Skip to Content
0

AS2 Sender channel - authorization Error & error with expected URL

Aug 29, 2017 at 02:36 AM

285

avatar image
Former Member

Hello,

i had configured AS2 sender channel as shown below:

In General tab, Expected URL path as.*

Expected Message ID left/Right as .*

Aslo assigned values for Expected Sender AS2 name and own AS2 name and subject as well.

In signature and encryption tab,

assigned proper Keys for 'verify signature' and 'decryption'.

MDN tab also selected sign MDN and assigned proper keys and selected Send options as 'Immediate'.

So once done above configuration in AS2 sender channel, channel status shows as 'Channel is listening for incoming connections on /AS2/.*' but when source system triggers AS2 message, they are getting error as '401 Unauthorized'.

So if i try to add the expected URL path as 'Http:// host:port/AS2/ ' then channel status shows as 'Channel configuration is erroneous: java.net.MalformedURLException: Expected URL path is not correct'.

even i tried to add <path> to the url and still it shows same error. Please suggest how to solve this issue. we are having PO75 and b2b addon latest version. As we are using Certificate authentication, hope no credentials required to be provided to source system right?

Thank you.

Best Regards,prasant

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Manoj K Aug 29, 2017 at 04:27 AM
1

Prasanth,

Close your browser and put the URL which you have given to third party in the browser and check if its asking for any userid/password ?

Br,

Manoj

Show 9 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hi Manoj,

I had tried to open the URL in my browser and it is prompting for user name and pwd and it is working fine and shows message as ' use POST requests to submit AS2 messages'. but when i gave the same URL in channel it shows the error as'Channel configuration is erroneous: java.net.MalformedURLException: Expected URL path is not correct'.

Regards,

Srini

0
  • No , keep the expected URL as .* only this is valid. The reason for 401 Authorization is /AS2 policy configuration is default authentication enabled for AS2 in your NWA , to handle this :
  • You need to provide a user id and password to third party which is created in PI/PO system , so that third party can use this to post message to your AS2 server.
  • You can disable the default authentication imposed in /AS2 policy configuration by creating a user "AS2_Anonymous" and handle this via login module in nwa. This will disable the complete AS2 adapter authentication.

Br,

Manoj

1
Former Member
Manoj K

In my experience, using username/password authentication in AS2 scenarios is fairly uncommon as the AS2 protocol itself provides sufficient security using public/private key pairs. Even if your business partner is OK with provisioning a username and password, you may therefore want to go for disabling the authentication as you might wind up having to do that anyway with one of the next partners you are adding.

1

Yes Patrick, this is the best approach . i had this issue when migrating from Seeburger to B2B components as Seeburger had no such auth imposed but B2B AS2 adapter has so instead of reaching out to each partner and having this additional auth .we made the auth of B2B AS2 adapter disabled so there wont be any chnage at partner end.

0
Former Member

Hi,

I had disabled the authentication and also in channel i used as '.*' for Expected URL path.

Now when source system try to trigger data it shows error as '403 forbidden' and 'Request is not expected by the AS2 adapter'. Also checked with source team that they are sending sender AS2 name, own AS2 name, subjact as we defined in channel and channel is also active.

Best Regards,prasant

0

403 forbidden is usually when :

  • The AS2 ID configured by Partner and the one configured in PI doesn't match.
  • The Message subject dosent match
  • The channel is stopped.
  • The channel is not assigned to any sender agreement or ICO
0
Former Member
Manoj K

Hi Manoj,

Thanks for your quick response. we verified with sender system that they are triggering message with same sender and Own AS2 names and subject that we defined in channel. channel is active. ICO has sender channel.Did 'Party' plays any role here?

Regards,prasant

0

No, the party is not important i am suspecting there is some mis-configuration at your/third party end . Additionally to the above mentioned points do check the sign / encryption configuration too and also make sure there is only one AS2 channel with these configuration and is assigned to only one sender agreement.

Have you checked the B2B log viewer ? Do you see any error over there?

0

Former Member , Manoj K and Former Member

We exactly have the same issue. But I am suspecting that this is because we asked our partner to use the IP address in the AS2 URL on their side with our public IP when sending the message. This public IP address is different from our PI host ip.

Also when we generated our certificates we used PI host name instead of public ip address.

Do you see any of these causing the issues?

Below is the thread I raised for this issue if you can help. Thank you.

AS2 Sender Channel HTTP error 401 unauthorized HTTP error 403 forbidden

0
Lars Franz Aug 29, 2017 at 01:38 PM
0

Hi Parsanth,

have a look at SAP note 1828575.

The AS2 adapter requires a basic HTTP authentication as of service pack 2 in the default setting. However you could change the settings of your PO system as described in the note in order to use the adapter without HTTP authentication.

Regards,

lars

Share
10 |10000 characters needed characters left characters exceeded
Bharat Kumar Reddy Vaka Jan 18 at 09:18 AM
0

@Prasanth V

We are having the same issue. Were you able to fix this?

Lars Franz

When we implement the OSS note you pointed we started receiving 403 forbidden error. I created a new thread if you prefer answering that. Please see the below.

AS2 Sender Channel HTTP error 401 unauthorized HTTP error 403 forbidden

Thanks in advance for any insights.

Regards,

Bharat

Share
10 |10000 characters needed characters left characters exceeded