Secure Runtime Configuration with the SOA Manager

You can configure security settings for the service provider and service consumer for the runtime of Web services.

Settings

You perform pre-settings for this purpose during Web service design in the AS ABAP development environment. You will find pre-settings for Web Services in the SOA Manager (Transaction SOAMANAGER) under Service Administration Single Service Administration for services and consumer proxies in the tab page called Details.

Security Settings

In the runtime configuration, you can configure service providers individually or together using profiles.

Transport Guarantee
- HTTPS
  HTTP communication that is secured with SSL (Secure Sockets Layer)
  
  More information: Configuring the AS ABAP for Supporting SSL
- Signature and Encryption
  Messages are secured with an XML signature and XML encryption with symmetric or asymmetrical keys.
  
  More information: WS Security XML Signature/Encryption
- Secure Conversation
  Messages are secured with a pre-defined symmetrical key. The key is re-used in further calls.
  
  More information: WS SecureConversation
- External Signature and Header Protection
  You can activate the functions signature confirmation, signature encryption, and header encryption.
  
  More information: Enhanced Protection for Signature and Header
HTTP Authentication
The authentication information is found in the HTTP header.
- User Name/Password (Basic)
- X.509 Certificate
  Authentication with an X.509 certificate.
- Logon Ticket
  Authentication with an SAP Assertion Ticket.

More information: HTTP Transport Level Authentication

Message Authentication
The authentication information is found in the SOAP header.

More information: Using Message Level Authentication
- User Name/Password (Basic)
  Authentication with WS Security UsernameToken
  
  More information: WS Security UsernameToken
- X.509 Certificate
  Authentication with a signed SOAP message, user authentication by certificate
  
  More information: WS Security XML Signature/Encryption
- Single Sign-on using SAML 1.1
  Authentication with a signed SAML 1.1 Assertion
  
  More information: SAML Token Profile
  
  To use an external security token service to receive or request a SAML 1.1 token, select a Token Issuer.
  
  More information: Single Sign-On with an External Security Token Service

You choose one of the predefined security settings during the runtime configuration for the service consumer.

Recommended WS Security Scenarios

SAP has put together recommendations for you on combining authentication and transport guarantee mechanisms. You can also get information on what prerequisites you have to fulfill to implement the scenario in your systems.

More information: Recommended WS Security Scenarios

Configuration Examples for AS ABAP

More information about secure Web services scenarios: Configuration Examples for AS ABAP