Skip to Content
avatar image
Former Member

Soap ---to ----file scenario

Hi All,

i have done Soap ---to -


file scenario scenario, in the HTTP security level( with HTTP)i am able to do,and

with HTTP security levevel(with the option HTTPS without client authenticatin,here i have enabled selelect security profile option) i am able to do

but here my problem is with HTTP security levevel(with the option HTTPS with client authenticatin,here i have enabled selelect security profile option) i am not able to do

I would request you all,could you please explain the difference between HTTPS without client authenticatin and HTTPS with client authenticatin

Thanks,

AVR

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Jan 05, 2011 at 11:03 AM

    Hi,

    HTTPS without Client Authentication:

    When you use SOAP Sender, SAP PI is the server and client sends SOAP Request over HTTPs. Now here PI (Server) receives the request which is secured(encrypted) but doesn't require the client to authenticate itself. So SOAP client may or may not send client certificate but server(PI) doesn't complain.

    HTTPS with Client Authentication:

    Same as above but here SAP PI will also require a client certificate so that it can authenticate the sender of the message. If this is not sent from the client side then SAP PI would throw an Authentication exception. Hope this clarifies the difference.

    Best Regards,

    Pratik

    Add comment
    10|10000 characters needed characters exceeded

    • >>> Means is it possible to receive the data without enabling the decrypt/validate option at server PI?

      Are you using transport level security or message level security? Looks like you do Message level security.

      Yes, it is possible to receive the data without decrypt or validate the message. But you are violating the security purpose.

      Note: if you use only digital signing then signing at the request side and not validating while receiving would not cause any problem. but your purpose of using digital signature is not fully utilized for the security purpose. You can still view the content of the data.

      if you use message encryption and encrypt the message. You can still receive the message but your message needs to be decrytped to view the content . otherwise no use even after recving it.

      Hope you understand.

  • avatar image
    Former Member
    Jan 05, 2011 at 08:50 AM

    HTTPS Without Client Authentication:

    Just establishes SSL connectivity. Authentication will have to be achieved using User ID/Password at Transport channel level (SOAP) or Messgae level (WS).

    HTTPS with Client Authentication:

    Establishes SSL connectivity & enables your Sender-PI connectivity for a certificate based authenticaiton mechanism.

    -

    Srikanth Srinivasan

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 05, 2011 at 09:30 PM

    >> please explain the difference between HTTPS without client authenticatin and HTTPS with client authenticatin

    Difference between HTTP and HTTPS (SSL)

    HTTP is Hyper Text Transport Protocol and normal port is 8080. HTTPS (over secured socket layer) and the port number is different from HTTP and port is 443.

    HTTPS without Client authentication:

    HTTPS means secured in transport level (communication level) but no need of client authentication. (In your case)The soap sender does not expect certificate authentication from the soap client.

    HTTPS with Client Authentication:

    The soap sender expects certificate authentication from the soap client for accepting the message. Otherwise we get Authentication error.

    Hope I answered your question.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 08, 2011 at 12:11 PM

    hi all,

    thanks alot,solved my problem.

    Thanks & Regards,

    AVR

    Add comment
    10|10000 characters needed characters exceeded