Skip to Content
Author's profile photo Former Member

How to Configure AXIS Framework for Authentication Using the “wsse” Security Standard in SAP PI

How to Configure AXIS Framework for Authentication Using the “wsse” Security Standard in SAP PI 

Introduction

You might be required to consume an interface exposed as a web service from a provider system using the receiver SOAP Adapter (SOAP/HTTP) connection. The provided service is therefore consumed via the provided soap endpoint.

In order to consume a service which requires “wsse” standard for authentication, there exists different options for implementing this. But in this blog, the focus is on the configuration of the “wsse” standard using the axis framework.

In “wsse” standard, a WS-Security Username Token enables an end-user identity to be passed over multiple hops before reaching the destination Web Service. The user identity is inserted into the message and is available for processing at each hop on its path. The client user name and password are encapsulated in a WS-Security <wsse:UsernameToken>.

   /wp-content/uploads/2013/04/image1_204908.jpg                   

Figure 1: Structure of SOAP message with “wsse” header

Create Communication Channel: To use this functionality, the Axis framework and all the necessary jar files must have been deployed on the PI system. Below are the steps necessary to implement security in the header of the message.


a)      Create a communication channel, under the parameter tab, choose the adapter SOAP and tick the receiver button;

b)      Choose the transport protocol as HTTP (Axis) and message protocol axis is automatically inserted in that field.

c)      Enter the appropriate URL, and under XI Paramter, tick the XI header option and if a SOAP Action is required, enter the value for it.

  /wp-content/uploads/2013/04/1_204909.jpg

Figure 2: Receiver SOAP Adapter with AXIS message protocol

Axis Framework Configuration: In order to configure the Axis framework, switch to the module tab on the communication channel and enter the parameters shown in the screen below in the order specified in the screen.

Processing Sequence

ModuleName:  AF_Adapters/axis/HandlerBean

Type: Local Enterprise Bean

ModuleKey: wssec

Module Configuration

Module Key

ParameterName

Parameter Value

wssec

action

UsernameToken

wssec

Handler.Type

java:com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender

wssec

passwordType

PasswordText

wssec

pwd.password

<enter password>=<enter password>

wssec

user

<enter username>

/wp-content/uploads/2013/04/image003_204910.jpg

Figure 3: AXIS module configuration for “wsse”

Note: the parameters name and parameters value are case sensitive, so care should be taken they are entered as described above, if not the Adapter engine will throw up an error when the communication channel is monitored from the runtime workbench

References:  For further references, please check the FAQ note 1039369

Assigned Tags

      9 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Roberto Cantero
      Roberto Cantero

      Hi folks,

      Two small corrections that work for me in the same scenario:

      wssec

      Handler.type

      java:com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender

      1. Handler.type instead of Handler.Type  it's OK in your screenshot but wrong on table.
      2. Uncheck keepHeaders, at least on my scenario with keepheaders checked I received:

           The header 'Main' from the namespace 'http://sap.com/xi/XI/Message/30' was not understood by the recipient of this message, causing the message to not be processed. This error typically indicates that the sender of this message has enabled a communication protocol that the receiver cannot process. Please ensure that the configuration of the client's binding is consistent with the service's binding.


      Follow note: 1776179 - Axis Adapter Error: org.apache.axis.ConfigurationException: handler is not instantiated

      1. Deploy the verified version of the wss4j (1.5.4, 1.5.5, 1.5.6, 1.5.7).
      2. The wss4j also requires the xmlsec-1.4.2.jar, but note if you deploy the wss4j-1.5.4.jar than the opensaml-1.0.1.jar also needs to be deployed. The older wss4j libraries do not require opensaml.

      Regards,

      Roberto.







          

      Author's profile photo Iñaki Vila
      Iñaki Vila

      Thanks for the feedback Roberto!. SOAP Axis adapter is a really headache and all help is welcome.

      Regards.

      Author's profile photo Former Member
      Former Member

      Hi Robert

      Thanks for the blog

      I have a doubt , in the password option do we need to provide the token or actual password?

      Author's profile photo Roberto Cantero
      Roberto Cantero

      Actual password, no token.

      br,

      Roberto.

      Author's profile photo Former Member
      Former Member

      Hi Roberto

      But when will the token be generated and how it will used runtime .

      just for understanding

      Regards

      sandeep

      Author's profile photo Former Member
      Former Member

      I am using wssec in SOAP Receiver with Axis protocol.

      I am getting error. "

      Error occurred while trying to load com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender

      I have installed Axis components but this is missing in my server. But this is missing

      • Apache WSS4J
        Warning: optional component missing --- looking for org.apache.ws.security.WSSConfig in com.sap.aii.af.axisproviderlib/wss4j.jar; see http://ws.apache.org/wss4j/  

      Is this required to be installed?

      wssec is for encryption. I am not using any tokenname, so is there any need of any password?

      Author's profile photo Former Member
      Former Member

      Hi Midhun

      Yes you have to install Apache WSS4J because WSSE is token authentication .Because i faced same issue and installed this jar file and issue was resolved

      Author's profile photo Rashmi Joshi
      Rashmi Joshi

      We have similar requirement where we need to add SignatureValue as well along with UserID and Password.

       

      Can you please help here?

      Author's profile photo Aayush Aggarwal
      Aayush Aggarwal

      Hi,

      Great Blog!!

      I am using Axis in our scenario (SAP PI 7.10), and after completing the above configuration, the header is not getting created as expected (screenshot attached)

       

      And we are getting below mentioned response from the third party web service (screenshot attached): 

      Could someone please advise…

      Regards,

      Aayush Aggarwal