cancel
Showing results for 
Search instead for 
Did you mean: 

Digital signature verification error in SOAP sender channel

Former Member
0 Kudos

Hi,

We are having a SOAP to proxy scenario. We have exposed PI webservice to third party vendor. The vendor sends the message with a signature attached. We have loaded their certificates in keystore using which they sign the message. However, we see this error in sender SOAP channel everytime we receive a request.

com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte[], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[], CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration... To-String: com.sap.security.core.policy.exceptions.VerifyException: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..; To-String

I tried removing the Verification option in ICO for Requests but it gives out the same error. I found very little information for this on SCN. Any pointers would be really appreaciated.

Thanks,

Ravi

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member278111
Participant
0 Kudos

Hi Ravi,

We are also facing the same issue with SOAP sender channel.

com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte[], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[], CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: [com.sap.ASJ.wssec.030197] Error while valdiating the digital signature. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration... To-String:

Does any specific settings required in PI?

Thanks & Regards

Anil Kumar

Former Member
0 Kudos

Hi,

This happens when the incoming message does not have wsse security headers. The third party system needs to implement wsse security in order to verify it in sap pi. We turned off verification for incoming message and we signed only the outgoing messages. This worked.

Thanks,

Ravi Desai

Former Member
0 Kudos

Hi Ravi,

We are facing the same  issue in soap receiver adapter. We are using encrypt and signing for request and decrypt and validation for response in soap receiver. you mean to say above that you have used only decrypt and removed validation from response?