Show TOC Start of Content Area

Background documentation SOAP Adapter  Locate the document in its SAP Library structure

The SOAP adapter translates between native SOAP messages and XI messages, where the SOAP body is always interpreted as the XI payload. SOAP messages can be secured by using either Web service security (signature only) or S/MIME standards (signature and encryption).

If you use your SOAP adapter together with the Axis framework, further security features are supported.

The following table summarizes the security-relevant aspects of the SOAP adapter:

Aspect

SOAP Adapter

Underlying protocol

HTTP

Inbound and outbound connections should be secured by SSL.

Inbound configuration

Configuration in sender channel of type SOAP in Integration Directory.

Messaging user is authenticated by basic authentication or SSL client certificate.

Note

In Axis Task mode, more authentication mechanisms are supported: basic authentication, digest, NTLM (Microsoft NT LAN Manager Authentication scheme), SSL client certificate, and SAP assertion tickets.

Signature validation or decryption can be activated in the channel configuration, where a security profile (Web service security or S/MIME) must be selected. The AS Java keystore views of the actual certificate for signature validation or decryption are configured in the sender agreement associated with the channel.

Messaging user must have the security role xi_adapter_soap_message in the Advanced Adapter Engine.

Outbound configuration

Connection and user must be defined by a receiver channel of type SOAP in the Integration Directory.

Signing or encrypting of the SOAP message can be activated in the channel configuration, where a security profile (Web service security or S/MIME) must be selected. The AS Java keystore views of the actual certificate for signing or encrypting are configured in the receiver agreement associated with the channel.

User authentication and anonymous logon are possible.

Note

In Axis mode, further authentication mechanisms are supported: digest, NTLM (Microsoft NT LAN Manager Authentication scheme), and SAP assertion tickets).

If authenticated, the user must have appropriate authorizations in the receiver system.

 

      More information about how to configure SSL for the Advanced Adapter Engine: HTTP and SSL.

      More information about digital signatures: Message-Level Security.

 

End of Content Area