Using Transport Level Authentication

You use the Web-based SAP NetWeaver Administrator (NWA) tool to configure SAP NetWeaver Application Server for using a transport level authentication mechanism.

For single sign-on for Web services with authentication assertion tickets, the WS consumer must be configured to issue logon tickets. The WS provider requires a trust relationship to the issuer to accept the ticket.

To use authentication with X.509 certificates, you have to enable the use of cryptographic functions for SAP NetWeaver Application Server.

When using transport level WS SSO, SAP NetWeaver Application Server uses standard HTTP authentication mechanisms. The SSO mechanisms for access to the Web services are enabled by SAP NetWeaver Application Server components that enable Web-based authentication. Authentication data for authentication with user ID and password and authentication assertion tickets is transported in the HTTP header. X.509 certificate authentication uses the underlying SSL security protocol over HTTP to perform the authentication.

To set up an SSO mechanism at transport level for SAP NetWeaver Application Server, use the Web-based SAP NetWeaver Administrator (NWA) tool. You can access the WS configuration functions for providing and consuming Web services there through the following path:  SOA Management  Application and Scenario Communication  Single Service Administration 

The configuration options allow you to use several transport layer authentication mechanisms simultaneously, for example user authentication with user ID and password over HTTPS or SSO with assertion authentication tickets. If you are using X.509 certificate authentication over HTTPS you can also enable mutual authentication, where both the WS consumer and WS provider authenticate with X.509 certificates using the SSL security protocol.