on 08-22-2009 3:06 PM
Hi Experts,
I have a requirement of using AXIS framework in Receiver SOAP ADAPTER in PI 7.0 server with UsernameToken security with PasswordDigest.
I have deployed all the relevant .jar files in .sda file and entires have been made in provider.xml.
When ever i am testing my scenario i am getting following error in communication channel monitoring
*Axis: error in invocation: java.net.SocketException: Connection timed out:could be due to invalid address*
Also i am using URL as https://XYZ
Could you please let me know is this error is because of invalid URL,username and password or something else is missing in configuration.
Please help me out on this
Thanks in advance
Anku Chopra
Hi Experts,
Any inputs on this.
Please advise.
Regards
Anku Chopra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi!
What happens if you test the Axis Adapter wirth the following URL:
http://<server in FQDN - e.g. http(s)://acme.com>:<port - e.g. 50000>/XIAxisAdapter/MessageServlet
Normally you should get a list of reuqired and optional component for Axis.
If it works with HTTP but not with HTTPS then HTTPS is not configured so far on your XI/PI machine.
Regards,
Volker
Hi Chopra,
Kindly refer the following SAP Notes for your issue:
Note-1303363-SOAP (Axis) Sender Adapter to Perform User Login in Handlers (SMP Login Required)
https://service.sap.com/sap/support/notes/1303363
Note-1028961-How to Prepare axisproviderlib.sda for Adapter Framework (SMP Login Required)
https://service.sap.com/sap/support/notes/1028961
Note-1039369-FAQ XI Axis Adapter
https://service.sap.com/sap/support/notes/1039369
Regards
Venkat Rao .G
Hi Volker,
Thanks for the reply.
Whenever i am checking through URL *http://port:host/XIAxisAdapter/MessageServlet * its showing the required/optional components list status OK.
However when i am checking through URL https://port:host/XIAxisAdapter/MessageServlet
its showing the page cannot be displayed.
Now my question is do i need to configure my PI machine for https?
If yes then could you please guide me the process and steps required to configure PI machine for https.
Moreover i am getting error while communication with third party and my end url is https://XYZ.
My scenario is ABAP ProxyXIWebservice(Third party) where my client wants AXIS framework in Receiver soap adapter with usernameToken security with PasswordDigest.
Please provide your inputs to solve the above issue.
Thanks in advance
Regards
Anku Chopra
Hi!
Fine. To configure your engine for HTTPS follow this link to "HTTP and SSL":
http://help.sap.com/saphelp_nwpi71/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
Additionally - if between your PI and the partner is a proxy - you have to define the proxy data in your Plain HTTP adapter.
For details see here:
http://help.sap.com/saphelp_nwpi71/helpdata/en/43/64dbb0af9f30b4e10000000a11466f/content.htm
Hope this helps!
Regards,
Volker
Additional info. Please take this in mind:
SSL Administration in a Dual-Stack Installation
SSL communications are handled by the Internet Communication Manager (ICM) for both the AS Java and the AS ABAP servers in a dual-stack system. However, the administration tools and infrastructure for each stack are different and therefore, in a dual-stack installation, you should only perform the configuration and administration activities using one set of tools. Use either the trust manager on the AS ABAP for maintaining the SSL server PSEs, or use the Key Storage service on the AS Java for maintaining the SSL keystore entries. Note the following:
● If you create SSL server PSEs using the trust manager on the AS ABAP and later use the Key Storage service on the AS Java (or the other way around), you may get unexpected results due to conflicting PSEs.
● Configure SSL client functionality in each stack individually.
Edited by: Volker Kolberg on Aug 24, 2009 2:27 PM
HI Experts,
Thanks for the input.
Now instead of HTTPS we are using HTTP protocol to communicate with third party.
