Skip to Content
0

SOAP Receiver Connecting as Guest despite configured credentials

Oct 19, 2017 at 08:39 PM

88

avatar image

I have a SOAP receiver connected to our SAP system with Authentication Data provided:

I am using this SOAP Receiver in 2 ICOs. The first ICO has a SOAP Sender and uses "Propagate Principal" - this ICO works. In the second ICO, the sender is file based, so no credentials are available for propagation. For this reason default credentials are configured in the Receiver channel as noted above. However, this ICO does not work - the Receiver is attempting to connect as "Guest" and getting a Not Authorized error.

Any suggestions?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Mark Dihiansan Oct 20, 2017 at 04:23 AM
0

Hi Alex,

Can you try pasting the target url in a browser and then enter the credentials there?

It is also possible that the user is already locked. Aside from that, are you using dynamic configuration? If yes, then the credentials need to be maintained via TAuthKey.

Regards,

Mark

Show 4 Share
10 |10000 characters needed characters left characters exceeded

I don't believe that is the issue. The URL, userid and password all work.

It appears that the Receiver, possibly because it is in an ICO with Principal Propagation enabled, is ignoring the supplied credentials when it is reused in a second ICO that does not use Principal Propagation.

It may be that I have to create a second, identical, Receiver to use in the second ICO that does not use Principal Propagation.

0

I just tried creating a separate Receiver to use in the File to SOAP ICO (no Principal Propagation). The credentials are valid in the configuration, and the logs are still suggesting that Guest, not ZBP_MAINTAIN is being used to connect to the end point.

0

Hi Alex,

It is always using J2EE_GUEST, please see the screenshot below taken from one of our soap adapter audit log

In your first scenario with principal propagation, it would not matter what credentials you have maintained in the receiver channel. Can you try doing this and get back to us?

https://blogs.sap.com/2015/10/26/http-tracing-in-soap-receiver-adapters-with-tracehttp-module-parameter/

Regards,

Mark

0

Correct. In our SOAP in / SOAP out ICO, we are using principal propagation successfully. The userid we supply from a test client such as SOAP UI is what is used when connect from PI to ECC.

In our File in / SOAP out ICO, the receiver uses the userid "Guest". It does this with either the same receiver as the SOAP-SOAP ICO, or if I create a new SOAP Receiver. In both cases the receiver is configured with valid credentials.

By the way, that TraceHTTP is a useful feature - thanks! (Although I have not yet resolved our issue)

0
Alex Wiebe Oct 23, 2017 at 08:23 PM
1

Sigh. So the "Guest" in the logs was a red herring. Turns out the system account I was supplied ended up being locked. In trying different tests I guess I thought I had used my personal account for the file test, but maybe had not. After rebuilding the Receiver channel from scratch and using my account, it worked - but the logs still showed "Guest". At that point I double checked the system account and spotted that it was locked.

It is now working.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

No worries Alex, glad to know it is now working :)

0