cancel
Showing results for 
Search instead for 
Did you mean: 

AS2 Sender channel - authorization Error & error with expected URL

Former Member
0 Kudos

Hello,

i had configured AS2 sender channel as shown below:

In General tab, Expected URL path as.*

Expected Message ID left/Right as .*

Aslo assigned values for Expected Sender AS2 name and own AS2 name and subject as well.

In signature and encryption tab,

assigned proper Keys for 'verify signature' and 'decryption'.

MDN tab also selected sign MDN and assigned proper keys and selected Send options as 'Immediate'.

So once done above configuration in AS2 sender channel, channel status shows as 'Channel is listening for incoming connections on /AS2/.*' but when source system triggers AS2 message, they are getting error as '401 Unauthorized'.

So if i try to add the expected URL path as 'Http:// host:port/AS2/ ' then channel status shows as 'Channel configuration is erroneous: java.net.MalformedURLException: Expected URL path is not correct'.

even i tried to add <path> to the url and still it shows same error. Please suggest how to solve this issue. we are having PO75 and b2b addon latest version. As we are using Certificate authentication, hope no credentials required to be provided to source system right?

Thank you.

Best Regards,prasant

Accepted Solutions (0)

Answers (3)

Answers (3)

manoj_khavatkopp
Active Contributor

Prasanth,

Close your browser and put the URL which you have given to third party in the browser and check if its asking for any userid/password ?

Br,

Manoj

Former Member
0 Kudos

Hi Manoj,

I had tried to open the URL in my browser and it is prompting for user name and pwd and it is working fine and shows message as ' use POST requests to submit AS2 messages'. but when i gave the same URL in channel it shows the error as'Channel configuration is erroneous: java.net.MalformedURLException: Expected URL path is not correct'.

Regards,

Srini

manoj_khavatkopp
Active Contributor
  • No , keep the expected URL as .* only this is valid. The reason for 401 Authorization is /AS2 policy configuration is default authentication enabled for AS2 in your NWA , to handle this :
  • You need to provide a user id and password to third party which is created in PI/PO system , so that third party can use this to post message to your AS2 server.
  • You can disable the default authentication imposed in /AS2 policy configuration by creating a user "AS2_Anonymous" and handle this via login module in nwa. This will disable the complete AS2 adapter authentication.

Br,

Manoj

weberpat
Contributor

In my experience, using username/password authentication in AS2 scenarios is fairly uncommon as the AS2 protocol itself provides sufficient security using public/private key pairs. Even if your business partner is OK with provisioning a username and password, you may therefore want to go for disabling the authentication as you might wind up having to do that anyway with one of the next partners you are adding.

manoj_khavatkopp
Active Contributor
0 Kudos

Yes Patrick, this is the best approach . i had this issue when migrating from Seeburger to B2B components as Seeburger had no such auth imposed but B2B AS2 adapter has so instead of reaching out to each partner and having this additional auth .we made the auth of B2B AS2 adapter disabled so there wont be any chnage at partner end.

Former Member
0 Kudos

Hi,

I had disabled the authentication and also in channel i used as '.*' for Expected URL path.

Now when source system try to trigger data it shows error as '403 forbidden' and 'Request is not expected by the AS2 adapter'. Also checked with source team that they are sending sender AS2 name, own AS2 name, subjact as we defined in channel and channel is also active.

Best Regards,prasant

manoj_khavatkopp
Active Contributor
0 Kudos

403 forbidden is usually when :

  • The AS2 ID configured by Partner and the one configured in PI doesn't match.
  • The Message subject dosent match
  • The channel is stopped.
  • The channel is not assigned to any sender agreement or ICO
Former Member
0 Kudos

Hi Manoj,

Thanks for your quick response. we verified with sender system that they are triggering message with same sender and Own AS2 names and subject that we defined in channel. channel is active. ICO has sender channel.Did 'Party' plays any role here?

Regards,prasant

manoj_khavatkopp
Active Contributor
0 Kudos

No, the party is not important i am suspecting there is some mis-configuration at your/third party end . Additionally to the above mentioned points do check the sign / encryption configuration too and also make sure there is only one AS2 channel with these configuration and is assigned to only one sender agreement.

Have you checked the B2B log viewer ? Do you see any error over there?

former_member478107
Discoverer
0 Kudos

prasanth.sappo , manoj.khavatkopp and weberpat

We exactly have the same issue. But I am suspecting that this is because we asked our partner to use the IP address in the AS2 URL on their side with our public IP when sending the message. This public IP address is different from our PI host ip.

Also when we generated our certificates we used PI host name instead of public ip address.

Do you see any of these causing the issues?

Below is the thread I raised for this issue if you can help. Thank you.

AS2 Sender Channel HTTP error 401 unauthorized HTTP error 403 forbidden

former_member478107
Discoverer
0 Kudos

@Prasanth V

We are having the same issue. Were you able to fix this?

lars.franz2

When we implement the OSS note you pointed we started receiving 403 forbidden error. I created a new thread if you prefer answering that. Please see the below.

AS2 Sender Channel HTTP error 401 unauthorized HTTP error 403 forbidden

Thanks in advance for any insights.

Regards,

Bharat

0 Kudos

Hi Parsanth,

have a look at SAP note 1828575.

The AS2 adapter requires a basic HTTP authentication as of service pack 2 in the default setting. However you could change the settings of your PO system as described in the note in order to use the adapter without HTTP authentication.

Regards,

lars