Inbound (Sending Messages to the Advanced Adapter Engine) (SAP Library

Inbound (Sending Messages to the Advanced Adapter Engine)

No configuration is required in the adapter-specific sender channel configuration (inbound) of the Integration Directory.

The authentication/authorization is performed by AS Java and therefore needs to be configured with the NetWeaver Administrator. This configuration is described in the AS Java Authentication Infrastructure and is outlined below.

When a message is to be sent to the Advanced Adapter Engine (and ultimately to the Integration Server), AS Java serves as the SSL Server and presents its server certificate to the client as part of the SSL handshake procedure.

Client-Side Configuration (Required)

The public certificate of the trusted authority (CA) that signed the public certificate of the SSL server needs to be imported to the list of trusted certificates of the SSL client. This allows the SSL client to accept the certificate of the server in the SSL handshake.

Server-Side Configuration (Optional)

If basic authentication is used, no additional configuration is required on server side.

If client certificate authentication is requested or required by configuration of the ClientCertLoginModule, additional configuration steps are required.

If the server certificate check on the client side is successful, the client sends its public certificate to the server as part of the SSL handshake (when requested). The server needs to map the certificate to a user for authentication and will then check the authorization based on the security roles of the user.

Perform the following steps to allow AS Java to map the client certificate to a user:

1. Use the SAP NetWeaver Administrator and choose Configuration Management → Security Management → Key Storage to import the CA cert of the client certificate to the list of trusted certificates (TrustedCAs keystore view) and import the client cert to an arbitrary keystore view.

2. Use the SAP NetWeaver Administrator and choose Configuration Management → Operations Management → User and Access Management → Identity Management to map the client certificate to an existing user with role SAP_XI_APPL_SERV_USER.