You can configure security settings for the service provider and service consumer for the runtime of Web services.
You perform pre-settings for this purpose during Web service design in the AS ABAP development environment. You will find pre-settings for Web Services in the SOA Manager (Transaction SOAMANAGER) under
for services and consumer proxies in the tab page called Details.In the runtime configuration, you can configure service providers individually or together using profiles.
Transport Guarantee
HTTPS
HTTP communication that is secured with SSL (Secure Sockets Layer)
More information: Configuring the AS ABAP for Supporting SSL
Signature and Encryption
Messages are secured with an XML signature and XML encryption with symmetric or asymmetrical keys.
More information: WS Security XML Signature/Encryption
Secure Conversation
Messages are secured with a pre-defined symmetrical key. The key is re-used in further calls.
More information: WS SecureConversation
External Signature and Header Protection
You can activate the functions signature confirmation, signature encryption, and header encryption.
More information: Enhanced Protection for Signature and Header
HTTP Authentication
The authentication information is found in the HTTP header.
User Name/Password (Basic)
X.509 Certificate
Authentication with an X.509 certificate.
Logon Ticket
Authentication with an SAP Assertion Ticket.
More information: HTTP Transport Level Authentication
Message Authentication
The authentication information is found in the SOAP header.
More information: Using Message Level Authentication
User Name/Password (Basic)
Authentication with WS Security UsernameToken
More information: WS Security UsernameToken
X.509 Certificate
Authentication with a signed SOAP message, user authentication by certificate
More information: WS Security XML Signature/Encryption
Single Sign-on using SAML 1.1
Authentication with a signed SAML 1.1 Assertion
More information: SAML Token Profile
To use an external security token service to receive or request a SAML 1.1 token, select a Token Issuer.
More information: Single Sign-On with an External Security Token Service
You choose one of the predefined security settings during the runtime configuration for the service consumer.
SAP has put together recommendations for you on combining authentication and transport guarantee mechanisms. You can also get information on what prerequisites you have to fulfill to implement the scenario in your systems.
More information: Recommended WS Security Scenarios
More information about secure Web services scenarios: Configuration Examples for AS ABAP