Runtime Configuration with the SOA Manager
You can configure security settings for the service provider and service consumer for the runtime of Web services.
Settings
You perform pre-settings for this purpose during Web service design in the AS ABAP development environment. You will find pre-settings for Web Services in the SOA Manager (Transaction SOAMANAGER) under 
Application and Scenario Administration
Administration of Individual Services 
for services and consumer proxies in the tab page called Details.
Security Settings
In the runtime configuration, you can configure service providers individually or together using profiles. Not all security settings are available when using profiles.
-
Transport Guarantee
-
HTTPS
HTTP communication that is secured with SSL (Secure Sockets Layer)
More information: Configuring the AS ABAP for Supporting SSL
-
Signature and Encryption
Messages are secured with an XML signature and XML encryption with symmetric or asymmetrical keys.
More information: WS Security XML Signature/Encryption
-
Secure Conversation
Messages are secured with a pre-defined symmetrical key. The key is re-used in further calls.
More information: WS SecureConversation
-
External Signature and Header Protection
You can activate the functions signature confirmation, signature encryption, and header encryption.
More information: Enhanced Protection for Signature and Header
-
-
HTTP Authentication
The authentication information is found in the HTTP header.
User Name/Password (Basic)
-
X.509 Certificate
Authentication with an X.509 certificate.
-
Logon Ticket
Authentication with an SAP Assertion Ticket.
More information: HTTP Transport Level Authentication
-
Message Authentication
The authentication information is found in the SOAP header.
More information: Using Message Level Authentication
-
User Name/Password (Basic)
Authentication with WS Security UsernameToken
More information: WS Security UsernameToken
-
X.509 Certificate
Authentication with a signed SOAP message, user authentication by certificate
More information: WS Security XML Signature/Encryption
-
Single Sign-on using SAML 1.1
Authentication with a signed SAML 1.1 Assertion
More information: SAML Token Profile
To use an external security token service to receive or request a SAML 1.1 token, select a Token Issuer.
More information: Single Sign-On with an External Security Token Service
-
You choose one of the predefined security settings during the runtime configuration for the service consumer.
Recommended WS Security Scenarios
SAP has put together recommendations for you on combining authentication and transport guarantee mechanisms. You can also get information on what prerequisites you have to fulfill to implement the scenario in your systems.
More information: Recommended WS Security Scenarios
Configuration Examples for AS ABAP
More information about secure Web services scenarios: Configuration Examples for AS ABAP
Related Content
The following content is not part of SAP product documentation. For more information, see the following
disclaimer
.
