Tag: Simple Object Access Protocol (SOAP)

SOAP Authentication with URL Parameters

SOAP Authentication with URL Parameters


In one of my latest project we set up a SOAP communication with a partner. Unfortunately, the partner was not able to include basic authentication header when sending a SOAP message. As we did not want to expose our SOAP Sender communication channel to the web, but could not wait for the partner to find a way to use basic authentication, we looked for another solution.


It is possible to include the webservice credentials into the URL. Just add the following two parameters to the query string of your URL and replace USER and PASSWORD with the configured values.


Please keep in mind that this solution is highly insecure as the username and password are exposed!

Create Webservice Mock Service with SOAP UI

Create Webservice Mock Service with SOAP UI


If you want to see the message which is send by a SOAP, REST, XI or HTTP Receiver Communication Channel, you can use SOAP UI to create a Mock Service to log the headers and payloads of the message.

Create Mock Service with SOAP UI

  1. Create a new Project or open an existing one
  2. Right click on your request and select “New REST/SOAP MockService” (SOAP service will respond with a SOAP envelope, REST service will send back an empty response) and name it
  3. If you like to specify port and path, click on the gearwheel and specify both. Otherwise your endpoint will be listening on https://localhost:8080/

    SOAP UI: Configure Mock Service parameters
    SOAP UI: Configure Mock Service parameters
  4. Open the “OnRequest Script” Tab and paste the following line into the editor
  5. Open the “Script Log” Tab and start your Mock Service with the green play button

    SOAP UI Mock Service: Log Payload of requests
    SOAP UI Mock Service: Log Payload of requests

Configure Receiver Communication Channel

  1. Find out your local IP Address (for example with this website)
  2. Make sure that your PC is reachable from PI (Firewall)
  3. Add your IP Address with the above configured port and path to the URL of your Receiver Communication Channel
  4. Send a request to your endpoint. The payload will be shown in the “Script Log”

Additional options

You can use the full scope of Groovy to write your scripts. Please find below two useful snippets to log your requests.

To log the headers use:


To write the request data into a file use:

def groovyUtils = new com.eviware.soapui.support.GroovyUtils(context)
def projectroot = groovyUtils.projectPath
def inputFile = new File(projectroot + "\\request.txt")

log.info("Writing request to file: " + projectroot + "\\request.txt")

For more information of the mockRequest class in SOAP UI, check the class documentation.

Also it is possible to send custom responses, please check the SOAP UI Documentation for more information.

Peer certificate rejected by ChainVerifier

Peer certificate rejected by ChainVerifier


In a scenario with a SSL encrypted (HTTPS) SOAP target URL in the SOAP receiver channel, the message goes into an error state.


The following error is shown in Message Log in PIMON:

SOAP: Call failed: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier


The SSL certificate needs to be imported into PIs keystore.

Download the certificate from the target server
  1. Open the Target URL in Chrome (or any other Browser)
  2. Open the developer tools by clicking on the three dots -> More Tools -> Developer Tools (Shortcut STRG + SHIFT + I)

    Chrome: Open developer tools
    Chrome: Open developer tools
  3. Go to the “Security” Tab and click on “View certificate”
  4. Go to the Details Tab and click on “Copy to file” button
  5. Click on the “Next” button and select “DER-codet-binary X.509 (.CER)”

    Download Certificate
    Download Certificate
  6. Click on “Next” button and select a destination on you local PC
Import certificate into keystore
  1. Open the Netweaver Administrator (http://your.pi:port/nwa)
  2. Go to Configuration -> Security -> Certificates and Keys
  3. Select the “Trusted CAs” View and click on “Import Entry”
  4. Select entry type “X.509 Certificate”, enter the path to the certificate you downloaded before and click on “Import”

    Certificates and Keys: Import entry
    Certificates and Keys: Import entry
  5. Resend your message

If your error is not resolved, open the certificate again and click on certification path. Afterwards, double click the first and second certificate (one after each other), save them and also import them into the TrustedCAx view.

Generate WSDLs and decoded URLs for webservices

Generate WSDLs and decoded URLs for webservices

When creating an Interface with SAP Process Integration or SAP Process Orchestration which provides a webservice, you need the WSDL file or at least the URL of your webservice. Otherwise, your partner doesn’t know how to connect to your webservice.

Generate WSDL file

SAP PI and PO has a great feature do generate Web Service Description Language (WSDL) files for configurations with HTTP, XI, SOAP or WS Sender Communication Channels.

To generate a WSDL file:

  1. Open an Integrated Configuration (ICO) (or a Sender Agreement) in the Integration Builder, which is in status “Active”
  2. Click on “Integrated Configuration” in the top menu
  3. Click on “Display WSDL”
Detail View of Integrated Configuration

Detail view of Integrated Configuration (ICO) in Integration Directory (DIR)

A popup should open which displays the WSDL file and an URL to the WSDL file. Now, you can either download the file, use the URL to the WSDL file or directly get the information you need.

Get webservice URL

You can provide the whole WSDL file to your partner or just the URL. If you need the URL only, scroll to the end of the WSDL file . There you can find the HTTP and the HTTPS ports with the webservice URL in the location attribute of the address element. It looks like:


Shows Display WSDL window with address section highlighted in Integration Directory (DIR)
Display WSDL window – address section highlighted

Depending on you system configuration and your network structure, you maybe have to change domain and port of your URL before you can provide it to your partner. In case there is a Web Application Firewall, a Web Dispatcher, a Reverse Proxy or something similar in place, you should ask your system administrator for the correct domain and port. If you are communicating over an unprotected network, like the internet, you should always use SSL encryption.

Decode webservice URL

Due to different implementations of URL processing it is sometimes necessary to decode the URL, provided in the WSDL file. For example for the Chrome browser extension Boomerang you need to decode the URL before you can successfully connect to your webservice. If you do not know how your application handles URLs you can test the normal and the decoded URL. For one URL you will get an error like this:

com.sap.aii.af.service.cpa.CPAObjectNotFoundException: Couldn’t retrieve inbound binding for the given P/S/A values: FP=;TP=;FS=null;TS=;AN=null;ANS=null;

To get the decoded URL, just paste your URL in the textbox below and click on the “Decode URL” button.

If you are trying to reach the webservice in a browser you should see something like this:

Message Servlet is in Status OK

Status information:

Servlet com.sap.aii.adapter.soap.web.MessageServlet (Version $Id: //tc/xpi.adapters/NW731EXT_15_REL/src/_soap_application_web_module/webm/api/com/sap/aii/adapter/soap/web/MessageServlet.java#1 $) bound to /MessageServlet
Classname ModuleProcessor: null
Lookupname for localModuleProcessorLookupName: localejbs/ModuleProcessorBean
Lookupname for remoteModuleProcessorLookupName: null
ModuleProcessorClass not instantiated
ModuleProcessorLocal is Instance of com.sun.proxy.$Proxy523
ModuleProcessorRemote not instantiated