Function documentationSingle Sign-On for Web Services Locate this document in the navigation structure

 

SAP NetWeaver enables you to configure several mechanisms to enable Single Sign-On (SSO) for Web service consumers and Web service providers. Web services (WS) support interoperable machine-to-machine interaction over a network, where a call to a WS can pass through several WS intermediary systems. Therefore, for WS access the actual user authentication can be performed by an external system, which then enables the user to consume a WS with SSO.

Web service consumers and Web service providers of SAP NetWeaver use the Simple Object Access Protocol (SOAP) over HTTP for communication purposes. SAP NetWeaver thereby enables you to use SSO mechanisms for Web service consumers and Web service providers at the respective communication protocol levels.

  • Transport level authentication - the authentication information is transferred in the HTTP headers.

  • Document level authentication - the authentication information is transferred in the SOAP headers.

Document level authentication mechanisms are based on the WS-Security standard 1.0 (WS-Security 2004) and 1.1, developed by the Organization for the Advancement of Structured Information Standards (OASIS).

Integration

You can use Web services to enable system communication independently of the underlying technology stack. In addition, Web services enable communication over the Internet standard HTTP protocol, which enables you to exchange information among systems independently of their underlying programming language and using the standards based communication channels of the Internet.

The WS-Security standard for WS communication is a security standard for SOAP messages that does not rely on the security mechanisms available for the HTTP protocol. With WS-Security, you can transfer the user authentication and SSO information between the Web service consumer and Web service provider at document level in XML format. In addition, WS-Security enables you to use additional document level security and authentication mechanisms such as digital XML signatures, XML encryption, time stamps, and security tokens. These document level authentication options enable you to adapt authentication and SSO to the specific requirements for using Web services.

Features

The configuration steps required for enabling authentication and SSO for WS depend on which underlying SAP NetWeaver technology platform you use.