Security Settings for the Sender SOAP Adapter

If you assign a communication channel in the Integration Server or

PCK with adapter type

SOAP Adapter thenyou can specify security settings on the basis of which the SOAP body is verified.

The security configuration is largely the same as the security configuration for the sender XI adapter. In addition, you can specify the standard to be used for verifying the SOAP message.

Prerequisites

The Message Security checkbox is selected in the assigned communication channel.

Features

In the Security Settings frame, you specify the following information:

Security Settings Defined by OASIS Web Service Security

If Web Services Security is selected in the Security Profile field for the communication channel used, you can make the following settings:

Security Standard and Security Procedure

Field	Meaning
Security Standard	Specify the security standard to be used to verify the message. The security standard is defined by the OASIS Web Service Security version. The namespace that you select in the dropdown list box identifies the schema of the SOAP security header corresponding to the respective security standard. You can choose between the following two schemas: `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd` and `http://schemas.xmlsoap.org/ws/2002/07/secext`. Caution The default value `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd` is suitable for standard cases. Only select the other value in the special cases for which it is intended. If you want to use the standard `http://schemas.xmlsoap.org/ws/2002/07/secext`, see SAP Note `769653`. End of the caution. Note For more information about OASIS Web Service Security, see `http://www.oasis-open.org`. End of the note.
Security Procedure for Request Message	Specify the required security procedure for the request message. You have the following options: Do Not Use Security Procedure Decrypt Validate Decrypt and Validate Note that security procedures must be applied to the message in the following sequence: Decrypt Validate
Security Procedure for Response Message	Specify the required security procedure for the response message. You have the following options: Do Not Use Security Procedure Sign Encrypt Sign and Encrypt Note that security procedures must be applied to the message in the following sequence: Sign Encrypt Determining a security procedure for the response message is particularly useful in synchronous communication. If an empty response message is returned in synchronous communication, you receive a message that the data could not be decrypted.

Field

Meaning

Security Standard

Specify the security standard to be used to verify the message. The security standard is defined by the OASIS Web Service Security version.

The namespace that you select in the dropdown list box identifies the schema of the SOAP security header corresponding to the respective security standard.

You can choose between the following two schemas:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd and http://schemas.xmlsoap.org/ws/2002/07/secext.

Caution Caution

The default value http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd is suitable for standard cases. Only select the other value in the special cases for which it is intended. If you want to use the standard http://schemas.xmlsoap.org/ws/2002/07/secext, see SAP Note 769653.

End of the caution.

Note Note

For more information about OASIS Web Service Security, see http://www.oasis-open.org.

End of the note.

Security Procedure for Request Message

Specify the required security procedure for the request message.

You have the following options:

Do Not Use Security Procedure
Decrypt
Validate
Decrypt and Validate
Note that security procedures must be applied to the message in the following sequence:
1. Decrypt
2. Validate

Security Procedure for Response Message

Specify the required security procedure for the response message.

You have the following options:

Do Not Use Security Procedure
Sign
Encrypt
Sign and Encrypt
Note that security procedures must be applied to the message in the following sequence:
1. Sign
2. Encrypt
  Determining a security procedure for the response message is particularly useful in synchronous communication. If an empty response message is returned in synchronous communication, you receive a message that the data could not be decrypted.

Special Security Settings for Decryption and Validation

Issuer

If you have selected the Decrypt or Validate security procedure, or both, you must specify these fields.

These fields have the same meaning as in the security configuration for the sender XI adapter.

When using the sender SOAP adapter, the SOAP body is validated and decrypted.

Holder

Keystore

Special Security Settings for Signing and Encryption

Keystore

If you have selected the Sign or Encrypt security procedure, or both, you must specify these fields.

This field has the same meaning as in the security configuration of the receiver XI adapter.

Keystore entry

Security Settings for Time Stamp and Expiry Date of Signature

You can specify that signed messages are only to be processed when they are delivered within a particular time interval (based on the time of the signature).

Note Note

The element wsu:Timestamp (wsu = Web Services Security Utility) is used to specify the signature time (timestamp) in the message. For more information, see the specification for SOAP message security at http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.

End of the note.

The sender can explicitly specify an expiry date for the signature in the message.

In addition, you specify a validity period in the sender agreement, within which the delivery of a message is accepted (based on the time stamp).

Since it is optional to specify the expiry date in the message, the following cases are possible for determining the time interval within which the message is to be delivered if it is to be further processed.

Case 1: Case 1: Validity period only is specified (in the sender agreement):
Since an expiry date is not specified in the message, the message must be delivered within the validity period that you specified (based on the time stamp). Otherwise further processing does not take place and an error message is sent to the sender.
Case 2: Expiry date specified (in the message) and validity period specified (in the sender agreement):
When a message arrives, both the expiry date in the message and the validity period in the sender agreement are checked. The message must be delivered within the shorter of the two time intervals. The following figure illustrates a case where the expiry date specified in the message is reached before the date or time calculated by adding the time stamp and the validity period.

The following input fields are available to make these settings (Expiry Date for Signature frame).

Checkbox/Field	Meaning
Check Time Stamp	If this checkbox is set, the time stamp for the signature specified in the message is checked when the message arrives.
Validity Period	In this field, you specify the validity period of the signature (in seconds).

Security Settings Defined by S/MIME

If S/MIME is selected in the Security Profile field for the communication channel used, you can make the settings described under Security Settings for the Sender Mail Adapter.