Show TOC

Using Message Level AuthenticationLocate this document in the navigation structure


When you use authentication at message level for Web service accesses, the authentication data of the WS consumer is transported in the SOAP header of the SOAP envelope, using authentication token profiles. SAP NetWeaver enables you to use the following WS Security token profiles:

  • User name token

  • X.509 certificate token

  • SAML token

In addition, SAP NetWeaver enables you to enable WS specific security and authentication mechanisms, such as XML encryption, XML signatures, Message Aging and WS SecureConversation.


Message level authentication enables the use of authentication mechanisms that are specific to the communication patterns for WS. The authentication mechanisms for WS that are supported by SAP NetWeaver enable you to authenticate access with SSO and protect a specific security element for the WS authentication.

For example, by using XML signatures, you can guarantee the non-repudiation and integrity of the SOAP message used for the WS communication, but not its confidentiality. Confidentiality is ensured by using XML encryption.

The underlying technology stacks of SAP NetWeaver enable you to use different document-level authentication mechanisms. Respectively, the configuration steps for enabling a specific mechanism depend on the underlying technology stack.