Security Settings for the Receiver SOAP
Adapter
Use
If you have
assigned the receiver agreement a communication channel with adapter type
SOAP adapter
on the Integration Server
or the
PCK, you can
specify security settings. The SOAP body is signed based on these
settings.
The security configuration is largely the same as the security configuration for the receiver XI adapter. In addition, you can define the standard to be used for signing the SOAP message.
Prerequisites
The Message Security checkbox is selected in the assigned communication channel.
Features
In the Security Settings frame, you specify the following information:
Security Settings Defined by OASIS Web Service Security
If Web Services Security is selected in the Security Profile field for the communication channel used, you can make the following settings:
Security Standard and Security Procedure
Field |
Meaning |
Security Standard |
Specify the security standard to be used to verify the message. The security standard is defined by the OASIS Web Service Security version. The namespace that you select in the dropdown list box identifies the schema of the SOAP security header corresponding to the respective security standard. You can choose between the following two schemas: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd and http://schemas.xmlsoap.org/ws/2002/07/secext.
The default value http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd is suitable for standard cases. Only select the other value in the special cases for which it is intended. If you want to use the standard http://schemas.xmlsoap.org/ws/2002/07/secext, see SAP Note 769653. See also: For more information about OASIS Web Service Security, see http://www.oasis-open.org. |
Security Procedure for Request Message |
Specify the required security procedure for the request message. You have the following options: ● Do Not Use Security Procedure ● Sign ● Encrypt ● Sign and Encrypt Note that the security procedure must be applied to the message in the following sequence: ... 1. Sign 2. Encrypt |
Security Procedure for Response Message |
Specify the required security procedure for the response message. You have the following options: ● Do Not Use Security Procedure ● Decrypt ● Validate ● Decrypt and Validate Note that security procedures must be applied to the message in the following sequence: ... 1. Decrypt 2. Validate Determining a security procedure for the response message is particularly useful in synchronous communication. If an empty response message is returned in synchronous communication, you receive a message that the data could not be decrypted. |
Special Security Settings for Signing and Encryption
Keystore |
If you have selected the Sign or Encrypt security procedure, or both, you must specify these fields. These folders have the same meaning as in the security configuration of the receiver XI adapter. When using the receiver SOAP adapter, the SOAP body is signed and encrypted. |
Keystore Entry |
Special Security Settings for Decryption and Validation
Issuer |
If you have selected the Decrypt or Validate security procedure, or both, you must specify these fields. These fields have the same meaning as in the security configuration for the sender XI adapter. When using the sender SOAP adapter, the SOAP body is validated and decrypted. |
Subject |
|
Keystore |
Security Settings for Time Stamp and Expiry Date of Signature
For the signature of the outbound message, you can specify that a time stamp be set and an expiry date be specified (optional).
A receiver can check the time stamp and expiry date of the messages and can, for example, make any further processing of the message dependent on whether the message is delivered on time (based on the expiry date).
Security Settings for Time Stamp and Expiry Date of Signature
Checkbox/Field |
Meaning |
Set Time Stamp |
When this checkbox is selected, a time stamp for the signature is set in the message; this time stamp can be checked by the receiver. |
Set Expiry Date |
When this checkbox is selected, an expiry date for the signature is specified in the message; this expiry date can be checked by the receiver. |
Validity Period |
In this field, you specify the validity period of the signature (in seconds). The outbound message then contains a signature expiry date, which is based on the sum of the time stamp and the validity period. If you selected the Set Expiry Date field, you must enter a value in this field. This is the only way that an expiry date for the message signature can be calculated. |
Security Settings Defined by S/MIME
If S/MIME is selected in the Security Profile field for the communication channel used, you can make the settings described under Security Settings for the Receiver Mail Adapter.