How to Configure AXIS Framework for Authentication Using the "wsse" Security Standard in SAP PI
Introduction
You might be required to consume an interface exposed as a web service from a provider system using the receiver SOAP Adapter (SOAP/HTTP) connection. The provided service is therefore consumed via the provided soap endpoint.
In order to consume a service which requires “wsse” standard for authentication, there exists different options for implementing this. But in this blog, the focus is on the configuration of the “wsse” standard using the axis framework.
In “wsse” standard, a WS-SecurityUsername Tokenenables an end-user identity to be passed over multiple hops before reaching the destination Web Service. The user identity is inserted into the message and is available for processing at each hop on its path. The client user name and password are encapsulated in a WS-Security<wsse:UsernameToken>.
Figure 1: Structure of SOAP message with “wsse” header
Create Communication Channel: To use this functionality, the Axis framework and all the necessary jar files must have been deployed on the PI system. Below are the steps necessary to implement security in the header of the message.
a) Create a communication channel, under the parameter tab, choose the adapter SOAP and tick the receiver button;
b) Choose the transport protocol as HTTP (Axis) and message protocol axis is automatically inserted in that field.
c) Enter the appropriate URL, and under XI Paramter, tick the XI header option and if a SOAP Action is required, enter the value for it.
Figure 2: Receiver SOAP Adapter with AXIS message protocol
Axis Framework Configuration:In order to configure the Axis framework, switch to the module tab on the communication channel and enter the parameters shown in the screen below in the order specified in the screen.
Processing Sequence
ModuleName: AF_Adapters/axis/HandlerBean
Type: Local Enterprise Bean
ModuleKey: wssec
Module Configuration
Module Key | ParameterName | Parameter Value |
wssec | action | UsernameToken |
wssec | Handler.Type | java:com.sap.aii.adapter.axis.ra.handlers.security.WSDoAllSender |
wssec | passwordType | PasswordText |
wssec | pwd.password | <enter password>=<enter password> |
wssec | user | <enter username> |
Figure 3: AXIS module configuration for “wsse”
Note: the parameters name and parameters value are case sensitive, so care should be taken they are entered as described above, if not the Adapter engine will throw up an error when the communication channel is monitored from the runtime workbench
References: For further references, please check the FAQ note 1039369