Introduction :
In this blog, I'm sharing the interface requirement I had received & my approach to find the solution.
Integration requirement is, in simple terms, PI has to apply web services security ( WSSEC ) signing to xml , then transfer it to target web service. I've created a question in SAP Community (
https://answers.sap.com/questions/358394/digital-signature-and-validation-for-sync-web-serv.html ) with detailed information about message specification.
Below links explain the concept of wssec signing in simple terms.
https://msdn.microsoft.com/en-us/library/ms977327.aspx
https://en.wikipedia.org/wiki/WS-Security
https://help.sap.com/doc/9e171713aae646e88d0110547c11d7c4/7.52.0/en-US/48aea407ac5a3206e10000000a421...
To achieve this in PI, possible options comes to our mind are SOAP Adapter, SOAP AXIS, Java mapping.
SOAP Adapter :
In the above mentioned question I've explained the details like settings done, error messages seen. SAP confirmed that SOAP is not fully supporting WSSEC signing.
SAP Note #856597 - FAQ: XI 3.0 / PI 7.0/7.1/7.3 SOAP Adapter
( Q. Support of wsse specification and X. 509token in adapter ?)
SOAP AXIS :
SAP Note #1039369 - FAQ XI Axis Adapter which helped to achieve this. This note didn't give me exact solution, however it helped to derive the correct configuration.
# 11 - I am getting a corrupted signature.
# 16 - Can I include the sender's certificate in the signed message using WS-Security?
My PI version is 7.4 sp11 & Basis installed below mentioned optional AXIS components along with required components.
Wss4j 1.5.6 – (
http://archive.apache.org/dist/ws/wss4j/1_5_6/ )
Xmlsec 1.4.2 (
https://mvnrepository.com/artifact/xml-security/xmlsec/1.4.2 )
Xalan 2.7.1 (
https://mvnrepository.com/artifact/xalan/xalan/2.7.1 )
this is how url http://hostname:5XX00/XIAxisAdapter/MessageServlet looks after AXIS libraries installed.
Channel settings :
Handler names in Text format :
Tricky part here was, Receiver SOAP Axis channel enforces XML pretty print, which results in corrupted signature. target webservice used to respond error as 'invalid signature'.
I've applied disable XML pretty print handler bean. Importantly this Bean has to be mentioned above wssec signing handler beans.
As I could achieve this requirement in AXIS, I didn't spend time on Java mapping. Thanks for reading, Good Day !!
Avinash Malla Shetty
