If you assign a communication channel in the Integration Server or
PCK with adapter type
SOAP Adapter thenyou can specify security settings on the basis of which the SOAP body is verified.
The security configuration is largely the same as the security configuration for the sender XI adapter. In addition, you can specify the standard to be used for verifying the SOAP message.
The Message Security checkbox is selected in the assigned communication channel.
In the Security Settings frame, you specify the following information:
If Web Services Security is selected in the Security Profile field for the communication channel used, you can make the following settings:
Security Standard and Security Procedure
Field |
Meaning |
---|---|
Security Standard |
Specify the security standard to be used to verify the message. The security standard is defined by the OASIS Web Service Security version. The namespace that you select in the dropdown list box identifies the schema of the SOAP security header corresponding to the respective security standard. You can choose between the following two schemas: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd and http://schemas.xmlsoap.org/ws/2002/07/secext. Caution The default value http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd is suitable for standard cases. Only select the other value in the special cases for which it is intended. If you want to use the standard http://schemas.xmlsoap.org/ws/2002/07/secext, see SAP Note 769653. End of the caution. Note For more information about OASIS Web Service Security, see http://www.oasis-open.org. End of the note. |
Security Procedure for Request Message |
Specify the required security procedure for the request message. You have the following options:
|
Security Procedure for Response Message |
Specify the required security procedure for the response message. You have the following options:
|
Special Security Settings for Decryption and Validation
Issuer |
If you have selected the Decrypt or Validate security procedure, or both, you must specify these fields. These fields have the same meaning as in the security configuration for the sender XI adapter. When using the sender SOAP adapter, the SOAP body is validated and decrypted. |
Holder |
|
Keystore |
Special Security Settings for Signing and Encryption
Keystore |
If you have selected the Sign or Encrypt security procedure, or both, you must specify these fields. This field has the same meaning as in the security configuration of the receiver XI adapter. |
Keystore entry |
You can specify that signed messages are only to be processed when they are delivered within a particular time interval (based on the time of the signature).
Note
The element wsu:Timestamp (wsu = Web Services Security Utility) is used to specify the signature time (timestamp) in the message. For more information, see the specification for SOAP message security at http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.
The sender can explicitly specify an expiry date for the signature in the message.
In addition, you specify a validity period in the sender agreement, within which the delivery of a message is accepted (based on the time stamp).
Since it is optional to specify the expiry date in the message, the following cases are possible for determining the time interval within which the message is to be delivered if it is to be further processed.
Case 1: Case 1: Validity period only is specified (in the sender agreement):
Since an expiry date is not specified in the message, the message must be delivered within the validity period that you specified (based on the time stamp). Otherwise further processing does not take place and an error message is sent to the sender.
Case 2: Expiry date specified (in the message) and validity period specified (in the sender agreement):
When a message arrives, both the expiry date in the message and the validity period in the sender agreement are checked. The message must be delivered within the shorter of the two time intervals. The following figure illustrates a case where the expiry date specified in the message is reached before the date or time calculated by adding the time stamp and the validity period.
The following input fields are available to make these settings (Expiry Date for Signature frame).
Checkbox/Field |
Meaning |
---|---|
Check Time Stamp |
If this checkbox is set, the time stamp for the signature specified in the message is checked when the message arrives. |
Validity Period |
In this field, you specify the validity period of the signature (in seconds). |
If S/MIME is selected in the Security Profile field for the communication channel used, you can make the settings described under Security Settings for the Sender Mail Adapter.