Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

HTTP authentication vs. WS-SECURITY

Former Member

on ‎2008 Dec 19 6:10 PM

0 Likes
419

Hi,

We are trying to interface XI (7.0) to a 3rd party application using the web services. The 3rd party application is the client in this case, calling a service we defined in XI and provided a WSDL file for. The service is called by the 3rd party app through http. The issue we run into is that XI requires authentication for the http connection, while the 3rd party is providing authentication credentials through WS-SECURITY. This results in the termination of the established connection as XI sees lack of authentication credentials, yet the credentials are passed, just through WS-SECURITY. How do we get the WS-SECURITY credentials to be seen by XI as user ID and password for the http connection?

Thank you,

Mike

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

MichalKrawczyk
Active Contributor
‎2008 Dec 20 11:56 PM
0 Likes

hi Michal,

in standard you need to add logon data to call SOAP

adapter based on J2EE and ws secutiry is used for

signing and encrypting the message only

but there is a way

you can call the SOAP inbound channel directly

as shown in this blog:

this way your call can even be authenticated in an URL (not recommended of course)

so if you cannot use the j2ee soap adapter try the SOAP "adapter" on ABAP stack

hope this helps

Regards,

Michal Krawczyk

http://mypigenie.com - XI/PI FAQ

Show replies
Show replies
Former Member
‎2008 Dec 22 3:45 PM
0 Likes

The URL authentication (plain text) is obviously an issue. Is there a way for the authentication to take place (keeping out the non authorized uses of the service) yet have the credentials passed in an encrypted mechanism?

Mike

prateek
Active Contributor
‎2008 Dec 22 8:21 PM
0 Likes

Hi Michal Krawczyk,

That was my mistake as I got confused thinking both WS-security and authentications are alternative to each other.

Hi Michal Szopinski,

Your requirement for keeping out unauthorized senders could also be acoomodated by SSL enabling XI J2EE engine (If sender supports certificate exchange). If you use SSL(HTTPS), then there would be exchange of certificated which would ensure that the sender is the authorized one. Along with this you may use WS-Security functionality.

Regards,

Prateek

prateek
Active Contributor
‎2008 Dec 20 12:59 PM
0 Likes

Instead of using http adapter, you may use soap adapetr with "Do not use Soap Envelop" option. There you may enable ws-security following this guide.

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/405b38d1-9f8b-2a10-e1af-dd187a2b...

Regards,

Prateek

Show replies
Show replies
MichalKrawczyk
Active Contributor
‎2008 Dec 21 12:00 AM
0 Likes

hi Prateek,

>There you may enable ws-security following this guide.

can you elaborate a little bit more on how

setting WS security can help to avoid the need to log on the SOAP

adapter on j2ee ? I'd say it has nothing to do with the original question

but maybe you know something more

thanks,

Regards,

Michal Krawczyk

http://mypigenie.com - XI/PI FAQ

Ask a Question