Authentication at HTTP Transport Level
If you use authentication at HTTP transport level for Web services, the authentication data is contained in the HTTP header. With this approach, the authentication mechanisms for consuming and providing WS for SAP NetWeaver components are based on the authentication infrastructure for Web-based access over HTTP.
Security Aspects
Authentication at HTTP transport level allows you to use point-to-point security and authentication that was designed for the client/server connection pattern for Web-based access over the HTTP connection protocol. Authentication at HTTP transport level for SAP NetWeaver uses the same connection channel for the access and authentication infrastructure as for Web-based access, and similar security aspects therefore also apply.
More information about the security aspects for the correpsonding Web-based authentication mechanisms is available in the following sections about authentication for Web-based access:
The table below provides an overview of the authentication and SSO mechanisms that you can use for authentication at HTTP transport level for providing and consuming Web services on the AS ABAP and AS Java.
|
AS ABAP |
AS Java |
|---|---|---|
User name/password |
X |
X |
X.509 Certificate |
X |
X |
Logon Ticket |
X |
X |
Configuring the Use of Authentication at HTTP Transport Level
More information about the runtime configuration options with which you activate the use of authentication at HTTP transport level and SSO mechanisms for providing and consuming Web services: