Skip to Content
avatar image
Former Member

PI 7.31 AEX - Principal Propagation

Hi,

I am trying to get principal propagation working on PI 7.31 single-stack AEX my scenario is as follows.

ThirdParty (SOAPui) -- soap with ssl -> PI -- rfc -> SAP

Everything works fine between PI and SAP where i have made a trust but not from SOAPui to PI.

Current setup which is not working:

I have added ClientCertLoginModule to component sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter with the following options.

Rule1.AttributeName = CN

Rule1.getUserFrom = subjectName

i created the certificate in PI NWA Certificates and Keys and imported it in SOAPui under preferences SSL.

http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certificate-authentication.aspx

Tried to send the message and get below error in SOAPui:

Error: 401 Unauthorized

In the NWA log it says:

Client certificate error.IP address

Please help me out...

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • avatar image
    Former Member
    Jun 19, 2012 at 01:49 PM

    Hi Christian,

    I had a similar issue, but the error now disappeared. I've done a lot of changes in that area, so I don't know what exactly fixed the issue.

    Have you checked the obvious things? Is the certificate valid? Is it transmitted at all? Can you get more information in SoapUI? I believe the SAP warning message is truncated.

    Good luck!

    Jörg

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi David,

      I was told by my Ramp-Up coach that only SAP Assertion Ticket is supported for principal propagation.

      About client certification i was not able to get it working and didnt have anymore time to look into this.. If you get it working please let me know..

      If you need help setting up client certification i might be able to assist you to get started :-)

  • avatar image
    Former Member
    Aug 01, 2012 at 10:42 AM

    Does anyone have an idea how to get this working?

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Christian

      Did you get any luck with this?

      Could you help with the steps involved in setting up this scenario please I need the same scenario without the SOAPui. I got the webservice setup in SR but the app needs to logon each time which is no good so if you could help with the steps in setting up the principal propagation i would be grateful.

      Thx

  • avatar image
    Former Member
    Sep 10, 2012 at 10:42 AM

    I was still not able to get this working...

    Does anyone know when SAML will be supported in AEX?

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 10, 2012 at 10:59 AM

    Hi Christian,

    Error 401 unauthorized have following chances,

    1. your user id don't have authorizations to test from SOAP UI.

    2. your user or password provided in the UI was wrong.

    BTW , wht is your soap ui version?

    Regards

    Hari.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Anshul,

      We have successfully configured SAML (with Principal
      Propagation) using the WS adapter on PI7.31 dual-Stack (this is no different to
      how it would be configured in 7.11)

       

      SAP confirmed to us that SAML is not currently supported in the
      SOAP adapter and therefore SAML cannot be configured for a single-stack
      instance. They have indicated that the implementation of SAML in the SOAP
      adapter is not currently in any planned EHP/SPs, but this could be considered
      if enough requests are made for this functionality.

      Regards,

      Dave

  • May 20, 2014 at 10:43 AM

    Hi Christian,

    We are also having similar requirement on PI 7.31 Single Stack for Principal Propagation.

    3rd party --> PI --> SRM (SOAP to Proxy Scenario)

    Were you able to configure and test it successfully?

    Appreciate if you can share any docs / working links.

    Regards,

    Azhar

    Add comment
    10|10000 characters needed characters exceeded