Gmail connectivity from HCI
Though it is simple configuration steps in HCI, I spent lot of time understanding how Gmail is accepting authentication.. I would like to share my experiences on this.
I am assuming readers has basic knowledge of creating IFlow and Sender SOAP communication channel in HCI.
Scenario: SOAP to MAIL
Mail communication channel parameters
Deploy Gmail Credentials in the Artifacts
When you provide your Gmail user ID and password, first instance you may get below error in HCI
Fault:534-5.7.9 Application-specific password required. Learn more at
534 5.7.9
AuthenticationFailedException:534-5.7.9 Application-specific password required
Point to be noted here is Gmail does not accept any direct connectivity from HCI, it expects 2 way connectivity as below.
Enable 2-step verification and set a App password for HCI.
Select other custom app and generate a password in app passwords
Copy 16 character password and provide in HCI artifacts. Now it works for you..
Nice Blog Madhav.!
Its Very helpful for beginners for trying out mail adapter features.
Regards,
Sriprasad Shivaram Bhat
Hi Madhav,
firstly thanks for this very 'walk through' but i have a question which answer to, i hope, you would know. so the situation is that i used in my flow 'parallel multicast' and my message (which is soap request) reaches both web service and smtp server. my client (sproxy) expects response from web service but instead i receive exact copy of the content sent to SMTP server which leads to en exception in sproxy. do you know perhaps how could i make it stop, i mean how could i suppress this smtp respons and leave only response from web service ?
best regards
pawel
Hi Madhav,
Can you also show the configuration for sender mail adapter.
That would be also interesting for me...
Best regards,
Patric
Hi,
i am getting connection time out while run the iflow with mail adapter have google account smtp, but in connectivity test with same account and user password response is successfully reached host.
Error code -
javax.mail.MessagingException: Exception reading response;
nested exception is:java.net.SocketTimeoutException: Read timed out (local port 47197 to address 10.104.183.234 (vsa3148377.phx.od.sap.biz), remote port 465 to address 74.125.28.109 (pc-in-f109.1e100.net)), cause: java.net.SocketTimeoutException: Read timed out (local port 47197 to address 10.104.183.234 (vsa3148377.phx.od.sap.biz), remote port 465 to address 74.125.28.109 (pc-in-f109.1e100.net))
Please Help
Regards,
Sidharth Mehta
Certificate problems?
LastError = org.apache.camel.CamelExchangeException: Parallel processing failed for number 1. Exchange[ID-vsa3689155-56028-1519058190794-353-7417]. Caused by: [org.apache.camel.RuntimeCamelException - javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target], cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Hello Federico,
Did you resolve this issue? I am too getting something similar.
connectivity test seems fine, however giving out PKIX path building fails.
Thanks and Regards,
Amulya
Hi Amulya and Federico,
To resolve this certificate error you need to deploy the smtp.gmail.com:25 certificate in the keystore.
In order to get the certificate, you need to run the following command in terminal:
openssl s_client -starttls smtp -connect smtp.gmail.com:25 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
After that you copy and paste the certificate on a file and then you import that file in the CPI/HCI.
Cheers!
Thanks it worked
If you don't have (or don't want) 2-factor authentication enabled, you can enable "Less secure apps" in your google account:
https://www.google.com/settings/security/lesssecureapps
Then you can use your "normal" gmail login
Hello,
Thanks for sharing the blog. It helps.
I selected Proctection = STARTTLSMandatory , I got similar error ' need app password' though I entered the app password in CPI.
Later I changed to STARTTLSOptional, it worked.
reg, Shetty