Show TOC

Configuring SSO/STS Scenario SAML Holder-of-key in the WS Consumer AS ABAPLocate this document in the navigation structure

Prerequisites

  • You have released the scenario, as described in SAP Note 1320198 Information published on SAP site.

    If you are using one of the following SSO/STS scenarios, the following prerequisites must be fulfilled.

    • STS Scenario with Symmetric Key for Endorsing Signature (Authentication Only)

    • STS Scenario with Asymmetirc Consumer Key for Endorsing Signature (Authentication Only)

    Messages between the WS provider and WS consumer are secured, either at transport level with the Secure Sockets Layer protocol (HTTPS) or at message level (symmetric message encryption/signature). In the case of symmetric message encryption, you need to import the encryption certificate of the provider into the PSE WSSCRT in the Trust Manager of the consumer.

  • You have received the WSDL document of the provider that you require to configure the consumer.

  • You have the STS data, in particular, the STS URL and the STS MEX URL.

Context

This procedure provides a detailed sequence of all of the necessary steps that you need to perform in the WS consumer. This example uses the SOA Manager individual configuration.

Procedure

  1. Create the logical port for the connection to STS.
    1. In the SOA Manager of the WS consumer, on the Business Administration tab page, choose the Web Service Administration link.

      1. Find the consumer proxy that is to be used to access the service end point, and for which you want to define a logical port.

        Internal Name: CO_WSSESECURITY_TOKEN_SERVICE, External Name: SecurityTokenServiceIn.

      2. Select the consumer proxy in the list of search results and choose Apply Selection.

      3. On the Configurations tab page, choose the Create Log. Port button.

      4. Specify the following in the dialog box:

        • The name of the new service

        • The name of the logical port and its description

        • For configuration type, select the Meta Data Exchange Protocol radio button

        • The STS MEX URL

          Note

          Use HTTP or HTTPS in the URL, depending on whether you have configured SSL for the connection between STS and the WS consumer.

        • The STS endpoint URL

          Note

          You can only use this URL for one logical port. The logical port set up with the URL is available for all WS consumer configurations.

        • The MEX access user that you specified in STS

        • The MEX user password that you specified in STS

        • Choose the Copy settings button.

      5. Scroll down.

      6. If necessary, in the Encryption Certificate field, enter the STS encryption certificate that you previously imported into the PSE WSSCRT of the WS consumer with transaction STRUST.

      7. If necessary, in the Signature Certificate field, enter the signature certificate of the WS consumer that you previously created in the PSE WSSKEY of the WS consumer with transaction STRUST.

      8. Save your entries.

  2. Create the logical port for the connection to the WS provider. If errors occur because no logical port has been created for STS, refer to SAP Note 1319507 Information published on SAP site (section 2.b).
    1. In the SOA Manager of the WS consumer, on the Business Administration tab page, choose the Web Service Administration link.

      1. Find the consumer proxy that is to be used to access the service end point, and for which you want to define a logical port.

      2. Select the consumer proxy in the list of search results and choose Apply Selection.

      3. On the Configurations tab page, choose the Create Log. Port button.

      4. Specify the following in the dialog box:

        • The name of the new service

        • The name of the logical port and its description

        • For configuration type, select the WSDL-Based Configuration button

        • Under WSDL access settings, select the Via HTTP Access radio button

        • Under WSDL location, copy the URL that you called for the WSDL document in the WS provider to the field URL for WSDL Access:.

        • WSDL access user: the same user as in the WS provider

        • WSDL access user password: the same password as in the WS provider

        • Choose the Copy settings button.

      5. Scroll down.

      6. In the Encryption Certificate field, specify the encryption certificate of the provider that you imported above.

      7. Save your entries.