we are using XI 3.0 and have a scenario with a SOAP Sender Adapter, which is using "HTTPS with Client Authentication". I have configured everything I have found on the forum at Visual Admin and Integration Directory:
Set the UME property ume.logon.allow_cert to TRUE in 'Service-->UME Provider'
Imported client certificate and root CA certificate to 'Service-->Keystore'
Created user with role role SAP_XI_APPL_SERV_USER
Assigned this user to the client certificate in 'Security Provider-->UserManagement'
Added the user to xi_adapter_soap_message and xi_adapter_soap_help in 'Security Provider'
Added the root CA in 'SSL Provider
>Client Authentication' and marked 'Request client certificate.
Added the user to BusinessSystem at tab 'Assigned Users'
Added the user to Sender Agreement at tab 'Assigned Users'.
Our business partner got a certificate of our server and the according PrivateKey is added to 'SSL Provider
Unfortunately, our server certificate is not verified by an root CA!!
When the business partner now browse the URL 'https://url:port/XISOAPAdapter/MessageServlet?channel=:BS_3RD_PARTNER:SOAP_SENDER&nosoap=true' on his system, he will get a 'Message Servlet is in Status OK'.
But when he tries to process the URL directly in his messaging system, he gets an error '(401) Unauthorized.'
Any hints what could be the problem between browing the URL in InternetExplorer and sending from the messaging system?
Does it really mean that authorization was successful, when getting 'Message Servlet is in Status OK' in the Browser?
How can I assign an user when not using ClientAuthentication?
I would be very thankful for every help...