Web service clients can authenticate themselves either by using the authentication mechanisms provided by the HTTP protocol such as HTTP Basic authentication, or by adding a security token to the WS Security header. Depending on the authentication mechanism, different authentication options are available.
Authentication mechanisms: |
Effect: |
None |
Web service client is not authenticated. |
Transport Authentication |
The Web service client is authenticated using data supplied in the HTTP header or by the SSL protocol. · Basic Authentication (Username/Password) Authenticates the caller based on a username and password in the HTTP header. This option is supported for HTTP and HTTPS. · Strong Authentication (X.509 Client Certificate) Authenticates the caller using SSL mutual authentication. The caller must provide an SSL client certificate (see: Using Client Certificates for User Authentication). For further information refer to Configuring Transport Authentication. |
Document Authentication |
The Web service client is authenticated using the security token included in the WS Security header. · Basic Authentication (Username/Password) Authenticates the caller based on a username and password in the WS Security SOAP header. · Strong Authentication (X.509 Client Certificate) Authenticates the caller based on a digital signature over the SOAP:Body and a timestamp element.
Document authentication supports the transport protocols HTTP and HTTPS. The authentication of standalone proxies is not supported. For further information refer to Configuring Document Authentication. |
You can refer to the following web services security tutorials available on the SAP Developer Network Web site:
Authentication of a WS Client Using a SAP Logon Ticket
Authentication of a Web Service Client via Certificate
Authentication of a Web Service Client with User-Password Request
Creating a User Authentication Using Logon Tickets
Creating a User Authentication for a Java Web Service Using a Certificate