Configuring Security (SAP Library

Configuring Security

Transport Security

To activate SSL for a Web Service, perform the following steps:

Activate SSL for the SAP Web AS (see Using the Secure Sockets Layer Protocol with the SAP Web AS ABAP).
Choose Integrity in the Web service definition of the Web service (see Creating a Web Service Definition).
In the ICF node (transaction SICF) of the Web service, choose the SSL radio button under Security Requirements.

Authentication

HTTP Basic	In the ICF node, choose Standard under Logon Procedure.
X.509 client certificates through SSL	In the ICF node, choose Oblig. via Client Cert. (SSL) under Logon Procedure.

Document Security

A WS Security header is created for the request and response message of a Web service in order to provide authentication data such as a wsse:user name element or an XML signature.

To activate document security, create security profiles on the basis of templates. Assign these security profiles to the Web service operations.

Proceed as follows:

...

1. Call transaction WSSPROFILE.

2. Enter the name of the profile and choose Create.

3. In the following dialog box, choose a template for the security profile using the input help.

This graphic is explained in the accompanying text

You can use profiles with a digital signature only if you have started a J2EE Engine on your application server.

4. Enter the required data and save the profile.

5. Assign the security profiles to the Web service operations (see: Releasing a WSD for SOAP Runtime).

The following templates are available:

Template:	Action:
CHECK_USERNAME CHECK_USERNAME_TIMESTAMP	The Internet Communication Framework (ICF) of the ABAP stack requires a user logon. If logon takes place using a WS security user name token, a user switch is executed in SOAP runtime. Therefore, a service user needs to be stored in this case in transaction SICF. · Choose an inbound profile that is based on the templates CHECK_USERNAME or CHECK_USERNAME_TIMESTAMP. · In the ICF node, assign a valid service user in Anonymous Logon Data. This service user does not have to be a member of a security role. It is used by the SOAP runtime until security protocol has authenticated the query using the security token wsse:user name.
CHECK_SIGNATURE	The XML signature in the SOAP document is validated. The validation itself takes place in the Java stack (for configuration, see Configuring Signature Processing). The J2EE Keystore view that contains the trusted certificates must be specified.
SET_SIGNATURE	An XML signature is added to the SOAP document. The signature creation itself takes place in the Java stack (for configuration, see Configuring Signature Processing). For configuration purposes, the J2EE Keystore view and the J2EE Keystore alias for the private key must be specified.
SET_USERNAME	A user name token is added to the SOAP document. For this purpose, the user name and password must be entered in the configuration.
SET_USERNAME_TIMESTAMP	A user name token and a time stamp are added to the SOAP document. For this purpose, the user name, password, and the validity date must be entered in the configuration.