Client Certificate Authentication and Test tool

Former Member · ‎05-11-2017

Hi,

I try to set up a Certificate based client authentication on our SAP PI 7.3 SP13 System. Steps done so far:

I take this blog as basis: https://blogs.sap.com/2013/09/20/sender-soap-adapter-https-with-client-authentication/

and implement all the config steps with one exception, I'd like to use UserName/Password as well as Certificate based authentication and therefore I keep ClientCertLoginModule(OPTIONAL) and BasicPasswordLoginModule(OPTIONAL)...

Questions:

1. I try to test it with SOAP UI, but I always get error message saying java.security.AccessControlException: client certificate required

That means and that I see also in secutiry log, seems like the Certificate is not beeing sent from SOAP UI... Which Tool do you use to do this kind of tests?

2. Even I configure both Modules as optional or ClientCert as optional and BasicPassword as Sufficient, and I configure UserName/Password for user I'm still getting the client certificate required exception... Do you know why?

Former Member · ‎05-31-2017

Hi Manoj,

sorry for the stupid question, but in which View do I need to load the Public Certifcate in STRUST?

Thanks,

Milan

manoj_khavatkopp · ‎05-29-2017

Milan,

Is your PI system dual or single stack ? if dual then you need to have the public certificate in STRUST too.

Recently i did this with java stack and was able to test it successfully from SOAP UI.

Br,

Manoj

Former Member · ‎05-24-2017

Hi Bence,

I'd like to test 3rd party to SAP PI using Client Certificate Authentication... To simulate the 3rd party for Web Service scenarios I'm usually using the SOAP UI... The same tool I try to use here as well.

I start from the issue Nr 2:

I have 2 login Modules for SOAP now, BasicPasswordLoginModule and ClientCertLoginModule, both configured as sufficient... If I configure the Sender SOAP channle correctly, using HTTP Security Level: HTTPS Without Client Authentication I'm able to use UserName and Password to send a message... The java.security.AccessControlException: client certificate required comes because of the channel config and not because of the LoginModules Config...

The second issue is still there. So I'd like to use the SOAP UI and post the message using Client Certificate I get: HTTP 401 Unauthorized... If I try to trace the channel with xpi_inspector I see in logs: No certificate provided by the callback.

So I just expect that the SOAP UI do not include the Client Certificate in the call... Even of course I have configured the KeyStore on the Project Level and use the KeyStore on the Request level...

If I specify at least a UserName then I see in in logs that login failed... If I do not specify UserName, like on this screenshot I see in logs that authentication failed.

former_member5611 · ‎05-18-2017

Dear Milan,

I do not know if you would like to reach the PI system with Client Authentication, or would like to reach some target server. If you would like to reach the PI system, please check the following page: http://host:port/ssl -> here are ports listed. If you connect to port which has Clien Atuthentication Mode "Required" it will always fail.

Here is a blog about how to use SOAP UI to test Cerftificate based authentication: https://blogs.sap.com/2011/01/06/soap-ui-tool-soap-https-client-authentication/

Best regards,

Bence

Former Member · ‎05-17-2017

Hi,

anyone able to help here please?

Thanks.

Client Certificate Authentication and Test tool

Accepted Solutions (0)

Answers (5)

Answers (5)

Allocation of multiple hierarchies from parent nod...

SAP Cloud Identity Services - Identity Authenticat...

Making an API call and unzipping a file in Datasph...

Re: Error while HANA Cloud tenant in Python on SAP...

Re: Cannot create draft for Node.js CAP Service in...