Show TOC

Adapters Running on the Integration EngineLocate this document in the navigation structure

Use

The Integration Engine provides the following connectivity options.

Caution

These adapters are not available when you have installed the Advanced Adapter Engine Extended.

IDoc and HTTP Adapter

The Integration Engine includes the following adapters:

  • The IDoc adapter

    The IDoc adapter translates between XI messages and IDoc calls, which rely on the tRFC protocol.

  • The Plain HTTP adapter

    The Plain HTTP adapter handles HTTP requests, in which the XI message header data is transported using URL parameters, and the HTTP body only contains the message payload.

The following paragraphs summarize the security-relevant aspects of these adapters. For a detailed description of how to configure SSL for the Advanced Adapter Engine, refer to HTTP and SSL .

  • Underlying protocol

    • IDoc adapter:

      tRFC

      Inbound and outbound connections should be secured by Secure Network Communication (SNC).

    • Plain HTTP adapter:

      HTTP

      Inbound and outbound connections should be secured by Secure Sockets Layer (SSL).

  • Inbound configuration

    • IDoc adapter:

      Connection and user must be defined in RFC destination of type 3 from sender IDoc system to Integration Server.

      User must have role SAP_XI_APPL_SERV_USER on Integration Server.

    • Plain HTTP adapter:

      HTTP sender must use URL http://<host>:<port>/sap/xi/adapter_plain and a corresponding HTTP logon procedure of AS ABAP.

      User must have role SAP_XI_APPL_SERV_USER on Integration Server.

  • Outbound configuration

    • IDoc adapter:

      Connection and user must be defined by a channel of type IDoc in the Integration Directory. The channel must reference an SM59 destination from the Integration Server to the receiver IDoc system.

      User must have appropriate IDoc and application authorizations in the receiver IDoc system.

    • Plain HTTP adapter:

      Connection and user must be defined by a channel of type HTTP in the Integration Directory.

      User authentication and anonymous logon are possible.

      If authenticated, user must have appropriate authorizations in the receiver system.

More information:

XI Adapter

“XI Adapter”

The “XI adapter ” handles the exchange of messages between Integration Engines and sends and receives messages to and from ABAP proxies and the SAP Partner Connectivity Kit (PCK).

  • Underlying protocol

    HTTP

    Inbound and outbound connections are to be secured by Secure Sockets Layer (SSL).

  • Inbound configuration

    Signature validation or decryption can be activated in the channel configuration, where a security profile (Web service security) must be selected. The AS Java keystore views of the actual certificate for signature validation or decryption are configured in the sender agreement associated with the channel.

  • Outbound configuration

    Signing or encrypting the XI message can be activated in the channel configuration, where a security profile (Web service security) must be selected. The AS Java keystore views of the actual certificate for signing or encrypting are configured in the receiver agreement associated with the channel.

    User authentication and anonymous logon are possible.

    Authorization check for accessing ABAP Backend proxies using the XI-protocol are enabled in the Integration Server configuration, configuration parameter AUTHORITY_ON_MSG_TYPE (category RUNTIME)

    Authorization at runtime is determined by the value of the authorization object S_SERVICE.

More information: XI Adapter Overview

Web Services Runtime

The WS runtime translates between the XI protocol and Web service messages that rely on the WS protocol.

  • Underlying protocol

    HTTP

    Inbound and outbound connections are to be secured by Secure Sockets Layer (SSL).

  • Inbound configuration

    Connection and user authentication are defined by a sender channel and an associated sender agreement of type WS .

    The connection data (URL is http://<host>:<port>/sap/bc/srt/xip/sap/<path to individual WS-provider> ) and type of authentication are maintained in the channel.

    Authentication data (if required) is maintained in the agreement.

    Possible authentication types are:

    • Anonymous login

    • User/password (on transport and message level)

    • SSL client authentication

    • SAP assertion ticket

    • WSS X.509 certificate token

    • SAML

    User must have role SAP_XI_APPL_SERV_USER and authorization object S_SERVICE. Authorization for individual Web services can be given.

    More information: Authorizations

    You can enable Secure Conversation and extended signature and header protection.

    Transport security can be achieved by symmetric or asymmetric signature and encryption.

  • Outbound configuration

    Connection and user authentication are defined by a receiver channel and an associated receiver agreement of type WS .

    The connection data and type of authentication are maintained in the channel.

    Authentication data (if required) is maintained in the agreement.

    Possible authentication types are:

    • Anonymous login

    • User/password (transport or message authentication)

    • SSL client authentication

    • SAP assertion ticket

    • WSS X.509 certificate token

    • SAML

    If authenticated, the user must have appropriate WS and application authorizations in the receiver system.

    Transport security can be achieved by symmetric or asymmetric signature and encryption.

    You can enable Secure Conversation for local service calls.

  • Access to provider WSDL

    Access to the provider WSDL can be secured by basic authentication over HTTP or SSO using SAP assertion ticket.

    Access to WSDL display is secured by basic authentication in sender agreement and direct communication, when Exchange Profile parameter com.sap.aii.ibdir.wsdl.servlet.authentication is set to ON.

More information: Communication Channel (Adapter Type WS)