Show TOC

Single Sign-On for Web ServicesLocate this document in the navigation structure


SAP NetWeaver enables you to configure several mechanisms to enable Single Sign-On (SSO) for Web service consumers and Web service providers. Web services support interoperable machine-to-machine interaction over a network, where a call to a Web service can pass through several intermediary Web service systems. Therefore, an external system can perform the actual user authentication for access to Web services. This means that the user can then consume a Web service with Single Sign-On.

Web service consumers and Web service providers of SAP NetWeaver use the Simple Object Access Protocol (SOAP) over HTTP for communication purposes. SAP NetWeaver thereby enables you to use SSO mechanisms to consume and provide Web services at the respective communication protocol levels.

  • Transport level authentication - the authentication information is transferred in the HTTP headers.

  • Document level authentication - the authentication information is transferred in the SOAP headers.

The Document authentication mechanisms are based on the WS-Security standard v1.0 (WS-Security 2004) or Web Services Security v1.1, developed by the Organization for the Advancement of Structured Information Standards (OASIS).


You can use Web services to enable system communication independently of the underlying technology stack. In addition, Web services enable communication over the Internet standard HTTP protocol, which enables you to exchange information among systems independently of their underlying programming language and using the standards based communication channels of the Internet.

The WS-Security standard for WS communication is a security standard for SOAP messages that does not rely on the security mechanisms available for the HTTP protocol. With WS-Security, you can transfer the user authentication and SSO information between the Web service consumer and Web service provider at document level in XML format. In addition, WS-Security enables you to use additional document level security and authentication mechanisms such as digital XML signatures, XML encryption, time stamps, and security tokens. These document level authentication options enable you to adapt authentication and SSO to the specific requirements for using Web services.


The configuration steps required for enabling authentication and SSO for WS depend on which underlying SAP NetWeaver technology platform you use.