on 03-19-2012 11:33 PM
Hello Everyone,
I am using SAP PI 7.1 with EhP1 (SAP PI 7.11) and have SP at 006.
I have a question regarding securing a SOAP Sender scenario using HTTPS. Its a SOAP-PI-RFC synchronous scenario.
i created a SOAP SENDER communication channel and have configured .... Inbound Security Checks --> HTTP Security Level --> HTTPS without Client Authetication
This is becasue the data is sent via HTTPS URL but there is no authentication involved from the sender side.
Well, the Web service provider is accessed by means of an HTTPS proxy server rather than directly.
I have been informed by the network team that when the message comes, the HTTPS URL is resolved first to port 80 and then the loadbalancer converts this to 50000 and so finally message is arrived on 50000 and not on 50001.
And as a result, i could see that the payload has SOAP Envelope and the SOAP Body which should ideally be dropped by the Adapter and so the mapping is failing.
Can anyone suggest, that shall i ask n/w team to open a new port for me like 82 and ask them to resolve it on 8000 instead of 50000.
i think this will help in dropping the SOAP Envelope and the BODY from te payload.
Regards,
RFavi
Hi Ravi,
Are you absolutely sure you are using SOAP adapter and not HTTP adapter? See here:
This option "HTTP Security Level --> HTTPS without Client Authetication" appears only in HTTP adapter, which is naturally not able to remove the SOAP Envelope. So what you should do is to change the Adapter Type to SOAP. Moreover, for different client authentication methods in SOAP scenario, refer to my blog here: http://scn.sap.com/people/grzegorz.glowacki/blog/2012/03/07/a-closer-look-at-soap-sender-authenticat...
Hope this helps,
Greg
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Ravi,
I checked a different version of SOAP adapter than you are using (Basis 7.11, and you seem to use 7.10). Regarding the discussion so far: I agree with Mark that assigning a new port is not expected to help here. Definitely this option "Do not use SOAP Envelope" will not help either - it has somehow different application, when the client is not sending the envelope at all.
So what I can suggest is: generate the WSDL file from your Sender Agreement, then import it to some free web service testing tool like SOAP UI and try testing from there - is the problem identical to what you get while testing from the client application? What I suspect is some problem with namespaces when the web service is triggered from the client. If a SOAP UI test succeeds, it would confirm my theory.
Hope this helps,
Greg
Hi Greg,
I have just noticed the URL and would like to share with you :
The one that was provided to customer :
Is it because its PLAIN_HTTP so, the envelope is not getting dropped?
The one that i read somewhere :
https://hostname:port/XISOAPAdapter/MessageServlet?channel=:BusinessSystem:CommunnicationChannel&sap...https://hostnameport/
Is the first one wrong ?
Regards,
Ravi
Dear Ravi,
Are you sure you want to use the username and password in the URL where you post the data? If so, then the correct URL to use is:
http://host:port/sap/xi/engine?type=entry&version=3.0&Sender.Service=SENDER&Interface=NAMESPACE^SERV...
I have only used this with plain HTTP (not HTTPS) so far, but you can try with HTTPS as well. There are more details in a blog by Stefan Grube below, but unfortunately this blog content is broken at this particular moment, after the migration to new SDN...
http://scn.sap.com/people/stefan.grube/blog/2006/09/21/using-the-soap-inbound-channel-of-the-integra...
Hope this helps,
Greg
Hello,
Can someone confirm that , this is the correct URL for SAP 7.11 SP 06 scenario :
http://host:port /XISOAPAdapter/HelperServlet?action=FindChannel& channel=p:s:c
Regards,
Ravi
No the above URL is wrong.
Use this URL
http://<hostname>:<port>/XISOAPAdapter/MessageServlet?channel=:<service>:<channel>
where service - sender service interface name
channel - sender comm channel name
Refer this link too
http://www.riyaz.net/sap/xipi-a-guide-to-using-sap-xi-soap-adapter/113/
Dear Ravi,
You only have two options for the URL:
http://host:port/XISOAPAdapter/MessageServlet?senderParty=XXX&senderService=XXX&receiverParty=XXX&re...
http://hostportto send the message to sender adapter, or
http://host:port/sap/xi/engine?type=entry&version=3.0&Sender.Service=XXX&Interface=XXX&sap-user=XXX&...
to send the message directly to the integration engine.
In normal case, the first one is recommended, and this is the one that is included in the .wsdl file generated from Sender Agreement. On the other hand, the second one is the only option if you want to use username and password in the URL.
Hope this helps,
Greg
If you are having troubles to decide using the URL to test the webservice that is hosted on your soap sender, the simplest solution is as follows...
Go to sender agreement click display wsdl. save the wsdl. Look for address:location tag and pick the url. Use that URL for testing. In your case, you need to test via soap sender only.
Hi Baskar,
You are not really right about that. The initial requirement was: "there is no authentication involved from the sender side", so the URL from .wsdl file cannot be used. Please make sure to read the whole thread carefully before posting an answer, otherwise you confuse the person who asked.
Regards,
Greg
Can someone confirm that , this is the correct URL for SAP 7.11 SP 06 scenario :
http://host:port /XISOAPAdapter/HelperServlet?action=FindChannel& channel=p:s:c
Hello,
That URL is only used for checking if the channel is indeed available. It is not used to send messages to the AE or IE.
Regards,
Mark
Hello,
In our landscape, all external SOAP requests are sent via webdispatcher and then the webdispatcher routes it to the adapter engine much like what your Proxy does. And when we receive the message, it is without a SOAP Envelope. So I am unsure whether redirecting the port will work.
What you can do as a temporary workaround is to remove the SOAP Envelope via Java Mapping.
Hope this helps,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mark and Monica,
Its not checked ..i have already taken care of that
Regards,
Ravi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think in your configuration you have checked Do Not Use SOAP Envelope.
So if do this it will cause the message to fail if it comes with a soap envelope.
Configure it as per your incoming message.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
First things first, in your SOAP Sender CC, have you checked the Do Not Use SOAP Envelope option? If yes, you need to uncheck it so that the SOAP Envelope gets removed.
Regards,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.