HTTP Transport Level
Authentication
When you use HTTP transport level authentication for Web services, the authentication information is contained in the HTTP header. Thereby, the authentication mechanisms for consuming and providing WS for SAP NetWeaver components rely on the authentication infrastructure for Web based access over HTTP.
Security Considerations
HTTP transport level authentication enables you to use point-to-point security and authentication that is designed for the client-server communication patterns for Web-based access over the HTTP communication protocol. HTTP transport level authentication for SAP NetWeaver uses the same communication channel for access and authentication infrastructure as authentication for Web-based access, therefore similar security considerations apply.
For more information about the security considerations for the corresponding Web-based authentication mechanisms, see the following sections in Authentication for Web-based access:
● Basic Authentication (User ID and Password)
Features
For an overview of the authentication and SSO mechanisms that you can use for HTTP transport level authentication for providing and consuming WS on the AS ABAP and AS Java, see the table below:
|
AS ABAP |
AS Java |
User ID/Password |
X |
X |
X.509 Certificate |
X |
X |
Logon Ticket |
X |
X |
Configuring the Use of HTTP Transport Level Authentication
For more information about the runtime configuration options to enable the use of HTTP transport level authentication and SSO mechanisms for providing and consuming WS, see:
● Using Transport Level Authentication
○ Using Transport Authentication with User ID/Password