IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.


#TechXchangePresenter
 View Only
Expand all | Collapse all

TP send AS2 message, got error: processed/error: authentication-failed

  • 1.  TP send AS2 message, got error: processed/error: authentication-failed

    Posted Fri November 06, 2020 01:39 AM

    Hello webMethods Experts,

    We have a problem in PROD with our new Trading Partner (TP), lets call it “A”.

    We are able to send EDIINT message to TP “A” successfully. But when TP “A” are trying to send to us, it is got error “processed/error: authentication-failed”.

    The other TP are going fine. When we tested this TP in DEV, it was went well.

    We have load TP certificate in MWS for

    • Sign/Verify
    • Encrypt/Decrypt
    • SSL

    We have load TP certificate in IS Server Truststore List also.
    We are using webMethods 10.3.

    Our certificate setting are:

    • Content-Type: application/EDIFACT
    • Digest Algorithm: SHA-1
    • Encryption Algorithm: TripleDES
    • Request MDN: synchronousMDN
    • Request Signed Receipt: true
    • SMIME type: SignedAndEncrypted
    • watt.net.jsse.server.enabledProtocols=SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2

    The guy from TP “A” that support the system said that he loaded the certificates correctly on his side.
    He shared this setting as below:

    • Encryption Algorithm: 3DES
    • Signature Algorithm: SHA1
    • SSLEnabledProtocols: TLSv1.0, TLSv1.1 & TLSv1.2
    • Send Message Security: Sign and Encrypt
    • Send Message Security: Sign & Encrypt
    • MDN : Signed & Synchronous

    I found there is nothing wrong with their setting, but somehow the transactions from them still got error.
    I assumed there is no problem with our certificate since it is working well with other TPs.

    And because the error is too simple to troubleshoot,
    I have enabled for IS logging no:

    • 0006 (Server SSL Interface)
    • 0007 (Authorization)
    • 0009 (Certificate)
    • 0012 (Authentication)
      But nothing is captured related to above error.

    Any idea which logging that I need to enable so it will help me to troubleshoot?
    Or any idea on how to solve this issue?

    Appreciate any help.

    Thank you,
    Fanny T


    #webMethods
    #B2B-Integration
    #Integration-Server-and-ESB
    #edi


  • 2.  RE: TP send AS2 message, got error: processed/error: authentication-failed

    Posted Fri November 06, 2020 04:26 AM

    Please take a look at this EDIINT from MWS. If there is no payload on the Content tab like below. That means company A uses the wrong certificate to encrypt the payload and you can not decrypt it.


    #edi
    #webMethods
    #Integration-Server-and-ESB
    #B2B-Integration


  • 3.  RE: TP send AS2 message, got error: processed/error: authentication-failed

    Posted Fri November 06, 2020 04:47 AM

    Hello Rocky,

    Thanks for the suggestion. In MWS, EDIINT only contains “ediintdata”. There is no inputs and payloads.
    We are not able to decrypt the EDI contents.

    This is inside “ediintdata”, the rest message is scrambled word:

    Accept-Encoding: gzip, deflate
    Content-Length: 4749
    AS2-To: B_PROD
    AS2-From: A_PROD
    AS2-Version: 1.2
    EDIINT-Features: CEM, multiple-attachments, AS2-Reliability
    Date: Fri, 06 Nov 2020 03:56:04 GMT
    Message-Id: <B_PROD-20201104-213724848-AbuF@A_PROD_B_PROD>
    Disposition-Notification-To: request-mdn@none.org
    Disposition-Notification-Options: signed-receipt-protocol=optional, pkcs7-signature; signed-receipt-micalg=optional, sha1
    X-Powered-By: XXXXXX
    Mime-Version: 1.0
    Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=“smime.p7m”
    Content-Disposition: attachment; filename=“smime.p7m”

    I am totally agree with you may be the TP “A” uses the wrong certificate, but the question is how to prove to them that they are using the wrong certificate?
    They insisted that they installed the certificate correctly. :frowning:

    That’s why i am trying to increase the logging level. But still not able to capture meaningful error to troubleshoot.
    I will try to increase all under EDI_Module, hopefully it will works.

