Configuring SSO with X.509 Certificate Token
Profiles
Use
Use this section to configure the use of X.509 certificate token profiles for document level WS authentication.
For this SSO mechanism, the WS consumer is authenticated by the WS provider based on an XML signature, generated with the private key of the WS consumer and transported in the SOAP message header of the request.
X.509 certificate token profiles use the underlying security concepts of Public-Key Technology for the security of the WS access authentication process for this authentication scenario.
Prerequisites
●
To support the use of X.509 token profiles on the AS Java
you have to import the certificates of the trusted for WS authentication
Certification Authorities in the keystore view WebServiceSecurity. For
more information, see
Using the AS Java Key
Storage.
Procedure
...
To configure a WS service endpoint for providing a WS
a. Using the WS Configuration functions in NWA select the Service Definition, the corresponding Service Endpoint to configure and choose the Security management functions for the selected service endpoint.
b. Switch to Edit mode.
c. Enable the X.509 Certificate checkbox for Message Authentication.
d. Configure strong message security options for outgoing WS responses and incoming WS requests.
To configure a WS logical port for consuming a WS
a. Using the WS Clients Configuration functions in NWA, select the Proxy Definition, the corresponding Logical Port to configure and choose the Security management functions for the selected logical port.
b. Switch to Edit mode.
c. Enable the X.509 Client Certificate radio button for Message Authentication.
Use the Details button for additional information about providing the private key for generating the XML signature for the X.509 certificate token profile.
d. Configure strong message security options for outgoing WS requests and incoming WS responses.
See also:
Configuring Web
Services and Web Service Clients in the SAP NetWeaver Administrator