Configuring Transport Authentication with Assertion Tickets (SAP Library - Configuring Authentication and Single Sign-On)

Configuring Transport Authentication with Assertion Tickets

Use

The AS Java technology stack of SAP NetWeaver enables you to use Single Sign-On with authentication assertion tickets to consume and provide Web services (WS).

You use the SAP NetWeaver Administrator (NWA) tool to configure the AS Java systems for using transport level authentication with assertion tickets. When using this authentication mechanism, WS consumers issue an authentication assertion ticket that is sent to the WS provider as an authentication token for WS access SSO.

Prerequisites

To protect the security of the authentication assertion ticket SSO process, assertion ticket issuers use Public-Key Technology to generate digital signatures and sign the assertion tickets. Therefore, for WS SSO with assertion tickets, the WS consumer has to be configured to issue assertion tickets and the WS provider needs a trust relationship to the WS consumer (the ticket issuer) to verify the ticket signature.

Procedure

...

To configure a WS service endpoint for providing a WS

...

a. Using the WS Configuration functions in NWA select the Service Definition, the corresponding Service Endpoint to configure and choose the Security management functions for the selected service endpoint.

b. Switch to Edit mode.

c. Use the Transport Protocol options to configure the use of HTTP or HTTPS.

d. Use the checkbox for HTTP Authentication to enable the use of Logon Ticket for SSO of WS consumers.

To configure a WS logical port for consuming a WS

...

a. Using the WS Clients Configuration in NWA, select the Proxy Definition, the corresponding Logical Port to configure and choose the Security management functions for the selected logical port.

b. Switch to Edit mode.

c. Using the Authentication dropdown menu list choose HTTP Authentication.

d. Choose the radio button to use a Logon Ticket for SSO to a WS provider.