cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP PI AS2 Adapter - Sender receiving 401 Message

Go to solution
Former Member

on ‎11-26-2014 6:08 AM

0 Kudos

Hi Experts,

We have configured AS2 from SAP B2B Add-on as part of our SAP PI 7.31 Dual Stack installation. I was able to successfully send AS2 messages to the partner by configuring the appropriate Receiver Channel.

We have a CA Signed certificate which is uploaded in a KeyStore View in NWA. The partner's public certificates are also uploaded on NWA TrustedCA Keystore and also the KeyStore where we store AS2 certificates (some partners use the same certificate, others have different certificates for SSL Handshake and Data Encryption/Signature Authentication).

However, after configuring the appropriate Sender Channel and the associated Configuration Scenario objects, when the partner sends data to us, they are receiving a 401 Unauthorized Error. I have instructed them to send the data to https://server:443/AS2/B2B. I have sent them our public certificate and everything is still failing on their end.

Any help will be appreciated.

Best Regards,

Rommel

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

piyush_chougaonkar
Explorer
‎11-27-2014 5:04 AM
0 Kudos

Hi Rommel,

By default, AS2 adapter requires basic authentication. If your partner is not using correct user/password then he will get HTTP 401 exception.

If you want to skip basic authentication step then please follow the steps given in SAP Note 1828575.

Thanks & regards,

Piyush

Show replies
Show replies
Former Member
‎11-27-2014 12:07 PM
0 Kudos

Hi Piyush,

Thanks a lot - that resolved our authentication issue. Now we have a different issue - AS2 cannot decrypt the inbound messages sent to us encrypted by our public certificate. Thing is we are using the same certificate for client-server authentication as well as encryption and signature.

Not sure why it is failing - any inputs?

Here is the error we are receving:

Error occured while decrypting the AS2-message: Cannot decrypt message: org.bouncycastle.cms.CMSException: key invalid in message.

Not sure if we missed another configuration.

Regards,

Rommel

piyush_chougaonkar
Explorer
‎11-28-2014 4:28 AM
0 Kudos

Hi Rommel,

You need to update your JCE jars as given in the below blog:

Thanks & regards,

Piyush

Former Member
‎08-20-2015 1:46 AM
0 Kudos

Hi Piyush

Why you say by default it requires basic authentication? I am having a similar error  but on the logs I see that all login modules (including BasicPasswordLoginModule)are flagged as SUFFICIENT and not REQUIRED .


I will llike the ClientCertLoginModule to deal with the authentication.  Not Basic authentication. Maybe you can give me a clear explanation on this.


context.tableLOGIN.FAILED

User: AS2_Partner

IP Address: 200.230.490.651

Authentication Stack: sap.com/com.sap.aii.adapter.as2.app*AS2

Authentication Stack Properties:

        policy_domain = /AS2

        auth_method = basic

        realm_name = B2BAS2Apps

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details

1. com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule    SUFFICIENT  ok          exception             true       Received no SAP Authentication Assertion Ticket.

        #1 ume.configuration.active = true

2. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false                 true      

        #1 ume.configuration.active = true

3. com.sap.engine.services.security.server.jaas.ClientCertLoginModule      SUFFICIENT  ok          false                 false     

        #1 Rule1.getUserFrom = wholeCert

4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   SUFFICIENT  ok          exception             true       Authentication did not succeed.



Sorry for writing over this thread, if you like I can open a new discussion... so I can reward you with points. 

Regards

Henry

Answers (1)

Answers (1)

former_member184720
Active Contributor
‎11-26-2014 1:40 PM
0 Kudos

I was just going through the documentation and found below notes regarding authorization.

The UME action AS2Deliverage must be assigned to the J2EE user created for the purpose of sending messages to the adapter’s public HTTP URL. The authentication credentials are provided to the partner in order to call the adapter using HTTP(s)


May be you can check if the user has any roles assigned which has the action "AS2Deliverage "


Configuring AS2 Sender Channel for Inbound Message Processing - SAP NetWeaver Process Integration, b...

Show replies
Show replies
Former Member
‎11-26-2014 3:02 PM
0 Kudos

Hi Hareesh,

Thank you very much for your information I'll check it out. However, we would like to use SSL authentication. Any ideas how to configure it?

I've gone so far in modifying the Authentication Stack and Properties for sap.com/com.sap.aii.adapter.as2.apps*AS2 in NWA to do client certificate authentication instead of basic but still failing as well.

Regards,

Rommel

Ask a Question