on 04-30-2014 8:13 AM
Hi all,
Our scenario is IDoc to SOAP with MLS.
Facing following error in CC Monitoring log,
Processing assertion ConfidentialityAssertion (ID ConfidentialityAssertion-20-93365913) failed. Message was: [com.sap.ASJ.wssec.030155] Error during the generation of encryption element. Error was: com.sap.security.core.securitypolicy.assertions.cert.CertException Error reading the certificate from the keystore (view SCB_MLS). Error: com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreException Access to keystore failed: null...
[EXCEPTION]
com.sap.security.core.policy.exceptions.ProcessException: [com.sap.ASJ.wssec.030155] Error during the generation of encryption element. Error was: com.sap.security.core.securitypolicy.assertions.cert.CertException Error reading the certificate from the keystore (view SCB_MLS). Error: com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreException Access to keystore failed: null..
at com.sap.security.core.securitypolicy.assertions.ConfidentialityAssertion.apply(ConfidentialityAssertion.java:235)
at com.sap.security.core.policy.expressions.AllExpression.apply(AllExpression.java:106)
at com.sap.security.core.policy.WSPolicy.apply(WSPolicy.java:38)
at com.sap.security.core.ws.wss.WSSecurityImpl.applyPolicy(WSSecurityImpl.java:100)
at com.sap.engine.services.wssec.service.WSSecurityServiceImpl.applyPolicy(WSSecurityServiceImpl.java:99)
at com.sap.aii.security.impl.wsse.WSSEThread.run(WSSEThread.java:286)
at com.sap.engine.frame.core.thread.Task.run(Task.java:73)
at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:178)
at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:316)
Caused by: com.sap.security.core.securitypolicy.assertions.cert.CertException: [com.sap.ASJ.wssec.030285] Error reading the certificate from the keystore (view SCB_MLS). Error: com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreException Access to keystore failed: null.
at com.sap.security.core.securitypolicy.assertions.cert.KeystoreCertificateElement.getCertificates(KeystoreCertificateElement.java:92)
at com.sap.security.core.securitypolicy.assertions.SecurityTokenElement.getCertificate(SecurityTokenElement.java:213)
at com.sap.security.core.securitypolicy.assertions.ConfidentialityAssertion.apply(ConfidentialityAssertion.java:188)
... 8 more
Caused by: com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreException: [com.sap.ASJ.wssec.030334] Access to keystore failed: null.
at com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreImpl.getX509Certificate(WSSEKeystoreImpl.java:235)
at com.sap.security.core.securitypolicy.assertions.cert.KeystoreCertificateElement.getCertificates(KeystoreCertificateElement.java:90)
... 10 more
Caused by: java.security.PrivilegedActionException: java.security.cert.CertificateException: No such alias:SCB_MLScert_prod
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreImpl.getX509Certificate(WSSEKeystoreImpl.java:229)
... 11 more
Caused by: java.security.cert.CertificateException: No such alias:SCB_MLScert_prod
at com.sap.security.core.securitypolicy.assertions.cert.WSSEKeystoreImpl$GetCertPrivilegedAction.run(WSSEKeystoreImpl.java:377)
... 13 more
Please help to resolve in high priority.
Regards
Amarnath M
Hi all,
It got resolved. It not fetched due to cache problem.
But I had a query that, how to identify whether the MLS is applied properly in the scenario during run time?
Regards
Amarnath M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Atluri,
In CC Monitoring web service security is enabled.
In xpi trace, we are getting MLS certificate for Sign & Encrypt applied successfully. But the strange is, we are having log as follows(which seems to be a exception I hope).
