Show TOC

Background documentationAuthentication for Web Services Locate this document in the navigation structure

 

HTTP Authentication or Message Authentication

Web service clients can authenticate themselves either by using the authentication mechanisms provided by the HTTP protocol such as basic authentication, or by adding a security token to the WS Security header. Depending on the authentication mechanism, different authentication options are available.

  • Default at runtime: strong

    The following alternatives are available in the runtime configuration:

    • HTTP Authentication

      • X.509 Client Certificate

      • Logon Ticket

    Alternatively:

    • Message Authentication

      • X.509 Client Certificate

      • SAML Assertion

  • Default at design time: Basic

    In addition to the options listed under Strong, you must also choose one of the following security measures:

    • HTTP Authentication

      • User ID/Password

      Alternatively:

    • Message Authentication

      • User ID/Password

  • Default at design time: None

    You can select from any of the security measures, or you can choose to not make any security settings at all.

Design of Web Services in the AS ABAP

In the ABAP application server, you provide specifications for the authentication level when designing Web services.

For strong authentication, specify security level High. For basic authentication, specify security level Medium or Low.

More information: Creating a Service Definition

Delayed Logon to Internet Communication Framework (ICF) on AS ABAP

The Internet Communication Framework requires a logon. If you perform your logon using a WS security user name token, a user switch will be executed in SOAP runtime.

For this purpose, the service user DELAY_LOGON is used. Do not assign any roles or profiles to this user.

Runtime Configuration for ABAP Web Services in SOA Manager

You find pre-settings for Web Services in the SOA Manager (Transaction SOAMANAGER) under   Service Administration   Single Service Administration   for services and consumer proxies in the tab page Details.

Settings for Web Services:

  • For Services in SOA Manager under   Service Administration   Single Service Administration   on tab page Configuration and under Provider Security.

  • For Consumer Proxies in SOA Manager under   Service Administration   Single Service Administration   on tab page Configurations on tab page Consumer Security.

  • For groups of services under   Technical Administration   Profile Management  .

  • For simplified service administration under   Service Administration   Simplified Service Administration  

Possible Entries

  • For strong authentication, choose either HTTP Authentication, Message Authentication X.509 Client Certificate, or Logon Ticket.

  • To set basic authentication, choose UserID/Password either for HTTP Authentication or Message Authentication.