    I am open to any other suggestion.

    Thank you,
    Fanny T


    #B2B-Integration
    #Integration-Server-and-ESB
    #edi
    #webMethods


  • 4.  RE: TP send AS2 message, got error: processed/error: authentication-failed

    Posted Mon November 09, 2020 08:30 PM

    There are 3 steps like below:

    1. Double-check that the ca-certificates of this public certificate are put into truststore.
    2. May ask TP “A” to double-check the serial number of this public certificate.
    3. May also verify that your private key matches this public certificate by OpenSSL.

    #B2B-Integration
    #edi
    #webMethods
    #Integration-Server-and-ESB


  • 5.  RE: TP send AS2 message, got error: processed/error: authentication-failed

    Posted Tue November 10, 2020 11:35 PM

    Hi Rocky,

    Thanks for the answer.

    We have verified item #1 and #2. I can confirmed it is done and confirmed with TP “A”.

    However, could you advise on how to verify private key with OpenSSL?

    Thank you.

    Best Regards,
    Fanny T


    #webMethods
    #edi
    #Integration-Server-and-ESB
    #B2B-Integration


  • 6.  RE: TP send AS2 message, got error: processed/error: authentication-failed

    Posted Wed November 11, 2020 12:42 AM
    1. How to verify if a Private Key Matches a Certificate?

    refer to: How to verify if a Private Key Matches a Certificate?

    1. How to convert from .cer to .crt?

    openssl x509 -in server.cer -out server2.crt -inform DER


    #Integration-Server-and-ESB
    #webMethods
    #edi
    #B2B-Integration


  • 7.  RE: TP send AS2 message, got error: processed/error: authentication-failed

    Posted Wed November 11, 2020 04:42 AM

    Hi Rocky,

    Thanks for the information provided. Really helpful.

    Anyway, finally we managed to sort out the problem.
    TP “A” was putting “ Content-Type: text/plain ” in EDIINT setting which is causing the issue.
    Once they changed to “ Content-Type: application/EDIFACT ”, the transmission is successfully received.

    Thank you.

    Best Regards,
    Fanny T


    #B2B-Integration
    #edi
    #Integration-Server-and-ESB
    #webMethods


  • 8.  RE: TP send AS2 message, got error: processed/error: authentication-failed

    Posted Thu November 12, 2020 08:33 PM

    Hi Fanny,
    I am glad to hear good news. I made a test with “ Content-Type: text/plain” and got a positive MDN from a partner like below. I doubt that “ Content-Type: text/plain ” in the EDIINT setting which is causing the issue “authentication-failed”.


    #edi
    #Integration-Server-and-ESB
    #B2B-Integration
    #webMethods


  • 9.  RE: TP send AS2 message, got error: processed/error: authentication-failed

    Posted Mon November 16, 2020 07:46 PM

    Hi Rocky,

    Mmmm… interesting. But that what Partner told us.
    Anyway thanks for validating it. Really appreciate it.

    Best Regards,
    Fanny T


    #webMethods
    #Integration-Server-and-ESB
    #edi
    #B2B-Integration


  • 10.  RE: TP send AS2 message, got error: processed/error: authentication-failed

    Posted Wed November 11, 2020 01:46 PM

    Hi,

    be careful with these file extension as they do not always indicate the real file format.
    I.e. Windows is proposing cer extension for both formats (plain text/CER and binary/DER).

    You can check this by opening the file in doubt in a text editor.
    Plain text looks somewhat human readable and has two lines “BEGIN CERTIFICATE” and “END CERTIFICATE” in it.
    Binary format doesn´t look readable to humans.

    Regards,
    Holger


    #webMethods
    #edi
    #Integration-Server-and-ESB
    #B2B-Integration