cancel
Showing results for 
Search instead for 
Did you mean: 

SOAP Sender adapter wsse-security

former_member437950
Discoverer
0 Kudos

HI Experts,

I need clear explanation of one topic.

We have SAP PI scenario SOAP sender to RFC. It works fine and now I want to implement wss security standard.

I have selected message security in SOAP Adapter and specified in Integrated Configuration Object (ICO) security procedure for requested message decrypt and validate. I have generated key pair (private and certificae) in SAP Keystorage views (JAVA).

For Decryption (WS Request) I choose my private key.

But to verify signature what Issuer and subject do I need to select? Issuer and subject partner's private key? If we have a lot of consumers how I can select different Issuer and subject?

And how can I give public key to a partner for encryption? Because if I export only public certficate in base64 format partner in SOAPUI tool can't import certificate in keystore, he get error: Can't build keystore Private key missing.

I don't understand.

Or I need to generate only one pair and we will use same pair keys to encrypt/decrypt but I think it's not safe...

Accepted Solutions (0)

Answers (3)

Answers (3)

Harish
Active Contributor
0 Kudos

Hi Nurlan,

Yes, you need different ICO for a different partner. The reason to use the signing of the message is to identify them if the sender is an authorized sender.

You can use the Party object to create different ICO and refer to B2B communication documents for more details.

regards,

Harish

Harish
Active Contributor
0 Kudos

Hi Nurlan, Yes you can select only one partner to varify signing in one ICO.

former_member437950
Discoverer
0 Kudos

Hi Harish, Do I need to create one more ICO to integrate with another partner?

PavanKumar
Active Contributor
0 Kudos

Hi Nurlan,

In order to implement Wsse security you should have(private and public)key pair and partner should have (private and public)key pair and mutual exchange of public keys need to do prior.

Make sure you have own keypair and partner public certificate in your keystore view before doing configuration

Implementation looks like as below

Partner (Sign)--own private key

(Encrypt)- PI public key

PI (Decypt) -- PI privatekey

Verify signature-- partner's public key.

If want to test in soapui import all keys in jks format using keystore explorer before then test accordingly in reference with below blog.

https://www.soapui.org/soapui-projects/ws-security.html

Regards

Pavan

0 Kudos

Hi Pavan,

Thank for reply.

But to verify signature on PI side I can select only one "Issuer and Subject".

If I want to verify more Partners how can I do that on PI side?