Skip to Content

SAML - signature issue

Hi,<br/>

<br/>

Im trying to get a scenario going doing 3rd part --> PI 7.11 SPS 04 --> SAP ECC 6.0

<br/>

1) The sender (3rd part) sends a sync request containing a SAML assertion in the header. This message is signed using a X.509 certificate.

<br/>

2) PI is to receive the request using WS adapter and pretty much just pass the request along to receiver using WS receiver adapter (also using SAML).

<br/>

3) The receiver (R3) receives request and returns a response.

<br/><br/>

The following lists the prereq done:<br/>

1) SAP crypto lib is installed on both PI and R3 system.<br/>

2) All PSE's are created on both PI and R3 system in STRUST<br/>

3) Report WSS_SETUP has been executed in both PI and R3 system<br/>

4) Trust:<br/>

4.1) On PI system the PSE cert has been exported from STRUST and imported into the STRUSTSSO2 PSE on the R3 system (this includes adding it to ACL and certificate list)<br/>

4.2) On R3 system the PSE cert has been exported from STRUST and imported into STRUSTSSO2 PSE on the PI system (this includes adding it to ACL and certificate list)<br/>

4.3) The public X.509 key certificate of 3rd party has been imported into STRUSTSSO2 on PI system in the stores 'WS Security keys', 'WS Security standard' and added to certificate list.<br/>

5) Principal propagation has been enabled on both PI and R3 integration engines.<br/>

6) No user mapping is setup since the authenticationAssertion will contain a native SAP user.<br/>

7) Report WSS_INFO has been executed on both PI and R3 system.<br/>

<br/><br/>

8) SSL is not currently enabled - so far testing is performed stricly using HTTP

<br/><br/><br/>

The actual issue at hand:<br/>

When 3rd party calls PI the following error is given:<br/>

<br/><br/>

CL_SOAP_MESSAGE IF_SOAP_MESSAGE_PART~DESERIALIZE_BODY SOAP Message CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48 .

<br/><br/><br/>

CL_SOAP_RUNTIME_SERVER EXECUTE_PROCESSING SOAP Runtime CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48

<br/><br/><br/>

CL_SOAP_RUNTIME_SERVER EXECUTE_PROCESSING SOAP Runtime A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48 with internal error id 1001 and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1 )

<br/><br/><br/>

CL_SOAP_RUNTIME_ERROR map_core_exception_to_fault SOAP Runtime Invalid XML signature

<br/><br/><br/>

The message processing thus fails due to a certificate issue when initially receiver by PI.

The question is why do I get this error? I'm well aware of the following post Web Service Security with SAML - Invalid XML signature which does not have any impact in my case.

<br/><br/><br/>

Thanks in advance,<br/>

Daniel

<br/><br/>

Edited by: Daniel Engsig-Karup on Aug 23, 2010 3:20 PM

Edited by: Daniel Engsig-Karup on Aug 23, 2010 3:25 PM

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    Posted on Aug 23, 2010 at 02:59 PM

    Is your 3rd party application making a call using web services? Does it support Web Service Reliable Protocol? Typically WS adapters are used between the systems supporting Web Service Reliable Messaging protocol.

    Looks like your client is not producing the XML in the required format for SAML. As far I know, and up to now, two SAP systems can use WS RM adapter for communication as they support WS-RM protocol. Check if your client supports it.

    VJ

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.