Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to use the ANONYM certificate list for a Service Consumer

Former Member

‎03-02-2015 2:00 PM

0 Kudos

Dear all,

I wish to consume an external Web Service from an ABAP function module, using HTTPS and Basic Authentication. Service Consumer and Logical Port are ready and it works - but everytime a dialog for username and password shows up, even though the correct user data is already saved in the Logical Port. This means that background processing fails.

Does anyone have an idea how to avoid that?

I suspect the reason is that the external server certificate is checked using the DFAULT certificate list, I can see that in the trace data. However, we do not use a client certificate and have imported the server certificate into the ANONYM keystore in STRUST. With an RFC destination in SM59 (just for testing) I can ping the web service without a popup.

What is the prerequisite or the configuration for the ANONYM keystore to be used?

Thank you for any hints,

Ringo

3 REPLIES 3

Former Member

‎03-02-2015 4:28 PM

0 Kudos

Let me put it in other words to make my question clearer, hopefully:

When I create an RFC destination to an external server in SM59 (Type G), then I can set the Certificate List used to check the external server´s SSL certificate to ANONYMOUS:

How can I achieve the same setting for a Logical Port in SOAMANAGER, which belongs to an ABAP Consumer Proxy?

Thanks for any suggestions.

Best regards,

Ringo

Preview file
36 KB

Former Member
In response to Former Member

‎03-05-2015 10:13 AM

0 Kudos

Ok, SAP Note 1720478 clearly states that it is not foreseen to manually change the PSE in SOAMANAGER. The correct PSE is derived based on the authentication method. If a WSDL-based configuration is used, the selected PSE will be influenced by WS-Policy settings for authentication settings, if such are contained in the WSDL file. The only known case where this is really required is for authentication with client certificates.

This means to me that a failed basic authentication can not be caused by configuring the wrong PSE. The mistake will rather be in username, password or in proxy settings.

Former Member
In response to Former Member

‎06-29-2015 2:51 PM

0 Kudos

There must have been some issue with the logical port I created, and nothing else. After I recreated it in the Test System I never had problems again. By now the solution works in production without any authentication issues.