SOAP Adapter Bug Analysis – User:Pass lenght Basic Authentication

Hi there,

In the following post we will describe a bug found in the SAP PI Soap Adapter.

This bug is related to the admissible length of User:Pass pair during the basic-authentication in the Soap Adapter.

During the post we will cover the whole process:

– SAP PI Version

– Context of the project

– Initial Configuration

– Errors

– Analysis

– Solution

SAP PI Version

We are running a SAP PI 7.31 SP10 Java Stack (SO: HP-UX)

The SAP_XIAF component is running in the release:

Context

Right now we are developing a project integrating SuccessFactors with SAP ECC.

SuccessFactors is a cloud HR solution, so a cloud integrator called BOOMI, it´s used in order to ease the communication with the HR plattform.

Initial Configuration

Boomi Authentication

   The authentication in Boomi is set up to Basic- Authentication, in this environment:

   The following user was generated in order to test the flows in Boomi.

  As you can see the autogenerated pass was really long.

SAP PI Initial Configuration

  We configured the SAP PI Soap Channel the following way:

Errors

SAP PI Communication Channel Monitor

When we started the tests, we found the following error in the Soap Receiver Channel:

   HTTP 401 Unauthorized

   Which meant that the authentication was not working.

Analysis

   Putty, TCPMon and Xming

   We needed to see what the Soap Adapter was really sending to Boomi

   So we placed a TCPMon between SAP PI and Boomi:

   There must be visibility between TCPMon and SAP PI, so we placed the TCPMon inside the SAP PI Machine, which was running on a HP-UX SO.

   The problem, is that there is no visual environment in this SO, so we needed to capture the screen of the TCPMon somewhere else, for this purpose we use XMING (this program must be running in your local computer, before executing the TCPMon, in order to capture the screen).

   Set Up Putty

    We´ll use the putty to start the TCPMon.

    A special configuration must be done in putty in order to pass the TCPMon Screen to the XMING.  (X11 forwarding)

   Start TCPMon

   Screen is captured with XMING (local computer).

Set Up TCPMon

We´ll set up the TCPMon to listen in the port 8899, and pass the received request to:

– XXXXX-stage.sucessfactors.eu: YYYY (SAP PI Channel Host and Port)

Once the TCPMon is listening the following screen is shown:

  Set Up SAP PI Comm Channel

  The SAP PI Soap Communication Channel must be reconfigured, pointing to the TCPMon Host and port.

   As you can see the SAP PI communication channel is now pointing to the TCPMon.

Capturing the payload

   Everything is ready, so the scenario is executed once again.

   In the TCP Mon we should be able to see the payload and the HTTP headers that are being passed to Boomi:

   TCPMon.trc is file attached to the post.

Basic Auth Header:

   Authorization: Basic Qk9PTUlfVEVTVF9VU0VSX1NPQVBQQVNTOjJlMTM1Y2QzLWMxNTMtNDY5OS05YmY5LTYyMjNiYzVi

Decoding the Header

   When we decode the Basic Auth Header, we can see the real User:Pass pair sent to Boomi.

   As you can see the password is incomplete!

   We have detected that User:Pass Pair can´t longer than 56 Characters, at least for this SAP PI Version.

The Solution

   There are several workarounds for this problem ….

   1.- Use Axis adapter

   2.- Use Http AAE Adapter (create soap:envelope in the mapping)

   3.- I guess that updating/upgrading the system should solve this SOAP Adapter the issue …