Show TOC

Using Transport Level AuthenticationLocate this document in the navigation structure


For SAP NetWeaver Application Server Java and AS ABAP, you can use transport-level authentication and Single Sign-On (SSO) for Web services (WS) with a user ID and password, X.509 certificates, or authentication assertion tickets. You use the Web-based SAP NetWeaver Administrator (NWA) tool to configure both the AS ABAP and AS Java for using a transport level authentication mechanism.


For Single Sign-On for Web services with authentication assertion tickets, the WS consumer must be configured to issue logon tickets. The WS provider requires a trust relationship to the issuer to accept the ticket.

To use authentication with X.509 certificates, you have to enable the use of cryptographic functions for the AS ABAP or AS Java system. For more information, see Digital Signatures and Encryption .


When using transport level WS SSO, the AS ABAP and AS Java use standard HTTP authentication mechanisms. The SSO mechanisms for access to the Web services are enabled by the AS ABAP and AS Java components that enable Web-based authentication. Authentication data for authentication with user ID and password and authentication assertion tickets is transported in the HTTP header. X.509 certificate authentication uses the underlying SSL security protocol over HTTP to perform the authentication.

To set up an SSO mechanism at transport level for the AS ABAP and the AS Java, use the Web-based SAP NetWeaver Administrator (NWA) tool. You can access the WS configuration functions for providing and consuming Web services there through the following path: Start of the navigation path SOA Management Next navigation step Application and Scenario Communication Next navigation step Single Service Administration End of the navigation path

The configuration options allow you to use several transport layer authentication mechanisms simultaneously, for example user authentication with user ID and password over HTTPS or SSO with assertion authentication tickets. If you are using X.509 certificate authentication over HTTPS you can also enable mutual authentication, where both the WS consumer and WS provider authenticate with X.509 certificates using the SSL security protocol.