Sign Up ›

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
sdavidow9sdavidow9 

Callouts to SAP/XI with Login creds or Cert?

Has anyone successfully written callouts to SAP/XI?

I have tried all sorts of combinations, but running into issues:

All my research points that I am doing this correct.  We have tried both self-signed certs and basic username/password authentication.

Setting my stub values:
Stub.inputHttpHeaders_x.put('Authorization','BASIC dnJldmF....W1wcGFzczAx');
--OR--
Blob headerValue = Blob.valueOf(username + ':' + password);//username/password set above String authorizationHeader = 'BASIC '+ EncodingUtil.base64Encode(headerValue);
stub.inputHttpHeaders_x.put('Authorization', authorizationHeader);

We have also tried (separately):
stub.clientCert_x = 'MIIG...';//Where this is the bas64 encoding of the pkc12 version of the cert
stub.clientCertPasswd_x = 'xxxxx';

Nothing seems to get past the security layer.  Has anyone successfully written the outbound message?

 

 

 

 

Best Answer chosen by Admin (Salesforce Developers) 
sdavidow9sdavidow9

We have still not been able to get 2 way SSL going, but we are using Username/password authentication.

 

This turned out to be an issue with the way XI was set up as well as a complicated network.

Okay, maybe I shouldn't have marked this as "accepted solution", but when it comes down to it, it wasn't something that could be solved on the SFDC side.

Message Edited by sdavidow9 on 12-14-2009 12:32 PM

All Answers

jpwagnerjpwagner

I haven't tried it with SAP/XI, but have you tried just posting an httprequest using strings?

 

Callouts from apex don't support complex type responses... 
sdavidow9sdavidow9

I've tried the below as well.  I'm getting back a 401 Unauthroized...though we have validated the username/password...

 

 


HttpRequest req = new HttpRequest();
system.debug('### starting hhtprequest...');     
req.setEndpoint('https://sapxi...');
req.setMethod('POST');
// set the SOAPAction in the header

 


String username = '...';
String password = '...';


req.setHeader('SOAPAction', 'http://sap.com/xi/WebService/soap1.1');
req.setHeader('Content-Type', 'text/xml;charset=UTF-8');
req.setHeader('Authorization', 'BASIC dnJld...1wcGFzczAx');//as well as tried below with encoding it
//req.setHeader('Content-Type','text/xml');
//String soapActionHeader = EncodingUtil.base64Encode(headerValue);
//req.setHeader('SOAPAction', soapActionHeader);
               
// set the client certificate

//req.setClientCertificate(certificate,'password');
//Have tried with/without above line
String soapMsg = 'here goes the SOAP message';           
req.setBody(soapMsg);
      
// create an HTTP object and use it to send the request
Http http = new Http();
system.debug('### about to... hhtprequest...');
HTTPResponse res = http.send(req);
system.debug('### sent... hhtprequest...');               
String resBody = res.getBody();
retValue = resBody;
System.debug('The response from External Server is --> '+resBody);
 

jpwagnerjpwagner

Last suggestion I have is have you added the endpoint to the "remote site settings" under "security controls"?

 

(Setup->Administration Setup->Security Controls->Remote Site Settings) 
sdavidow9sdavidow9

Yep, done that.  You get an Unauthorized Site/endpoint message from SFDC before the callout is sent.

 

I was hoping someone has done an SAP/XI call and run to similar problems, where it's something specific (or stupid I'm doing)...

 

OR

 

I know there are a lot of variables in the network setup here, so if anyone can valide that I've got all my code running properly...that would at least let me point the finger elsewhere and stop spinning my wheels on this.

 

I have setup a sudo-WS on a .php site to capture the XML/SOAP sent, but I can't see the header - which is  where I believe the problem may lie.  

 

I don't have access to the SAP/XI box to install a sniffer and watch as that was suggested by a co-worker - then again, he suggested I install SFDC locally and run it from my laptop...I said, let's have a talk...

 

 

 
jpwagnerjpwagner
random thing i found...http://www.coderanch.com/t/441159/Web-Services/java/provide-basic-authetication-from-SOAP
SuperfellSuperfell
I've seen a number of services that are case sensitive for the authentication schema (BASIC in this case), you may want to try it with Basic rather than BASIC (I ran into this problem with the twitter api)
sdavidow9sdavidow9
Still no progress.  I will update if/when we get it resolved.  I've tried both wsdl2APEX as well as the httpRequest routes.  Neither seem to work.  Seems that sending the Basic Authentication should work even if the certs aren't set up on the SAP/XI side...but no luck here.  If anyone has ideas I'm all for trying.
sdavidow9sdavidow9

We have still not been able to get 2 way SSL going, but we are using Username/password authentication.

 

This turned out to be an issue with the way XI was set up as well as a complicated network.

Okay, maybe I shouldn't have marked this as "accepted solution", but when it comes down to it, it wasn't something that could be solved on the SFDC side.

Message Edited by sdavidow9 on 12-14-2009 12:32 PM
This was selected as the best answer
WimWim

Hi,

 

does anybody have an answer to the question above? I am facing the same problem and am not able to resolve it?

 

kind regards,

Wim van Erp
sdavidow9sdavidow9

Wanted to update (finally) with code we used to get this going.  This is with most of the logic stripped out and just the basic callout:

 

system.debug('### Starting Callout...');        
WSDL2APEXClass.calloutMethodPort abc = new WSDL2APEXClass.calloutMethodPort();

//abc.endpoint_x= 'https://www.endpoint.com/xxx...';
abc.endpoint_x= Label.MyEndPointLabel; //I utilized custom labels so I can change my endpoint from sandbox to prod w/o changing code
abc.inputHttpHeaders_x = new Map<string, string>();
abc.outputHttpHeaders_x = new Map<string, string>();

system.debug('### setting headers... ');
//string username = username or Label;
//string password = password or Lable;
//Blob headerValue = Blob.valueOf(username + ':' + password);
//String authorizationHeader = 'Basic ' + EncodingUtil.base64Encode(headerValue);

string credentials = Label.UsernamePasswordbase64Encoded;//another label that is "username:password" encoded as base64.  Could use SFDC's encoder (above), but this encrypts (sorta) in the label
String authorizationHeader = 'Basic ' + credentials;

abc.inputHttpHeaders_x.put('Authorization', authorizationHeader);
system.debug('### Headers set...');

string My_respons;
    My_response = abc.MyCalloutMethod(calloutvars...);

 

 
mhamberg1mhamberg1

Hi sdavidow9 (or anyone else that has done this), I'm working on the same type of thing and I have three questions about your method:

 

1. Where are you storing this code - in a regular Apex class?

2. Where are you storing your labels? I'm looking for a good way to do this.

3. What are you using to execute this callout?

 

Thanks
sdavidow9sdavidow9

It's been a while, but from what I remember:

1.  Yes, regular Apex classes.

2.  Custom Labels:  Create-->Custom Labels, though using custom settings is another appropriate place.

3.  I ended up with 3 methods for excuting the callout:

a) With a trigger after an update to a specific status (or something).  

b) We setup a schedule batch - and ended up needing to do future with batch size of 1 since it was for monthly ordering

c) I'm pretty sure I set it up to run off a button click for specific situations including manual retries.