Skip to Content
0

SAP PI integration with Salesforce : do I need a certificate?

Sep 12, 2017 at 07:54 AM

197

avatar image

Hi to all,

I am trying to made my first integration flow with the Salesforce system just to get back the sessionId and the url where to submit my future request but I am facing this error:

com.sap.aii.mapping.lookup.LookupException: Exception during processing the payload. Error when calling an adapter by using the communication channel CC_SOAP_TEST_CONNECTION (Party: , Service: BS_VEEVA_DEV, Object ID: 6b493826b23a350a8862e992e805addf) XI AF API call failed. Module exception: 'com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'. Cause Exception: 'iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'. com.sap.aii.mapping.lookup.LookupException: Error when calling an adapter by using the communication channel CC_SOAP_TEST_CONNECTION (Party: , Service: BS_VEEVA_DEV, Object ID: 6b493826b23a350a8862e992e805addf) XI AF API call failed. Module exception: 'com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'. Cause Exception: 'iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'.


I was following this tutorial and it doesn't speaks about any certificate:

https://archive.sap.com/kmuuid2/50a76cfa-4966-2d10-aba7-da496d9b5bcf/Salesforce.com%20Integration%20Using%20SAP%20PI%3A%20A%20Case%20Study

Do I need to use a certificate provided me from Salesforce? Where I can download it? Then I have to use it in my chanel specifing it in this section?

Thanks and regards,

Antonello

cattura.jpg (43.6 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Raghuraman S Sep 12, 2017 at 01:29 PM
1

In the channel did you disable the configure certificate option?

Show 9 Share
10 |10000 characters needed characters left characters exceeded

Hi Raghuraman,

yes I did !! As you can see below:

cattura3.jpg (103.2 kB)
0

Looks interesting,When ping is succesfull dono why its failing in runtime.

Can you try stop/starting the channel or re-configuring the channel.

0

Ok, I tried another way now. I created a new one SOAP channel and now the calls works but the result it's an error:

XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: No operation available for request {urn:enterprise.soap.sforce.com}login


The channel is configured right, as you can see above, in the message before, with the login action. This is the complete trace of the test mapping i attachment ... I used **** for user and password to cover my credentials ...trace.txt

trace.txt (47.1 kB)
0

Check the Soap action and also get the payload from monitoring ,test in SOAP UI.

0

I am not using sxi_monitor now it's only a test message in ESB.

0

Get the XML after mapping and test it in UI, Could be something wrong in payload as well.

0

I tried changing many things but nothig, this is the udf that is used:

AbstractTrace trace = container.getTrace();


String sessionId = "";
String url="";


// addInfo("String");
trace.addWarning("**************** START TRACE ***************");


try {


	Channel channel = LookupService.getChannel("BS_VEEVA_DEV","CC_SOAP_LOGIN_SALESFORCE");
    trace.addWarning("**************** CHANNEL *************** " + channel);
    SystemAccessor accessor = null;
    accessor = LookupService.getSystemAccessor(channel);
    trace.addWarning("**************** ACCESSOR *************** " + accessor);
    String loginxml = "<login xmlns=\"urn:enterprise.soap.sforce.com\"><username>" +
        username +
        "</username><password>" +
        password +
        "</password></login>";
    trace.addWarning("**************** LOGIN XML *************** " + loginxml);
    InputStream inputStream = new ByteArrayInputStream(loginxml.getBytes());
    trace.addWarning("**************** INPUT STREAM *************** " + inputStream);
    Payload payload = LookupService.getXmlPayload(inputStream);
    trace.addWarning("**************** PAYLOAD *************** " + payload);
    Payload soapOutPayload = null;
    soapOutPayload = accessor.call(payload);
    trace.addWarning("**************** SOAP OUTPAYLOAD *************** " + soapOutPayload);
	trace.addWarning("********************************************************************");
	trace.addWarning("Send soap Request --> " + payload);
	trace.addWarning("********************************************************************");
    trace.addWarning("Return soap response --> " + soapOutPayload.toString());
	trace.addWarning("********************************************************************");
    InputStream inp = soapOutPayload.getContent();


    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    DocumentBuilder builder = factory.newDocumentBuilder();
    Document document = builder.parse(inp);


    NodeList sessionId1 = document.getElementsByTagName("sessionId");
    Node node = sessionId1.item(0);


    if (node != null) {
        node = node.getFirstChild();
        if (node != null) {
            sessionId = node.getNodeValue();
        }
    }
    
    //Code to set Dynamic url
    NodeList urlnodelist = document.getElementsByTagName("serverUrl");
    Node urlnode = urlnodelist.item(0);


    if (urlnode != null) {
        urlnode = urlnode.getFirstChild();
        if (urlnode != null) {
            url = urlnode.getNodeValue();
        }
    }
    //Get the dynamic configuration from the container
    DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
    //Create the TServerLocation key in namespace http://sap.com/xi/XI/System/SOAP. This key will hold the dynamically created URL
    DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP", "TServerLocation");


    //Put the url value from the input in the configuration under the specified key
    conf.put(key, url);


    
} catch (Exception e) {
    trace.addDebugMessage(e.toString());
    e.printStackTrace();
}


return sessionId;

And this is the error in the trace, I don't now where to see the payload of the message, in the SOAP channel i don't see it and in the SalesForce system I don't know If I can see it and where:

