Incompatible Metering info (CallerInformation) in SAP WS

The support of SAP systems for SOAP Web Services is pretty good. We have e.g. been successfully using WS-RM and SAP-RM to have reliable, one-way communication.

During a project I needed to make a call from an SAP ECC 6 system towards an external web service. This external web service was secured with WS-Security X509 Token profile. So the payload had to be digitally signed. With no integration platform yet available, I intended to make a direct call from the SAP back)end system. But this really proofed to be impossible. Getting keys and certificates into an SAP system is always a challenge, but configuration of the WS-Security in SAP’s SOAManager is actually quite trivial.

But things did not work out: a real showstopper became the Metering info that was present in each and every outbound call. As of Support Pack 17 of SAP NetWeaver 7.0, the element <CallerInformation> is present in the SOAP header of each outbound SOAP request. Purpose of this element is to gather service metering and transfer it to the service provider.

And the bad news is: you cannot get rid of this Metering information, as clearly documented by SAP Support (SAP note 1239428). The only workaround is to forward the information in the URL of the HTTP call. But in my case, the well secured web service rightfully refused to accept the web service call with all these extra parameters in the URL.

So SAP has implemented an proprietary and incompatible “feature”. Why can’t it be switched off?

Is this a trick of SAP to enforce the use of SAP PI/PO? Obviously any ESB can remove this ugly SOAP header.

Author: Guy

blogger

blogger

Curious to know more about this topic?

Working at i8c

i8c is a system integrator that strives for an informal atmosphere between its employees, who have an average age of approx 30 years old. We invest a lot of effort in the professional development of each individual, through a direct connection between the consultants and the management (no multiple layers of middle management). We are based in Kontich, near Antwerp, but our customers are mainly located in the triangle Ghent-Antwerp-Brussels and belong to the top 500 companies in Belgium (Securex, Electrabel, UCB, etc…).

Quality Assurance

i8c is committed to delivering quality services and providing customer satisfaction. That’s why we invested in the introduction of a Quality Management System, which resulted in our ISO9001:2000 certification. This guarantees that we will meet your expectations, as a reliable, efficient and mature partner for your SOA & integration projects.

i8c - ISO9001-2015

Also worth reading

Apigee Scope Validation using OpenAPI Specification

In API security and management, we often use a lot of different security mechanisms to protect the requested resource behind the API Gateway. One of these mechanisms is the validation of scopes to authorize a client on a specific sub-resource of the API. Most of

Read More »

Integrating with TIBCO CLOUD

Our experts Glenn, Jason, Jurgen, and Kevin dedicated an i8c FastTrack Day to examining the TIBCO iPaaS offering. Check out their Research & Development day report to learn what they uncovered. 👇  TIBCO CLOUD™ The TIBCO Cloud™ Integration enterprise integration platform-as-a-service (iPaaS) provides self-service integration

Read More »