Security Settings for the Receiver SOAP Adapter

Use

If you have assigned a communication channel with adater type SOAP to the receiver agreement, you can specifiy security basis that are the basis for signing the SOAP body.

The security configuration is largely the same as the security configuration for the receiver XI adapter . In addition, you can define the standard to be used for signing the SOAP message.

Prerequisites

The Message Security checkbox is selected in the assigned communication channel.

Features

In the Security Settings frame, you specify the following information:

Security Settings Defined by OASIS Web Service Security

If Web Services Security is selected in the Security Profile field for the communication channel used, you can make the following settings:

Security Standard and Security Procedure

Field	Meaning
Security Standard	Specify the security standard to be used to verify the message. The security standard is defined by the OASIS Web Service Security version. The namespace that you select in the dropdown list box identifies the schema of the SOAP security header corresponding to the respective security standard. You can choose between the following two schemas: `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd` and `http://schemas.xmlsoap.org/ws/2002/07/secext` . Caution The default value `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd` is suitable for standard cases. Only select the other value in the special cases for which it is intended. If you want to use the standard `http://schemas.xmlsoap.org/ws/2002/07/secext` , see SAP Note `769653` . For more information, see: For more information about OASIS Web Service Security, see `http://www.oasis-open.org` .
Security Procedure for Request Message	Specify the required security procedure for the request message. You have the following options: Do Not Use Security Procedure Sign Encrypt Sign and Encrypt Note that the security procedure must be applied to the message in the following sequence: Sign Encrypt
Security Procedure for Response Message	Specify the required security procedure for the response message. You have the following options: Do Not Use Security Procedure Decrypt Validate Decrypt and Validate Note that security procedures must be applied to the message in the following sequence: Decrypt Validate Determining a security procedure for the response message is particularly useful in synchronous communication. If an empty response message is returned in synchronous communication, you receive a message that the data could not be decrypted.

Field

Meaning

Security Standard

Specify the security standard to be used to verify the message. The security standard is defined by the OASIS Web Service Security version.

The namespace that you select in the dropdown list box identifies the schema of the SOAP security header corresponding to the respective security standard.

You can choose between the following two schemas:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd and http://schemas.xmlsoap.org/ws/2002/07/secext .

Caution

The default value http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd is suitable for standard cases. Only select the other value in the special cases for which it is intended. If you want to use the standard http://schemas.xmlsoap.org/ws/2002/07/secext , see SAP Note 769653 .

For more information, see:

For more information about OASIS Web Service Security, see http://www.oasis-open.org .

Security Procedure for Request Message

Specify the required security procedure for the request message.

You have the following options:

Do Not Use Security Procedure
Sign
Encrypt
Sign and Encrypt

Note that the security procedure must be applied to the message in the following sequence:
1. Sign
2. Encrypt

Security Procedure for Response Message

Specify the required security procedure for the response message.

You have the following options:

Do Not Use Security Procedure

Decrypt

Validate

Decrypt and Validate

Note that security procedures must be applied to the message in the following sequence:

Decrypt
Validate

Determining a security procedure for the response message is particularly useful in synchronous communication. If an empty response message is returned in synchronous communication, you receive a message that the data could not be decrypted.

Special Security Settings for Signing and Encryption

Keystore

If you have selected the Sign or Encrypt security procedure, or both, you must specify these fields.

These folders have the same meaning as in the security configuration of the receiver XI adapter .

When using the receiver SOAP adapter, the SOAP body is signed and encrypted.

Keystore entry

Special Security Settings for Decryption and Validation

Issuer

If you have selected the Decrypt or Validate security procedure, or both, you must specify these fields.

These fields have the same meaning as in the security configuration for the sender XI adapter .

When using the sender SOAP adapter, the SOAP body is validated and decrypted.

Holder

Keystore

Security Settings for Time Stamp and Expiry Date of Signature

For the signature of the outbound message, you can specify that a time stamp be set and an expiry date be specified (optional).

A receiver can check the time stamp and expiry date of the messages and can, for example, make any further processing of the message dependent on whether the message is delivered on time (based on the expiry date).

Security Settings for Time Stamp and Expiry Date of Signature

Checkbox/Field	Meaning
Set Time Stamp	When this checkbox is selected, a time stamp for the signature is set in the message; this time stamp can be checked by the receiver.
Set Expiry Date	When this checkbox is selected, an expiry date for the signature is specified in the message; this expiry date can be checked by the receiver.
Validity Period	In this field, you specify the validity period of the signature (in seconds). The outbound message then contains a signature expiry date, which is based on the sum of the time stamp and the validity period. If you selected the Set Expiry Date field, you must enter a value in this field. This is the only way that an expiry date for the message signature can be calculated.

Checkbox/Field

Meaning

Set Time Stamp

When this checkbox is selected, a time stamp for the signature is set in the message; this time stamp can be checked by the receiver.

Set Expiry Date

When this checkbox is selected, an expiry date for the signature is specified in the message; this expiry date can be checked by the receiver.

Validity Period

In this field, you specify the validity period of the signature (in seconds).

The outbound message then contains a signature expiry date, which is based on the sum of the time stamp and the validity period.

If you selected the Set Expiry Date field, you must enter a value in this field. This is the only way that an expiry date for the message signature can be calculated.

Security Settings Defined by S/MIME

If S/MIME is selected in the Security Profile field for the communication channel used, you can make the settings described under Security Settings for the Receiver Mail Adapter .