cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAP Sender adapter wsse-security

former_member437950
Discoverer

on ‎2019 Nov 29 11:53 AM

0 Kudos
646

HI Experts,

I need clear explanation of one topic.

We have SAP PI scenario SOAP sender to RFC. It works fine and now I want to implement wss security standard.

I have selected message security in SOAP Adapter and specified in Integrated Configuration Object (ICO) security procedure for requested message decrypt and validate. I have generated key pair (private and certificae) in SAP Keystorage views (JAVA).

For Decryption (WS Request) I choose my private key.

But to verify signature what Issuer and subject do I need to select? Issuer and subject partner's private key? If we have a lot of consumers how I can select different Issuer and subject?

And how can I give public key to a partner for encryption? Because if I export only public certficate in base64 format partner in SOAPUI tool can't import certificate in keystore, he get error: Can't build keystore Private key missing.

I don't understand.

Or I need to generate only one pair and we will use same pair keys to encrypt/decrypt but I think it's not safe...

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (3)

Answers (3)

Harish
Active Contributor
‎2019 Dec 04 10:11 PM
0 Kudos

Hi Nurlan,

Yes, you need different ICO for a different partner. The reason to use the signing of the message is to identify them if the sender is an authorized sender.

You can use the Party object to create different ICO and refer to B2B communication documents for more details.

regards,

Harish

Show replies
Show replies
Harish
Active Contributor
‎2019 Dec 03 3:16 AM
0 Kudos

Hi Nurlan, Yes you can select only one partner to varify signing in one ICO.

Show replies
Show replies
former_member437950
Discoverer
‎2019 Dec 03 5:53 AM
0 Kudos

Hi Harish, Do I need to create one more ICO to integrate with another partner?

PavanKumar
Active Contributor
‎2019 Dec 02 11:23 AM
0 Kudos

Hi Nurlan,

In order to implement Wsse security you should have(private and public)key pair and partner should have (private and public)key pair and mutual exchange of public keys need to do prior.

Make sure you have own keypair and partner public certificate in your keystore view before doing configuration

Implementation looks like as below

Partner (Sign)--own private key

(Encrypt)- PI public key

PI (Decypt) -- PI privatekey

Verify signature-- partner's public key.

If want to test in soapui import all keys in jks format using keystore explorer before then test accordingly in reference with below blog.

https://www.soapui.org/soapui-projects/ws-security.html

Regards

Pavan

Show replies
Show replies
former_member453570
Member
‎2019 Dec 03 2:56 AM
0 Kudos

Hi Pavan,

Thank for reply.

But to verify signature on PI side I can select only one "Issuer and Subject".

If I want to verify more Partners how can I do that on PI side?

Ask a Question