10:41:00 Start of test
Document start
 
**************** START TRACE ***************
 
**************** CHANNEL *************** CC_SOAP_LOGIN_SALESFORCE (Party: , Service: BS_VEEVA_DEV, Object ID: 4c64998ce9d339dbbf7bc163332f4303)
 
**************** ACCESSOR *************** com.sap.aii.mapping.lookup.SystemAccessor@20e9f4aa
 
**************** LOGIN XML *************** <login xmlns="urn:enterprise.soap.sforce.com"><username>******</username><password>****</password></login>
 
**************** INPUT STREAM *************** java.io.ByteArrayInputStream@5fbdd5c7
 
**************** PAYLOAD *************** com.sap.aii.mapping.lookup.XmlPayload@281e2cec
com.sap.aii.mapping.lookup.LookupException: Exception during processing the payload. Error when calling an adapter by using the communication channel CC_SOAP_LOGIN_SALESFORCE (Party: , Service: BS_VEEVA_DEV, Object ID: 4c64998ce9d339dbbf7bc163332f4303) XI AF API call failed. Module exception: 'SOAP adapter processing error'. Cause Exception: 'SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: No operation available for request {urn:enterprise.soap.sforce.com}login'.


 com.sap.aii.mapping.lookup.LookupException: Error when calling an adapter by using the communication channel CC_SOAP_LOGIN_SALESFORCE (Party: , Service: BS_VEEVA_DEV, Object ID: 4c64998ce9d339dbbf7bc163332f4303) XI AF API call failed. Module exception: 'SOAP adapter processing error'. Cause Exception: 'SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: No operation available for request {urn:enterprise.soap.sforce.com}login'.

0

Is new channel configured-CC_SOAP_LOGIN_SALESFORCE?

If not please change the UDF as per the new channel and test it.

0

What? I have to create a new one channel and test with it?

0
Manoj K Sep 12, 2017 at 08:06 AM
1

Hi Antonello,

  • You can browser the URL which you using in channel from browser and download the certificates from that or else you can run the XPI Inspector on this channel and get the certificates from there too.
  • Once you have those certificates install inthem in TrustedCA's view.
  • No need to configure anything in the channel as channel reads the complete TrustedCA's for server authentication.

Thanks,

Manoj

Show 7 Share
10 |10000 characters needed characters left characters exceeded

Hi Manoj,

i didn't know this tool, I'll try to use it and then i will be back to you if I have problems ;) thanks for now ..

0
Antonello Storelli

You may refer this blog for XPI_Inspector

1

thanks so much ... I'll try to download the certificate before to use XPI inspector ..

0

Ok, i download it and install it as the blog say it and the ping on the SOAP now it's green, before it was red!!

Anyway, if I use the test in the mapping I have the same error like before:

com.sap.aii.mapping.lookup.LookupException: Exception during processing the payload. Error when calling an adapter by using the communication channel CC_SOAP_TEST_CONNECTION (Party: , Service: BS_VEEVA_DEV, Object ID: 6b493826b23a350a8862e992e805addf) XI AF API call failed. Module exception: 'com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'. Cause Exception: 'iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'. com.sap.aii.mapping.lookup.LookupException: Error when calling an adapter by using the communication channel CC_SOAP_TEST_CONNECTION (Party: , Service: BS_VEEVA_DEV, Object ID: 6b493826b23a350a8862e992e805addf) XI AF API call failed. Module exception: 'com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'. Cause Exception: 'iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'.


Some idea?

cattura.jpg (164.6 kB)
0
Antonello Storelli

Hi,

Are you sure this is a valid API which you are calling : https://test.salesforce.com/services/soap/u/40.0

Thanks,

Manoj

0

I already change it, as you can see the screen above ;) now is with the c letter but I received the same error :

XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: No operation available for request {urn:enterprise.soap.sforce.com}login

0
Antonello Storelli

i would suggest you to test with soap ui once that gives u hint where u r going wr

0
Antonello Storelli Sep 14, 2017 at 08:36 AM
0

Ok guys, SAP PI is always weird ;) I created a new channel and now it works but I have a last problem, I have to search how to skip it, TLS 1.0 is to much low to login into Salesforce, this is the last response of the API, suggestions?

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sf="urn:fault.enterprise.soap.sforce.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<soapenv:Body>
		<soapenv:Fault>
			<faultcode>sf:UNSUPPORTED_CLIENT</faultcode>
			<faultstring>UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.</faultstring>
			<detail>
				<sf:UnexpectedErrorFault xsi:type="sf:UnexpectedErrorFault">
					<sf:exceptionCode>UNSUPPORTED_CLIENT</sf:exceptionCode>
					<sf:exceptionMessage>TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.</sf:exceptionMessage>
					<sf:upgradeURL>https://cs83.salesforce.com/secur/weakhttps.jsp?l=1</sf:upgradeURL>
					<sf:upgradeMessage>Stronger security is required</sf:upgradeMessage>
				</sf:UnexpectedErrorFault>
			</detail>
		</soapenv:Fault>
	</soapenv:Body>
</soapenv:Envelope>
Share
10 |10000 characters needed characters left characters exceeded
Antonello Storelli Sep 14, 2017 at 08:47 AM
0

Ok, I found the solution. I need to apply a note: 2344735 - PI: Salesforce error with TLS 1.0.

Share
10 |10000 characters needed characters left characters exceeded