Exception : Unable to locate getter method getFile in class com.sap.security.core.securitypolicy.assertions.cert.KeystoreKeyElement.
java.lang.Exception
at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1230)
at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:233)
at com.sap.exception.BaseException.<init>(BaseException.java:145)
at com.sap.security.core.server.util0.IDException.<init>(IDException.java:49)
at com.sap.security.core.server.xmlbind.exception.XMLBindException.<init>(XMLBindException.java:23)
at com.sap.security.core.server.xmlbind.exception.XMLBindConfigException.<init>(XMLBindConfigException.java:24)
at com.sap.security.core.server.xmlbind.XMLMarshaller.getFieldValue(XMLMarshaller.java:797)
at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:554)
at com.sap.security.core.server.xmlbind.XMLMarshaller.addChild(XMLMarshaller.java:1083)
at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:726)
at com.sap.security.core.server.xmlbind.XMLMarshaller.addChild(XMLMarshaller.java:1083)
at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:695)
at com.sap.security.core.server.xmlbind.XMLMarshaller.marshal(XMLMarshaller.java:187)
at com.sap.security.core.ws.mapping.WSMappingUtil.marshall(WSMappingUtil.java:99)
at com.sap.security.core.policy.expressions.AllExpression.getPolicyObjectAsXML(AllExpression.java:236)
at com.sap.security.core.policy.expressions.AllExpression.apply(AllExpression.java:103)
at com.sap.security.core.policy.WSPolicy.apply(WSPolicy.java:38)
at com.sap.security.core.ws.wss.WSSecurityImpl.applyPolicy(WSSecurityImpl.java:100)
at com.sap.engine.services.wssec.service.WSSecurityServiceImpl.applyPolicy(WSSecurityServiceImpl.java:99)
at com.sap.aii.security.impl.wsse.WSSEThread.run(WSSEThread.java:286)
at com.sap.engine.frame.core.thread.Task.run(Task.java:73)
at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:178)
at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:316)
Caused by: java.lang.NoSuchMethodException: com.sap.security.core.securitypolicy.assertions.cert.KeystoreKeyElement.getFile()
at java.lang.Class.getMethod(Class.java:1607)
at com.sap.security.core.server.xmlbind.XMLMarshaller.getFieldValue(XMLMarshaller.java:793)
at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:554)
at com.sap.security.core.server.xmlbind.XMLMarshaller.addChild(XMLMarshaller.java:1083)
at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:726)
at com.sap.security.core.server.xmlbind.XMLMarshaller.addChild(XMLMarshaller.java:1083)
at com.sap.security.core.server.xmlbind.XMLMarshaller.marshalInternal(XMLMarshaller.java:695)
at com.sap.security.core.server.xmlbind.XMLMarshaller.marshal(XMLMarshaller.java:187)
at com.sap.security.core.ws.mapping.WSMappingUtil.marshall(WSMappingUtil.java:99)
at com.sap.security.core.policy.expressions.AllExpression.getPolicyObjectAsXML(AllExpression.java:236)
at com.sap.security.core.policy.expressions.AllExpression.apply(AllExpression.java:103)
at com.sap.security.core.policy.WSPolicy.apply(WSPolicy.java:38)
at com.sap.security.core.ws.wss.WSSecurityImpl.applyPolicy(WSSecurityImpl.java:100)
at com.sap.engine.services.wssec.service.WSSecurityServiceImpl.applyPolicy(WSSecurityServiceImpl.java:99)
at com.sap.aii.security.impl.wsse.WSSEThread.run(WSSEThread.java:286)
at com.sap.engine.frame.core.thread.Task.run(Task.java:73)
at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:178)
at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:316)
But the receiver side file is receiving without encryption. What might be the issue?
Please guide.
Regards
Amarnath M
Hi Amarnath,
Check whether key-store view entries Alias Name "SCB_MLScert_prod" is maintained in NWA->Configuration->certificates which is used in ReceiverAgreement. If it is maintained check whether you are pointing correct view and keys in ReceiverAgreement. Encryption done by public key of the receiver system.
Thanks,
Krupa
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Amarnath,
have a look on this doc:
Confidentiality assertion: Specifies that specific portions of a message must be
encrypted, and a specific algorithm to be used (ex: AES, 3DES)
And also in this old messages:
Regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.