To activate SSL for a Web Service, perform the following steps:
HTTP Basic |
In the ICF node, choose Standard under Logon Procedure. |
X.509 client certificates through SSL |
In the ICF node, choose Oblig. via Client Cert. (SSL) under Logon Procedure. |
A WS Security header is created for the request and response message of a Web service in order to provide authentication data such as a wsse:user name element or an XML signature.
To activate document security, create security profiles on the basis of templates. Assign these security profiles to the Web service operations.
Proceed as follows:
...
1. Call transaction WSSPROFILE.
2. Enter the name of the profile and choose Create.
3. In the following dialog box, choose a template for the security profile using the input help.
You can use profiles with a digital signature only if you have started a J2EE Engine on your application server.
4. Enter the required data and save the profile.
5. Assign the security profiles to the Web service operations (see: Releasing a WSD for SOAP Runtime).
The following templates are available:
Template: |
Action: |
CHECK_USERNAME CHECK_USERNAME_TIMESTAMP |
The Internet Communication Framework (ICF) of the ABAP stack requires a user logon. If logon takes place using a WS security user name token, a user switch is executed in SOAP runtime. Therefore, a service user needs to be stored in this case in transaction SICF. · Choose an inbound profile that is based on the templates CHECK_USERNAME or CHECK_USERNAME_TIMESTAMP. · In the ICF node, assign a valid service user in Anonymous Logon Data. This service user does not have to be a member of a security role. It is used by the SOAP runtime until security protocol has authenticated the query using the security token wsse:user name. |
CHECK_SIGNATURE |
The XML signature in the SOAP document is validated. The validation itself takes place in the Java stack (for configuration, see Configuring Signature Processing). The J2EE Keystore view that contains the trusted certificates must be specified. |
SET_SIGNATURE |
An XML signature is added to the SOAP document. The signature creation itself takes place in the Java stack (for configuration, see Configuring Signature Processing). For configuration purposes, the J2EE Keystore view and the J2EE Keystore alias for the private key must be specified. |
SET_USERNAME |
A user name token is added to the SOAP document. For this purpose, the user name and password must be entered in the configuration. |
SET_USERNAME_TIMESTAMP |
A user name token and a time stamp are added to the SOAP document. For this purpose, the user name, password, and the validity date must be entered in the configuration. |