on 05-20-2019 10:41 AM
Dear Forum,
We are developing an interface with 'SOAP Certificate Based authentication' request call from Partner system to PI via SOAP Sender call
Presently we are unable to call with 'Certificate Based authentication' from Partner system (SOAP Sender)---à PI system
Interface flow: Partner(SOAP Sender)--->PI --->SAP
Error description: Http/1.1 401 Unauthorized
Certificate Authentication Configurations which we followed
1)We have followed standard client defined document of for ‘certificate Based authentication’ and values are defined as below in the system
--- Rule1.AttributeName = CN
--- Rule1.filterSubject = CN=TAM ***T **PKI EFBBDE3FA1FA23D8,DC=**g
--- Rule1.getUserFrom = subjectName
--- Rule1.UserMappingMode = VirtualUser
--- Rule1.VirtualUserDefaultRoles = SAP_XI_APPL_SERV_USER
XPI inspector log 1: ( Please refer attached Screen shot1 )
Comment: ‘Certificate user mapping defined’ in the system
2)We also followed customized values as defined below
--- Rule1.getUserFrom = wholeCert
XPI inspector log 2: (Please refer attached Screen shot 3 )
3) Referred SAP Blog: https://blogs.sap.com/2013/09/20/sender-soap-adapter-https-with-client-authentication/
Action points which we performed
Any suggestions/comments on this. It is really helpful if you have some suggestion on this situation.
Thank you very much.
with Best Regards,
Sateesh N
Can you capture the complete SOAP/HTTP request in XPI Inspector and see if the certificate is coming to PI system or not?
How the client system is sending the certificate? Is it adding it directly in header or client needs to request for certificate?
Another place you may need to check is at the load balancer. Sometime SSL connections will be decrypted at the load balancer and client certificates gets dropped at that time.
ssl_client_cert -- This is the header parameter authentication module expects to have the certificate.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Forum,
Any suggestions on this problem?
With Best Regards,
Sateesh N
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
what is the version of PI is it dual or single stack??
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.