SOAP AXIS for wssec signing
Introduction :
In this blog, I’m sharing the interface requirement I had received & my approach to find the solution.
Integration requirement is, in simple terms, PI has to apply web services security ( WSSEC ) signing to xml , then transfer it to target web service. I’ve created a question in SAP Community ( https://answers.sap.com/questions/358394/digital-signature-and-validation-for-sync-web-serv.html ) with detailed information about message specification.
Below links explain the concept of wssec signing in simple terms.
https://msdn.microsoft.com/en-us/library/ms977327.aspx
https://en.wikipedia.org/wiki/WS-Security
To achieve this in PI, possible options comes to our mind are SOAP Adapter, SOAP AXIS, Java mapping.
SOAP Adapter :
In the above mentioned question I’ve explained the details like settings done, error messages seen. SAP confirmed that SOAP is not fully supporting WSSEC signing.
SAP Note #856597 – FAQ: XI 3.0 / PI 7.0/7.1/7.3 SOAP Adapter
( Q. Support of wsse specification and X. 509token in adapter ?)
SOAP AXIS :
-
SAP Note #1039369 – FAQ XI Axis Adapter which helped to achieve this. This note didn’t give me exact solution, however it helped to derive the correct configuration.
# 11 – I am getting a corrupted signature.
# 16 – Can I include the sender’s certificate in the signed message using WS-Security?
My PI version is 7.4 sp11 & Basis installed below mentioned optional AXIS components along with required components.
Wss4j 1.5.6 – ( http://archive.apache.org/dist/ws/wss4j/1_5_6/ )
Xmlsec 1.4.2 ( https://mvnrepository.com/artifact/xml-security/xmlsec/1.4.2 )
Xalan 2.7.1 ( https://mvnrepository.com/artifact/xalan/xalan/2.7.1 )
this is how url http://hostname:5XX00/XIAxisAdapter/MessageServlet looks after AXIS libraries installed.
Channel settings :
Handler names in Text format :
Tricky part here was, Receiver SOAP Axis channel enforces XML pretty print, which results in corrupted signature. target webservice used to respond error as ‘invalid signature’.
I’ve applied disable XML pretty print handler bean. Importantly this Bean has to be mentioned above wssec signing handler beans.
As I could achieve this requirement in AXIS, I didn’t spend time on Java mapping. Thanks for reading, Good Day !!
Avinash Malla Shetty
Hi Avinash,
great blog.
I am facing the same problem and it is also for ZSMOPL
First I tried to route the message just through PI. Didn't work due to extra header fields
Next I started with standard SOAP interface, but as you outlined,
WSS implementation is uncomplete.
Finally I came to Axis but I am still struggling with the module parameter for
I assume signatureKeyIdentifier is just a static value like DirectReference
crypto.view ist the name of the related view in the keystore.
But what is user. I thought it is the name of the view entry.
But it doe not work. I get this error:
org.apache.ws.security.WSSecurityException: WSHandler: Signature: unknown key identification
I guess concerning 'user' I am wrong.
Any idea?
regards
Thomas
Hello Thomas,
user - this is name of private key ( private key alias ).
reg, Avinash
Hi ,
Thanks for the blog
we are facing org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 15; The prefix "soapenv" for element "soapenv:Body" is not bound. error
the payload which we are sending is correct it bound still its throwing above error .
Kindly help.
Thanks ,
Ruchita