However Data is successfully sent to PI through ABAP Client Proxy but when PI is interacting with third party its giving error in RWB as
1) Success Axis: getting handler trp of java:com.sap.aii.adapter.axis.ra.transport.http.HTTPSender
2) Error Axis: error in invocation: java.net.SocketException: Connection timed out:could be due to invalid address
3)Error MP: Exception caught with cause java.net.SocketException: Connection timed out:could be due to invalid address
4)Error Exception caught by adapter framework: ; nested exception is: java.net.SocketException: Connection timed out:could be due to invalid address
5)Error Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: ; nested exception is: java.net.SocketException: Connection timed out:could be due to invalid address: java.net.SocketException: Connection timed out:could be due to invalid address. Setting message to status failed.
6)Error The message status set to FAIL.
7)Error Returning synchronous error message to calling application: com.sap.aii.af.ra.ms.api.RecoverableException: ; nested exception is: java.net.SocketException: Connection timed out:could be due to invalid address: java.net.SocketException: Connection timed out:could be due to invalid address.
Please provide your valuable inputs on above issue.
Thanks in advance
Regards
Anku Chopra
Hi!
This indeed looks ike a network/security cause.
Again: If between your PI and the partner is a proxy you have to define the proxy data in your Plain HTTP adapter.
For details see here:
http://help.sap.com/saphelp_nwpi71/helpdata/en/43/64dbb0af9f30b4e10000000a11466f/content.htm
Additonally ask your network guys if comunication to partner using your partner url is not blocked by a reverse proxy or firewall.
You may also check this by logging in into the PI system and then use telnet for a connection test to partner system. If telnet fails you indeed have a network/security probem.
Next ask your partner if your system is registered as authenticated in his network and double-check the user userid and password to identify your PI in the partner's system.
Regards,
Volker
Hi!
No. You may also use the SOAP Adapter - it's even the better way. Then maintain proxy here, if you have a proxy:
http://help.sap.com/saphelp_nwpi71/helpdata/en/29/5bd93f130f9215e10000000a155106/content.htm
And also you should check the other things I've mentioned before.
Good luck!
Regards,
Volker
Hi Volker,
I am back.
We had some connectivity issues with HTTP and fortunately it got resolved.
Now as we are moving into HTTPS i am getting following error in SMICM
[Thr 2057] SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"
[Thr 2057] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
[Thr 2057] SecudeSSL_SessionStart: SSL_accept() failed --
secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"
[Thr 2057] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 2057] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer
[Thr 2057] << -
End of Secude-SSL Errorstack -
[Thr 2057] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fb10)==SSSLERR_SSL_ACCEPT
[Thr 2057] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1777]
[Thr 1286] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fb50)==SSSLERR_SERVER_CERT_MISMATCH
[Thr 1286] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn
[[Thr 2828] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fb50)==SSSLERR_SERVER_CERT_MISMATCH
[Thr 2828] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn
[Thr 772] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f52770)==SSSLERR_SERVER_CERT_MISMATCH
[Thr 772] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn_
[Thr 2057] SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"
[Thr 2057] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
[Thr 2057] SecudeSSL_SessionStart: SSL_accept() failed --
secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"
[Thr 2057] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 2057] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer
[Thr 2057] << -
End of Secude-SSL Errorstack -
[Thr 2057] SSL NI-sock: local=10.120.58.115:44300 peer=10.120.58.115:40671
[Thr 2057] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fe70)==SSSLERR_SSL_ACCEPT
[Thr 2057] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1777]
Moreover do we need to create any RFC destination in sm59 for HTTP Connections to External Server to enable HTTPS.
Please provide your valuable inputs on this.
Thanks
Anku chopra
Hi!
I assume that you get the error in them ICM Dev Trace of your PI system, correct?
This sounds as if you are working with HTTPS with Certificate Authentication. And the - obviously installed - Secude SSL Software gets a bad or an invalid certificate. Please try to turn off certificate authentication and try it with HTTPS with userid and password. This is to ensure whether HTTPS work and is configured correctly in your PI system.
Regards,
Volker
User | Count |
---|---|
74 | |
9 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.