If you are using one of the following SSO/STS scenarios, the following prerequisites must be fulfilled.
STS Scenario with Symmetric Key for Endorsing Signature (Authentication Only)
STS Scenario with Asymmetirc Consumer Key for Endorsing Signature (Authentication Only)
Messages between the WS consumer and WS provider are secured, either at transport level with the Secure Sockets Layer protocol (HTTPS) or at message level (symmetric message encryption/signature). With symmetric message encryption, you need to import the encryption certificate of the provider (which is in the Trust Manager in the PSE WS Security Keys, under Own Certificate) into the consumer.
Keep in mind the following when assigning users:
If the element saml:Assertion/saml:Subject/saml:NameIdentifier contains the SAP user name, you can use the program RSUSREXT (for example, with transaction SE38) to assign all users, or a subgroup of users.
If the SAP user name is not in the saml:Assertion/saml:Subject/saml:NameIdentifier element, refer to SAP Note 1254821 .
SAP Cryptographic Library 1.555.28 or higher is installed in the WS provider system.
You can check the version of the library in the Trust Manager (transaction STRUST). To do this, choose .
The installation package for the SAP Cryptographic Library is available to authorized customers on the SAP Service Marketplace (http://service.sap.com/swdc) under .
You have called the program WSS_SETUP once in the WS provider to activate message authentication (that is, SAML authentication, X.509 authentication with XML-signature, UsernameToken).
More information about WSS_SETUP: Message-Based Authentication with WS-Security.
The external Security Token Service (STS) has been configured in your system landscape and you have its data and signature certificate.
You have decided which SSO/STS Scenario to use.
This procedure provides a detailed sequence of all of the necessary steps that you need to perform in the AS ABAP WS provider. This example uses the SOA Manager individual configuration.