Skip to Content
avatar image
Former Member

Consuming a Web Service with PasswordDigest Authentication in ABAP

Hello,

I need to consume a web service in ABAP from a non-SAP application. The web service uses wsse:UsernameToken with PasswordDigest in the SOAP Header for authentication. However, I havent seen any documentation for using Password Digest in ABAP.

Is it possible to use Password Digest in ABAP?

Thanks

Ajay

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • avatar image
    Former Member
    Feb 04, 2009 at 09:48 AM

    Hi,

    >Is it possible to use Password Digest in ABAP?

    It should be as it is possible to configure the use of wsse:UsernameToken from transaction SOAMANAGER.

    You have to experiment to find out.

    By the way, do you know how to use the SEARCH function in help.sap.com ?

    I just did a search in Netweaver 7.0 help with the keyword UsernameToken and I found :

    [WS-Security UsernameToken |http://help.sap.com/saphelp_nw70/helpdata/EN/47/23fc6d9a0b2debe10000000a1553f7/frameset.htm]

    Regards,

    Olivier

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 04, 2009 at 10:50 AM

    Hi Oliver,

    Thanks for your reply.

    I have done quite a bit of search and experimentation, and posted in the forum only after that. In SOAManager, there is a provision to use the UsernameToken with a password, but not with a password digest.

    I am also aware that password digest is supported in the Java stack. However, I need to use the web services in the ABAP stack.

    Thanks

    Ajay

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 20, 2009 at 03:18 PM

    Hi,

    Just in case this might help someone else.

    I created the requried string for the SOAP header using the function modules CALCULATE_HASH_FOR_RAW and SCMS_BASE64_ENCODE. The exact logic used to create the SOAP header is described in http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf. Then an XML document was created with the string using FM SDIXML_XML_TO_DOM.

    Then get the soap header using proxyInstance -> get_protocol('IF_WSPROTOCOL_WS_HEADER') and set the new soap header to this class.

    Regards

    Ajay

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Marc,

      Here is the ABAP Code to build the SOAP header.

      FUNCTION Z_GET_SOAP_REQUEST_HEADER.

      *"----------------------------------------------------------------------

      *"*"Local Interface:

      *"  EXPORTING

      *"     VALUE(ER_SECURITY_ELEMENT) TYPE REF TO  IF_IXML_ELEMENT

      *"----------------------------------------------------------------------

      *date and time data

        data: lv_sys_date like sy-datum,

              lv_sys_time like sy-uzeit,

              lv_year(4) type c,

              lv_month(2) type c,

              lv_date(2) type c,

              lv_hour(2) type c,

              lv_min(2) type c,

              lv_sec(2) type c.

        data : lv_created type string,

              lv_snonce type string,

              lv_b64nonce type string,

              lv_webservice_password type string,

              lv_webservice_userid type string,

              lv_spassword type string,

              lv_xpassword type xstring,

              lv_hpassword type hash160x,

              lv_b64password(255) type c,

              lv_xpasslen type i,

              lv_hpasslen type i.

      *xml declartions

        data : lv_sheader type string,

              lv_xheader type xstring,

              xml_document TYPE REF TO if_ixml_document,

              xml_root TYPE REF TO if_ixml_element,

              xml_element TYPE REF TO if_ixml_element,

              xml_node TYPE REF TO if_ixml_node.

      *get the c-link password.

      CALL METHOD ZCL_CDB_SYNC_CFG_READER=>GET_USERID_PASSWORD

        IMPORTING

          EV_USER_ID  = lv_webservice_userid

          EV_PASSWORD = lv_webservice_password

          .

      *Evaluate created date time

        lv_sys_date = sy-datum.

        lv_sys_time = sy-uzeit.

        lv_year = lv_sys_date(4).

        lv_month = lv_sys_date+4(2).

        lv_date = lv_sys_date+6(2).

        lv_hour = lv_sys_time(2).

        lv_min = lv_sys_time+2(2).

        lv_sec = lv_sys_time+4(2).

        CONCATENATE lv_year '-' lv_month '-' lv_date 'T' lv_hour ':' lv_min ':' lv_sec '.000Z' into lv_created.

      *Create and encode the nonce

        CALL FUNCTION 'GENERAL_GET_RANDOM_STRING'

          EXPORTING

            NUMBER_CHARS  = 24

          IMPORTING

            RANDOM_STRING = lv_snonce.

        CALL METHOD cl_http_utility=>ENCODE_BASE64

          EXPORTING

            UNENCODED = lv_snonce

          RECEIVING

            ENCODED   = lv_b64nonce.

      *create the password to be sent to web service

        CONCATENATE lv_snonce lv_created lv_webservice_password into lv_spassword.

      *encode password to xstring

        CALL FUNCTION 'SCMS_STRING_TO_XSTRING'

          EXPORTING

            TEXT   = lv_spassword

          IMPORTING

            BUFFER = lv_xpassword.

        lv_xpasslen = xstrlen( lv_xpassword ).

        CALL FUNCTION 'CALCULATE_HASH_FOR_RAW'

          EXPORTING

            ALG      = 'SHA1'

            DATA     = lv_xpassword

            LENGTH   = lv_xpasslen

          IMPORTING

            HASHX    = lv_hpassword

            HASHXLEN = lv_hpasslen.

        CALL FUNCTION 'SCMS_BASE64_ENCODE'

          EXPORTING

            INPUT            = lv_hpassword

            INPUT_LENGTH     = lv_hpasslen

          IMPORTING

            OUTPUT           = lv_b64password

          EXCEPTIONS

            OUTPUT_TOO_SMALL = 1

            OTHERS           = 2.

        IF SY-SUBRC <> 0.

      * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO

      *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.

        ENDIF.

      * build the header

        CONCATENATE

      '<soap-env:Header xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">'

      '<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">'

      '<wsse:UsernameToken wsu:Id="########" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'

      '<wsse:Username>'

      lv_webservice_userid

      '</wsse:Username>'

      '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'

      lv_b64password

      '</wsse:Password>'

      '<wsse:Nonce>'

      lv_b64nonce

      '</wsse:Nonce>'

      '<wsu:Created>'

      lv_created

      '</wsu:Created>'

      '</wsse:UsernameToken>'

      '</wsse:Security>'

      '</soap-env:Header>'

      INTO lv_sheader.

      *Build the xml header element

        lv_xheader = cl_proxy_service=>cstring2xstring( lv_sheader ).

        TRY.

            CALL FUNCTION 'SDIXML_XML_TO_DOM'

              EXPORTING

                xml           = lv_xheader

              IMPORTING

                document      = xml_document

              EXCEPTIONS

                invalid_input = 1

                OTHERS        = 2.

            IF sy-subrc = 0 AND NOT xml_document IS INITIAL.

              xml_root = xml_document->get_root_element( ).

              er_security_element ?= xml_root->get_first_child( ).

              gr_soap_security_header = er_security_element.

            ENDIF.

          CATCH cx_ai_system_fault .

        ENDTRY.

      ENDFUNCTION.

  • Feb 09, 2010 at 10:57 PM

    Hi Ajay,

    We are having a similar issue in using WebService in AS ABAP.

    In SOAManager, I cannot see the option to use Username Token authentication.

    The logical port in SOAManager is created using the WSDL URL, and by default I get Basic Authentication only (Transport level), but we need to use the message level authentication (Username Token).

    I hope using Username Token authentication, the SOAP header will be populated with the Username, Password, Nonce, Created parameters in the SOAP request.

    Can you please let me know how to get the Username Token authentication in SOAManager?

    Thanks,

    Sanjay

    Add comment
    10|10000 characters needed characters exceeded