryption. What might be the issue?

Please guide.

Regards

Amarnath M

Former Member
0 Kudos

Hi Amarnath,

Which certificate are you using for encryption? I think certificates seems to be wrong.

Can you share screen shot of ReceiverAgreement and keystorage view and entries.

Thanks,

Krupa

Former Member
0 Kudos

Hi Krupa,

please let me know your mail id to share those details?

With Regards

Amar

Former Member
0 Kudos

Hi Amarnath,

Check whether key-store view entries Alias Name "SCB_MLScert_prod" is maintained in NWA->Configuration->certificates which is used in ReceiverAgreement. If it is maintained check whether you are pointing correct view and keys in ReceiverAgreement. Encryption done by public key of the receiver system.

Thanks,

Krupa

Former Member
0 Kudos

Hi Amarnath,

   have a look on this doc:

„Confidentiality assertion: Specifies that specific portions of a message must be

encrypted, and a specific algorithm to be used (ex: AES, 3DES)

http://hpc-wiki.wikispaces.com/file/view/SAP+NetWeaver+Process+Integration+-+Overview+of+Supported+S...

And also in this old messages:

Regards.