Show TOC

Deploy Security ArtifactsLocate this document in the navigation structure

Use the Security Artifacts tab to deploy the security artifacts required to connect to the sender and receiver channels. Security artifacts are maintained by an administrator to make an artifact available at runtime.

Prerequisites

  • You need the SAP_XI_ADMINISTRATOR role to deploy security artifacts. For more information, see Roles.

  • Make a note of the alias names of the sender and receiver channels configured in the integration flow in the Web UI.
.

Procedure

  1. In the Cloud Integration Content Management Cockpit, choose Start of the navigation path Security Artifacts Next navigation step Deploy End of the navigation path.
  2. Select the security artifact type that you want to deploy (from the list below) and enter the appropriate information:
    Note

    • The Keystore artifact type must be deployed using SAP NetWeaver Administrator. igw_default_keystore is the key store view created for Integration Gateway. Go to SAP NetWeaver Administrator at http://[host]:[port]/nwa, choose Start of the navigation path Configuration Next navigation step Certificate and Keys End of the navigation path and deploy igw_default_keystore using Import Entries From File option or Import Entry option.

    • Import trust certificates into the trust store by using SAP NetWeaver Administrator. For more information, see Importing Trust Certificates into the Trust Store.

    Note

    All fields marked with '*' are mandatory.

    • The <Known Host (SSH)> artifact specifies the known_hosts file that is used when configuring secure connectivity based on the SSH File Transfer Protocol (SFTP). It contains the public keys and addresses of the “trusted” SFTP servers. The client checks whether the server is a trusted participant by evaluating a known_hosts file on the client side: If the server's public key is listed there, the identity of the server is confirmed.
      Table 1: Known Host (SSH)
      Field Description
      Artifact Type Select Known Host (SSH).
      File Browse to the known host file.
    • The <OAuth2 Authentication> artifact is used by Web servers for authorization purposes. This artifact contains the OAuth login URL to connect to the service provider. The client ID and client secret verify the identity of the client.
      Table 2: OAuth2 Authentication
      Field Description
      Artifact Type Select OAuth2 Authentication.
      Type This field is prefilled with the option 'Default'.
      Grant Type This field is prefilled with the option 'client_credentials'.
      Name Name of the artifact you want to deploy.
      Note

      The name must be the same as the alias name of the sender or receiver channel you are deploying.
      Description A description of the artifact being deployed.
      Authentication URL URL to authenticate the OAuth 2.0 artifact.
      Client ID ID of the client you are connecting to.
      Client Secret Secret key of the client you are connecting to.
      Scope Access rights you are requesting from the service provider.
    • The <PGP Public Keyring> artifact contains the public key that enables the tenant to encrypt or verify messages using the Pretty Good Privacy (PGP) standard.
      Table 3: PGP Public Keyring
      Field Description
      Artifact Type Select PGP Public Keyring.
      File

      Browse to the PGP public keyring file.
    • The <PGP Secret Keyring> artifact contains the public and private key pair for the usage of Open Pretty Good Privacy (PGP). The private key enables the tenant to decrypt or sign messages.
      Table 4: PGP Secret Keyring
      Field Description
      Artifact Type Select PGP Secret Keyring.
      File

      Browse to the PGP secret keyring file.
      Passphrase

      The password of the PGP secret keyring.
    • The <User Credentials> artifact specifies the user and password for basic authentication.
      Table 5: User Credentials
      Field Description
      Artifact Type Select User Credentials.
      Type Select the type of user credential: either Default or SuccessFactors.
      Name Name of the artifact you want to deploy.
      Note

      The name must be the same as the alias name of the sender or receiver channel you are deploying.
      Description A description of the artifact being deployed.
      User The user that calls the receiver system.
      Password The password to authenticate the user.
      Confirm Password Confirm the password.
      Company ID (Applicable only for the SuccessFactors user credential type) The client instance to connect to the SuccessFactors system.
  3. Choose Save.
    Note

    You can undeploy the security artificats. Choose the artifact deployed and click Undeploy.

Related Information