SOAP Adapter
The SOAP adapter translates between native SOAP messages and XI messages, where the SOAP body is always interpreted as the XI payload. SOAP messages can be secured either by using Web service security (signature only) or S/MIME standards (signature and encryption).
If you use your SOAP adapter together with the Axis framework , further security features are supported.
|
Aspect |
SOAP Adapter |
|---|---|
|
Underlying protocol |
HTTP Inbound and outbound connections should be secured by SSL. |
|
Inbound configuration |
Configuration in sender channel of type SOAP in Integration Directory. Messaging user is authenticated by basic authentication or SSL client certificate. Note
More authentication mechanisms are supported in Axis Task mode: Basic authentication, digest, NTLM (Microsoft NT LAN Manager Authentication scheme), SSL client certificate, and SAP assertion tickets. Signature validation or decryption can be activated in the channel configuration, where a security profile (Web service security or S/MIME, for XI 3.0 message protocol Web service security only) must be selected. The AS Java keystore views of the actual certificate for signature validation or decryption are configured in the sender agreement associated with the channel. Messaging user must have the security role xi_adapter_soap_message in the Advanced Adapter Engine. |
|
Outbound configuration |
Connection and user must be defined by a receiver channel of type SOAP in the Integration Directory. Signing or encrypting of the SOAP message can be activated in the channel configuration, where a security profile (Web service security or S/MIME, for XI 3.0 message protocol Web service security only) must be selected. The AS Java keystore views of the actual certificate for signing or encrypting are configured in the receiver agreement associated with the channel. User authentication and anonymous logon are possible. Note
In Axis mode, further authentication mechanisms are supported: digest, NTLM (Microsoft NT LAN Manager Authentication scheme), and SAP assertion tickets). If authenticated, the user must have appropriate authorizations in the receiver system. |
|
URL parameters |
Caution
Be aware that the URL of the SOAP adapter (including its parameters) may be logged in proxy log files (as are part of the general Web infrastructure). Although the URLs used by the SOAP adapter do not contain information such as user credentials, the information that they do contain may nevertheless be sensitive, for example, communicationand address parameters. For further details, see the SOAP adapter documentation. Normal users will not have the authorization to execute the actions triggered by these URLs, so cross-site request forgery attacks are unlikely. |
-
More information about how to configure the SOAP adapter in the Integration Directory: Configuring the SOAP Adapter
-
More information about how to configure SSL for the Advanced Adapter Engine: HTTP and SSL .
-
More information about digital signatures: Message-Level Security .