Gmail connectivity from HCI
Though it is simple configuration steps in HCI, I spent lot of time understanding how Gmail is accepting authentication.. I would like to share my experiences on this.
I am assuming readers has basic knowledge of creating IFlow and Sender SOAP communication channel in HCI.
Scenario: SOAP to MAIL
Mail communication channel parameters
Deploy Gmail Credentials in the Artifacts
When you provide your Gmail user ID and password, first instance you may get below error in HCI
Fault:534-5.7.9 Application-specific password required. Learn more at
AuthenticationFailedException:534-5.7.9 Application-specific password required
Point to be noted here is Gmail does not accept any direct connectivity from HCI, it expects 2 way connectivity as below.
Enable 2-step verification and set a App password for HCI.
Select other custom app and generate a password in app passwords
Copy 16 character password and provide in HCI artifacts. Now it works for you..
Nice Blog Madhav.!
Its Very helpful for beginners for trying out mail adapter features.
Sriprasad Shivaram Bhat
firstly thanks for this very 'walk through' but i have a question which answer to, i hope, you would know. so the situation is that i used in my flow 'parallel multicast' and my message (which is soap request) reaches both web service and smtp server. my client (sproxy) expects response from web service but instead i receive exact copy of the content sent to SMTP server which leads to en exception in sproxy. do you know perhaps how could i make it stop, i mean how could i suppress this smtp respons and leave only response from web service ?
Can you also show the configuration for sender mail adapter.
That would be also interesting for me...
i am getting connection time out while run the iflow with mail adapter have google account smtp, but in connectivity test with same account and user password response is successfully reached host.
Error code -
javax.mail.MessagingException: Exception reading response;
nested exception is:java.net.SocketTimeoutException: Read timed out (local port 47197 to address 10.104.183.234 (vsa3148377.phx.od.sap.biz), remote port 465 to address 220.127.116.11 (pc-in-f109.1e100.net)), cause: java.net.SocketTimeoutException: Read timed out (local port 47197 to address 10.104.183.234 (vsa3148377.phx.od.sap.biz), remote port 465 to address 18.104.22.168 (pc-in-f109.1e100.net))
LastError = org.apache.camel.CamelExchangeException: Parallel processing failed for number 1. Exchange[ID-vsa3689155-56028-1519058190794-353-7417]. Caused by: [org.apache.camel.RuntimeCamelException - javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target], cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Did you resolve this issue? I am too getting something similar.
connectivity test seems fine, however giving out PKIX path building fails.
Thanks and Regards,
Hi Amulya and Federico,
To resolve this certificate error you need to deploy the smtp.gmail.com:25 certificate in the keystore.
In order to get the certificate, you need to run the following command in terminal:
openssl s_client -starttls smtp -connect smtp.gmail.com:25 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
After that you copy and paste the certificate on a file and then you import that file in the CPI/HCI.
Thanks it worked
If you don't have (or don't want) 2-factor authentication enabled, you can enable "Less secure apps" in your google account:
Then you can use your "normal" gmail login
Thanks for sharing the blog. It helps.
I selected Proctection = STARTTLSMandatory , I got similar error ' need app password' though I entered the app password in CPI.
Later I changed to STARTTLSOptional, it worked.