on 10-17-2014 3:01 AM
Hi,
We are having a SOAP to proxy scenario. We have exposed PI webservice to third party vendor. The vendor sends the message with a signature attached. We have loaded their certificates in keystore using which they sign the message. However, we see this error in sender SOAP channel everytime we receive a request.
com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte[], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[], CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration... To-String: com.sap.security.core.policy.exceptions.VerifyException: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..; To-String
I tried removing the Verification option in ICO for Requests but it gives out the same error. I found very little information for this on SCN. Any pointers would be really appreaciated.
Thanks,
Ravi
Hi Ravi,
We are also facing the same issue with SOAP sender channel.
com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte[], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[], CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration... To-String:
Does any specific settings required in PI?
Thanks & Regards
Anil Kumar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
This happens when the incoming message does not have wsse security headers. The third party system needs to implement wsse security in order to verify it in sap pi. We turned off verification for incoming message and we signed only the outgoing messages. This worked.
Thanks,
Ravi Desai
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.