SAP Knowledge Base Article - Preview

2362305 - SOAP sender channel fails to transfer messages over SSL

Symptom

You use SOAP sender channel for communication from an external system to SAP PI (DAE or central AAE). The transport level security is activated with the following property defined in the sender channel:

HTTP Security Level = HTTPS with client authentication

While the external system sends any message into PI, they get a message complaining authentication failure or HTTP 401.

In the XPI Inspector trace on this specific SOAP sender channel, you will find log entries like the following:

com.sap.security.core.server.userstore.UserstoreException: Could not get user 
at com.sap.security.core.server.userstore.UserContextUME.engineGetUserInfo(UserContextUME.java:264)
at com.sap.engine.services.security.userstore.context.UserContext.getUserInfo(UserContext.java:129)
at com.sap.engine.services.security.server.jaas.ClientCertLoginModule.getUserNameFromCert(ClientCertLoginModule.java:313)
at com.sap.engine.services.security.server.jaas.ClientCertLoginModule.login(ClientCertLoginModule.java:178)

...

Caused by: com.sap.security.api.NoSuchUserAccountException: NO_USER_CERTIFICATE
at com.sap.security.core.imp.UserAccountFactory.getUserAccount(UserAccountFactory.java:950)
at com.sap.security.core.imp.UserAccountFactory.getUserAccount(UserAccountFactory.java:892)
at com.sap.security.core.imp.UserAccountFactory.getUserAccount(UserAccountFactory.java:1027)
at com.sap.security.core.server.userstore.UserContextUME.engineGetUserInfo(UserContextUME.java:259)
... 35 more

 [EXCEPTION]
 com.sap.engine.services.security.exceptions.BaseLoginException: Authentication did not succeed.
at com.sap.engine.services.security.server.jaas.LoginModuleHelperImpl.throwNewLoginException(LoginModuleHelperImpl.java:508)
at com.sap.engine.services.security.server.jaas.LoginModuleHelperImpl.throwUserLoginException(LoginModuleHelperImpl.java:390)
at com.sap.engine.interfaces.security.auth.AbstractLoginModule.throwUserLoginException(AbstractLoginModule.java:433)
at com.sap.engine.services.security.server.jaas.ClientCertLoginModule.getUserNameFromCert(ClientCertLoginModule.java:315)

...

 The localized message to be dispalyed to the user is No user mapped to the client certificate


Read more...

Environment

  • SAP NetWeaver Process Integration 7.1
  • SAP enhancement package 1 for SAP NetWeaver Process Integration 7.1
  • SAP NetWeaver 7.3
  • SAP enhancement package 1 for SAP NetWeaver 7.3
  • SAP NetWeaver 7.4
  • SAP NetWeaver 7.5

Product

SAP NetWeaver 7.1 ; SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP NetWeaver Process Integration 7.1 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 1 for SAP NetWeaver Process Integration 7.1

Keywords

X.509, certificate, TrustedCAs, mutual trust, Process Integration 7.10, PI 7.10, Process Integration 7.11, PI 7.11, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI 7.31, Process Orchestration 7.4, PI 7.4, PO 7.4, Process Orchestration 7.5, PI 7.5, PO 7.5, XI, AEX , KBA , BC-XI-CON-SOP , SOAP Adapter , BC-JAS-SEC , Security, User Management , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.