Using Message Level Authentication (SAP Library - Configuring Authentication and Single Sign-On)

Using Message Level Authentication

Function

When you use message or SOAP document level authentication for WS access, the authentication credentials of the WS consumer are transported in the SOAP header of the SOAP envelop, using authentication token profiles. SAP NetWeaver enables you to use the following WS Security token profiles:

● Username token profile

● X.509 certificate token profile

● SAML Token Profile

In addition, SAP NetWeaver enables you to enable WS specific security and authentication mechanisms, such as XML encryption, XML signatures, Message Aging and WS Secure Conversation.

Features

Message level authentication enables the use of authentication mechanisms that are specific to the communication patterns for WS. The authentication mechanisms for WS that are supported by SAP NetWeaver enable you to authenticate access with SSO and protect a specific security element for the WS authentication.

For example, by using XML signatures, you can guarantee the non-repudiation and integrity of the SOAP message used for the WS communication, but not its confidentiality. You can use this type of authentication for cases when the confidentiality of the WS communication is not critical, or when intermediary systems for the WS communication need to have access to the SOAP message.

The underlying technology stacks of SAP NetWeaver enable you to use different document authentication mechanisms. Respectively, the configuration steps for enabling a specific mechanism depend on the underlying technology stack.