M3 Web Services from Infor Process Automation

In order to securely call Infor M3 Web Services (MWS) from Infor Process Automation (IPA) we need to import the Infor Grid’s certificate in IPA’s Java truststore; here is how.

MWS authentication

MWS works with SOAP over HTTP over SSL/TLS with the digital certificate of the Infor Grid.

The Infor Grid router for MWS must have Basic authentication enabled over HTTPS (secure) and have all authentication disabled over HTTP (insecure); you can check in the Infor Grid > Configuration Manager > Routers > Default Router:
1.8

MWS from IPA

In the IPA Configuration > Web Service Connection, we set the Basic authentication with the M3 user and password:
3.6

In Infor Process Designer (IPD), we use the SOAP Web Service activity node to the HTTPS URL of MWS:
3.1

Tip: un-hard-code the scheme://host:port and replace it by a variable <!_configuration.main.MWS> to define.

Problem

When we execute the process we get the following exception:

com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

That is because IPA does not know the Infor Grid certificate.

The IPA Configuration for the Web Service Connection does not have settings for an explicit truststore. Instead, IPA implicitly relies on the JVM’s truststore; let’s set it up.

Step 1. Infor Grid certificate

Get the Infor Grid certificate file. It is a signed public key that you can get for example from the main Grid Information at something like https∶//host123.local:26108/grid/info.html
3.2  

Note: Preferably get the certificate of the root CA as it usually signs the certificates for all environments (DEV, TST, PRD, etc.).

Step 2. IPA server truststore

Check the path of the IPA server’s JVM as given in the Landmark Grid > Landmark-LM Application > Configuration > Properties > Java executable:
2.5

Import the certificate into that JVM’s truststore using the Java keytool:

keytool -import -keystore lib\security\cacerts -file grid.cer

3.5

Note: I may have mixed up the keystore and the truststore in the command; to be verified.

Step 3. IPD truststore

The path to the Infor Process Designer (IPD) JVM is given by the IPDesigner.ini file:
3.7 3.8

Import the certificate into that JVM’s truststore as well.

Step 4. Test

Now execute the process. The Web Service activity node should not throw that exception anymore.

Notes

If you have a certificate purchased from a certificate authority that is already trusted by the JVM, such as VeriSign, this setup is not necessary.

That’s it. Let me know what you think in the comments below.

Published by

thibaudatwork

M3 Technical Consultant

5 thoughts on “M3 Web Services from Infor Process Automation”

  1. Hi,

    Sorry if I have to ask here. I work in Infor PSSC Inc. in Manila. Currently I’m working on an IPA design which creates an approval for purchase orders. I’ve got a lot of transactions going on and one of the SQL Query I have is acting up. When I go to the next available object(either assign, branch or message builder) I try to find the variables available by pressing control+space the variables for that SQL Query shows up. However when I try looking it up on the next object it won’t show up. I then typed it all by myself instead of using control+space. However, it just won’t recognize the item as an existing object. It says “Error evaluating expression”. I know this because I tried to show the variable using a message builder. I can send you the logs if you want.

    Thanks for your help.

    Like

    1. Kumusta Dominador,

      That is strange, the variables of a node should propagate to each following node, adding up to a longer and longer list of variables after each node.

      If you don’t see the variables on a node perhaps a connection (arrow) is missing to that node.

      If you get “Error evaluating expression” there is probably something wrong with your variable name or a JavaScript expression somewhere.

      Also, the SQL Query node has a bug in that it parses the SQL incorrectly, for example a node Query with SELECT OKCONO FROM OCUSMA will correctly show variable Query_OKCONO in the list, but SELECT OKCONO AS “Customer” FROM OCUSMA will incorrectly parse as variable Query_OKCONO AS “Customer” which is incorrect.

      Also, there is a quirk with IPA transient variables which details I always forget. After certain activity nodes the variables are lost from memory and their value is no longer available, even though they still show up in the list. For example after the UserAction node every value not saved in an Assign activity node will be lost, I think it will return undefined. Something like that.

      Sorry I can’t help you much in this case.

      Send me your ipd file and logs. My email address is on my webpage thibaudlopez.net.

      Thibaud

      Like

  2. In IPA, each process has a configuration drop-down to specify which configuration set to point to. Is there a way to specify the configuration at run-time? For example, I need to create 2 configuration sets for web services (and M3 API) because sometimes I need to connect with userA and other times with userB.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s