Configuring Transport Authentication with X.509 Certificates (SAP Library - Configuring Authentication and Single Sign-On)

Configuring Transport Authentication with X.509 Certificates

Use

The AS Java technology stack of SAP NetWeaver also enables you to configure Web service (WS) access authentication at the HTTP transport level using X.509 client certificates. For this access scenario, the AS Java authenticates the WS access with the underlying SSL security protocol.

You use the SAP NetWeaver Administrator (NWA) tool to configure the AS Java system for using transport level authentication with X.509 client certificates.

Prerequisites

To use X.509 client certificates for WS consumer authentication on the AS Java you also have to enable the use of SSL on the AS Java. For more information, see Using SSL on the AS Java.

Procedure

...

To configure a WS service endpoint for providing a WS

a. Using the WS Configuration functions in NWA select the Service Definition, the corresponding Service Endpoint to configure and choose the Security management functions for the selected service endpoint.

b. Switch to Edit mode.

c. Use the Transport Protocol options to configure the use of HTTPS.

d. Use the checkbox for HTTP Authentication to enable the use of X.509 Certificates for SSO of WS consumers.

To configure a WS logical port for consuming a WS

...

a. Using the WS Clients Configuration in NWA, select the Proxy Definition, the corresponding Logical Port to configure and choose the Security management functions for the selected logical port.

b. Switch to Edit mode.

c. Using the Authentication dropdown menu list choose HTTP Authentication.

d. Choose the radio button to use a X.509 Client Certificate for SSO to a WS provider.

e. Use the Details button to

For an AS Java:

■ choose the PSE and the Private Key corresponding to the X.509 client certificate to use for consuming the WS.

■ In addition, you can configure the SSL Server Certificates options for mutual authentication over SSL.