Using Transport Level Authentication 

Use

SAP NetWeaver systems enables you to use transport level authentication and SSO for Web services (WS) with a user ID and password, X.509 certificates or authentication assertion tickets. You use the Web-based SAP NetWeaver Administration tool to configure the AS for using a transport level authentication mechanism.

Prerequisites

To use authentication with X.509 certificates, you have to enable the use of cryptographic functions for the AS Java system. More information: Digital Signatures and Encryption.

For WS SSO with authentication assertion tickets, the WS consumer must be configured to issue logon tickets and the WS provider needs a trust relationship with the issuer to accept the ticket.

Features

When using transport level WS SSO, the AS Java uses standard HTTP authentication mechanisms. The SSO mechanisms for WS access are correspondingly activated by the AS Java component that enables Web-based authentication. With this method, authentication credentials for authentication with user ID and authentication assertion tickets are transported in the HTTP header. X.509 certificate authentication uses the underlying SSL security protocol over HTTP to perform the authentication.

To enable the use of a transport layer SSO mechanism for the AS Java, use the Web-based SAP NetWeaver Administrator tool. In the NetWeaver Administrator, you can access the WS configuration functions for providing and consuming Web Services using the navigation path: Configuration Management -> Infrastructure Management -> Web Services Configuration.

The configuration options allow you to use several transport layer authentication mechanisms simultaneously, for example, user authentication with user ID and password over HTTPS or SSO with assertion authentication tickets. In addition, when using X.509 certificate authentication over HTTPS, you can enable mutual authentication, where both the WS consumer and the WS provider authenticate with X.509 certificates using the SSL security protocol.