3543952 - Web Service Does Not Return Any Value

When using web service ManagePurchaseOrderMaintainBundle, it returns zero values in the log even though there are expected results. 

SAP Business ByDesign

The first step is to download the WSDL file: 

1. Go to Application and User Management work center. 
2. Go to Service Explorer view.
3. Select 'Read purchase order'.
4. Click in 'Download WSDL' button.

WSDL was downloaded. 

Second step in the tool SOAP UI: 

1. Open SOAP UI.
2. In File, select 'New SOAP Project'. 
3. In Initial WSDL, impost WSDL downloaded before. 
4. Expand 'binding'. 
5. Expand ManagePurchaseOrderMaintainBundle. 
6. Double click in Request1. 
7. Insert the payload. 
8. Add the user in 'Auth section'.
9. Click in the green icon (Submit request). 

The response is: 

<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
   <soap-env:Header/>
   <soap-env:Body>
      <n0:PurchaseOrderByIDResponse_sync xmlns:n0="http://sap.com/xi/SAPGlobal20/Global" xmlns:prx="urn:sap.com:proxy:ABC">
         <Log/>
      </n0:PurchaseOrderByIDResponse_sync>
   </soap-env:Body>
</soap-env:Envelope>

(ABC is the value given by SOAP UI and is specific for each run.)

It was expected that the Response would a payload with all the details of the Purchase Order. 

The tag below is being used in the payload:

<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/> 

This tag is related to WS-Security, which is a standard for securing SOAP messages. The <wsse:Security> tag is used to include security information, such as authentication (username and password), tokens, or digital signatures, in the SOAP message. The attribute soap:mustUnderstand="1" means that the SOAP processor receiving this message must understand and process the security defined in this tag. If the processor does not understand it, it must return an error.

The possible reasons that the query didn't return any results are:

Cause 1: Authentication or permission issues:

• When the <wsse:Security> tag is added, it may be providing credentials (such as security tokens or passwords). If the authentication is invalid or the server cannot process the credentials correctly, the request might fail, resulting in an empty response or an error.
• Make sure it is being maintained the correct credentials in the security header (such as <wsse:UsernameToken> or other authentication elements).

Cause 2: The server is not configured to understand the security:

• The soap:mustUnderstand="1" attribute means that the server receiving the request must be able to understand the security header. If the server is not properly configured to handle these headers, or if it cannot process the security, it may ignore the request or return an error.
• This could cause the response to be empty or an error, depending on the server's implementation.

Cause 3: Interference with the request:

• Using the security tag may interfere with how the request is handled by the server. If the security is incorrectly configured or if the payload is improperly formatted, the server might discard the request or return an unexpected response, such as an empty result set.
• In some cases, the server may return zero results as a way of "not processing" the request when it detects something wrong with the security.

Please check if one of the resolutions below is applicable to the scenario: 

Resolution 1: Check the server logs

• If possible, check the logs of the server receiving the request. There may be error or warning messages indicating that the security header was not processed correctly.

Resolution 2: Test without the security tag

• Try removing the <wsse:Security> tag and see if the query returns results. This will help confirm if the issue is related to security or something else in the request.

Resolution 3: Verify security parameters

• If the security header includes information such as an authentication token or username and password, ensure that these details are correct and match what the server expects.

Resolution 4: Validate the security configuration

• If the user has access to the service's documentation or configuration, check if the WS-Security header is being implemented correctly and if the server is prepared to handle the credentials being provided.

ManagePurchaseOrderMaintainBundle, WSDL, SOAP, Payload, WS-Security , KBA , AP-POP-PO , Purchase Order , How To