HTTP Servlet URL with Username and Password as query string in SAP PI 7.50
I would like to share my experience here when we faced an issue while we were in the middle of a PI upgrade Project from 7.31 – Dual Stack to 7.50 – Single Java Stack.
While doing so, We came across a peculiar interface that was running in the system where we were transmitting URL query string and getting back a response message over the same URL.
The issue that we were facing:
In SAP PI 7.31 – Dual Stack version, We were using the below URL to get the acknowledgment back into PI,
And as SAP PI 7.31 was a dual-stack system, The above URL was working only with the Integration Engine where the Acknowledgement message was getting captured by SOAP Sender Channel.
But in SAP PI 7.50 version(i.e. Single Java Stack), the above-mentioned URL was not working as expected.
We modified this URL and some configurations in our PI system to accommodate this kind of requirement.
Here are the few things we have to implement/change in PI system configurations in order for this to work,
- UME Parameter for the PI system: ume.logon.userpwd_automatic_logon to be set to true.
- We used an HTTP adapter URL to send in our outbound payload as below. (Refer SAP Blogs: Java-based HTTP adapter how to pass username and password in query string) URL: http://host:port/HttpAdapter/HttpMessageServlet?interfaceNamespace=http://efg.com&interface=ABC&senderService=DEF&senderParty=&receiverParty=&receiverService=&qos=EO&j_username=username&j_password=password
- Quality of Service to be mandatorily added in the URL. (Refer to SAP Note: 2711953)
- & in the URL should be appended with amp; as it helps to mask the character and also SOAP PI adapter doesn’t support “&” special character. (Refer to SAP Note: 856597, Whether special character(s), are supported by the PI SOAP Adapter? Question)
- In the Password to be sent in URL, Avoid Special Characters such as “#”, “&”, “/”, “\” or “?” as if we use these characters, we will not be getting the required output.
- To assign relevant roles to your User, Please refer to SAP Note: 2481502.
- HTTP_AAE Sender Channel with Message Protocol as POST to be used instead of SOAP Sender channel in the Inbound interface where we are expecting the Acknowledgement Message back from the System.
- In HTTP_AAE Sender Channel, We need to set the Additional Parameters as below in the Advanced Tab,(Refer to SAP Note:1 958104)
- Name: setAuth
- Value: true
After configuring as per the above points, The configuration should start working in the system.
Some points that were highlighted by SAP Team while we were trying to enable this requirement was that,It’s a bad practice to send Credentials over the URL as the same is visible to 3rd Parties while transmitting via the Internet.And also it’s prone to XSRF attack as well.
Hence would suggest caution before proceeding with these changes.
Hope this helps!
SAP Blog Post Links:
SAP Note Links: