Skip to Content

Introduction :

In this blog, I’m sharing the interface requirement I had received & my approach to find the solution.

Integration requirement is, in simple terms, PI has to apply web services security ( WSSEC ) signing to xml , then transfer it to target web service. I’ve created a question in SAP Community ( ) with detailed information about message specification.

Below links explain the concept of wssec signing in simple terms.


To achieve this in PI, possible options comes to our mind are SOAP Adapter, SOAP AXIS, Java mapping.

SOAP Adapter :


In the above mentioned question I’ve explained the details like settings done, error messages seen. SAP confirmed that SOAP is not fully supporting WSSEC signing.

SAP Note #856597 – FAQ: XI 3.0 / PI 7.0/7.1/7.3 SOAP Adapter

( Q. Support of wsse specification and X. 509token in adapter ?)



  • SAP Note #1039369 – FAQ XI Axis Adapter which helped to achieve this. This note didn’t give me exact solution, however it helped to derive the correct configuration.

    # 11 – I am getting a corrupted signature.

    # 16 – Can I include the sender’s certificate in the signed message using WS-Security?


My PI version is 7.4 sp11 & Basis installed below mentioned optional AXIS components along with required components.

Wss4j 1.5.6 – ( )

Xmlsec  1.4.2 ( )

Xalan 2.7.1  ( )

this is how url http://hostname:5XX00/XIAxisAdapter/MessageServlet looks after AXIS libraries installed.

Channel settings :

Handler names in Text format :

Tricky part here was, Receiver SOAP Axis channel enforces XML pretty print, which results in corrupted signature. target webservice used to respond error as ‘invalid signature’.

I’ve applied disable XML pretty print handler bean. Importantly this Bean has to be mentioned above wssec signing handler beans.

As I could achieve this requirement in AXIS, I didn’t spend time on Java mapping. Thanks for reading, Good Day !!

Avinash Malla Shetty



To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Thomas Jork

    Hi Avinash,

    great blog.

    I am facing the same problem and it is also for ZSMOPL

    First I tried to route the message just through PI. Didn’t work due to extra header fields

    Next I started with standard SOAP interface, but as you outlined,

    WSS implementation is uncomplete.

    Finally I came to Axis but I am still struggling with the module parameter for

    • signatureKeyIdentifier
    • crypto.view
    • user

    I assume signatureKeyIdentifier is just a static value like DirectReference

    crypto.view ist the name of the related view in the keystore.

    But what is user. I thought it is the name of the view entry.

    But it doe not work. I get this error:

    I guess concerning ‘user’ I am wrong.

    Any idea?





Leave a Reply