Skip to Content

How to Configure AXIS Framework for Authentication Using the “wsse” Security Standard in SAP PI 

Introduction

You might be required to consume an interface exposed as a web service from a provider system using the receiver SOAP Adapter (SOAP/HTTP) connection. The provided service is therefore consumed via the provided soap endpoint.

In order to consume a service which requires “wsse” standard for authentication, there exists different options for implementing this. But in this blog, the focus is on the configuration of the “wsse” standard using the axis framework.

In “wsse” standard, a WS-Security Username Token enables an end-user identity to be passed over multiple hops before reaching the destination Web Service. The user identity is inserted into the message and is available for processing at each hop on its path. The client user name and password are encapsulated in a WS-Security <wsse:UsernameToken>.

   /wp-content/uploads/2013/04/image1_204908.jpg                   

Figure 1: Structure of SOAP message with “wsse” header

Create Communication Channel: To use this functionality, the Axis framework and all the necessary jar files must have been deployed on the PI system. Below are the steps necessary to implement security in the header of the message.


a)      Create a communication channel, under the parameter tab, choose the adapter SOAP and tick the receiver button;

b)      Choose the transport protocol as HTTP (Axis) and message protocol axis is automatically inserted in that field.

c)      Enter the appropriate URL, and under XI Paramter, tick the XI header option and if a SOAP Action is required, enter the value for it.

  /wp-content/uploads/2013/04/1_204909.jpg

Figure 2: Receiver SOAP Adapter with AXIS message protocol

Axis Framework Configuration: In order to configure the Axis framework, switch to the module tab on the communication channel and enter the parameters shown in the screen below in the order specified in the screen.

Processing Sequence

ModuleName:  AF_Adapters/axis/HandlerBean

Type: Local Enterprise Bean

ModuleKey: wssec

Module Configuration

Module Key

ParameterName

Parameter Value

wssec

action

UsernameToken

wssec

Handler.Type

java:com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender

wssec

passwordType

PasswordText

wssec

pwd.password

<enter password>=<enter password>

wssec

user

<enter username>

/wp-content/uploads/2013/04/image003_204910.jpg

Figure 3: AXIS module configuration for “wsse”

Note: the parameters name and parameters value are case sensitive, so care should be taken they are entered as described above, if not the Adapter engine will throw up an error when the communication channel is monitored from the runtime workbench

References:  For further references, please check the FAQ note 1039369

To report this post you need to login first.

9 Comments

You must be Logged on to comment or reply to a post.

  1. Roberto Cantero

    Hi folks,

    Two small corrections that work for me in the same scenario:

    wssec

    Handler.type

    java:com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender

    1. Handler.type instead of Handler.Type  it’s OK in your screenshot but wrong on table.
    2. Uncheck keepHeaders, at least on my scenario with keepheaders checked I received:

         The header ‘Main’ from the namespace ‘http://sap.com/xi/XI/Message/30‘ was not understood by the recipient of this message, causing the message to not be processed. This error typically indicates that the sender of this message has enabled a communication protocol that the receiver cannot process. Please ensure that the configuration of the client’s binding is consistent with the service’s binding.


    Follow note: 1776179 – Axis Adapter Error: org.apache.axis.ConfigurationException: handler is not instantiated

    1. Deploy the verified version of the wss4j (1.5.4, 1.5.5, 1.5.6, 1.5.7).
    2. The wss4j also requires the xmlsec-1.4.2.jar, but note if you deploy the wss4j-1.5.4.jar than the opensaml-1.0.1.jar also needs to be deployed. The older wss4j libraries do not require opensaml.

    Regards,

    Roberto.







        

    (0) 
  2. Midhun Madhav

    I am using wssec in SOAP Receiver with Axis protocol.

    I am getting error. “

    Error occurred while trying to load com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender

    I have installed Axis components but this is missing in my server. But this is missing

    • Apache WSS4J
      Warning: optional component missing — looking for org.apache.ws.security.WSSConfig in com.sap.aii.af.axisproviderlib/wss4j.jar; see http://ws.apache.org/wss4j/ &nbsp;

    Is this required to be installed?

    wssec is for encryption. I am not using any tokenname, so is there any need of any password?

    (0) 
    1. Sandeep Sharma

      Hi Midhun

      Yes you have to install Apache WSS4J because WSSE is token authentication .Because i faced same issue and installed this jar file and issue was resolved

      (0) 
  3. Aayush Aggarwal

    Hi,

    Great Blog!!

    I am using Axis in our scenario (SAP PI 7.10), and after completing the above configuration, the header is not getting created as expected (screenshot attached)

     

    And we are getting below mentioned response from the third party web service (screenshot attached): 

    Could someone please advise…

    Regards,

    Aayush Aggarwal

    (0) 

Leave a Reply