Show TOC

Procedure documentationConfiguring a Service Provider Locate this document in the navigation structure

 

To configure a service provider, you need to create and configure a binding. The binding contains a runtime configuration, which is needed to implement the service. A runtime configuration is generated using the service definition.

A service definition consists of development objects. These development objects are either shipped by SAP or are custom-created objects shipped as part of an application. Service definitions are automatically created during proxy generation.

You can create more than one binding for the same service. In this way, you can provide the same service with several different runtime configurations, implementing alternative ways for accessing the Web service. The binding information is used to support the configuration of Web service consumers in the form of a WSDL document. Each configured ABAP Web service provider configuration (that is, each binding) can be described in a WSDL document. A WSDL document describes a Web service in an XML document format. It is mostly used to pass the binding's information to a Web service consumer to support the setup of the consumer configuration, which is called a logical port.

Note Note

If you do not create a binding, it will not be possible to call the service.

End of the note.
When to Configure a Single Service Provider

You will normally configure a single service provider in the following situations:

  • Communication between two applications takes place in one direction.

    The consumer proxies need to be configured for only one of the two applications. For the unconfigured application, only the services need to be configured.

  • The consumer side is connected to exactly one provider system or to a mediator (hub).

  • The consumer system offers receiver determination not using service groups, but instead through application-specific configuration in which logical port names are stored and accessed directly at runtime.

  • There is only a small number of consumer proxies or services.

Prerequisites

A service definition exists in the ABAP system. The service definition is a wrapper object keeping a link to the Web service implementing class or function module and the design time configuration. The design time configuration is a collection of requirements for a Web service that are already known at design time. It specifies basic attributes, for example, the operation type (synchronous / asynchronous) and minimum requirements for accessing the Web service.

Procedure

  1. From the main screen of SOA Manager, go to the Service Administration tab.

  2. Select Web Service Configuration.

    Note Note

    The navigation of the Web Service Configuration page has been updated and improved. You can switch to the previous version using the link that appears at the top of the window when you first open the page. The option of switching to the old version is provided with every session of SOA Manager.

    End of the note.

    Caution Caution

    The new user interface for Web Service Configuration allows more security settings to be configured than in the previous version. If you configure any web service settings that are only available in the new user interface, you can no longer make changes to the Web service using the old interface.

    End of the caution.
  3. Search for a service definition.

    There are many different search criteria available. In this case, for example, you can specify the object type, object name, and attributes of the service definition. You can add further search criteria by clicking the Add (Add) icon. In the search results, a few basic attributes of the service definition are displayed.

  4. Click the internal name of the service definition to display details.

    The details of the service definition are displayed on four tabs. The Configurations tab displays a list of services and bindings. On the other tabs, you can display design time information and classifications.

  5. To create a new service and a binding, choose Create Service. If you want to create a new binding for an existing service, select the service from the list and choose the Create binding (Create binding) icon in the Service Actions column.

    A wizard opens.

  6. Specify a name for the service, a service description, and a name for the binding. If you are creating a binding only, the service name is displayed, and you only enter a binding name.

    A binding contains a single runtime configuration for a service. To define different runtime behaviors, you can create multiple bindings for the same service. This allows you to provide the same service with a different runtime behavior to different consumers.

  7. Choose Next.

  8. Specify the following provider security settings.

    Note Note

    The settings permitted are based on the security settings of the service definition specified in ABAP Development Workbench. You have to prepare the ABAP system to use the security mechanisms offered in this view. Especially the message based authentication needs preparation using the report WSS_SETUP to run properly. Refer to the SAP NetWeaver Security online documentation on the SAP Help Portal for more information.

    End of the note.

    Transport Guarantee

    Here, you determine whether and how messages are signed or encrypted.

    • None: The HTTP protocol is used and no encryption of the Web service messages takes place on the network.

    • SSL: The HTTPS protocol is used. The HTTP message containing the Web service message is encrypted, which provides integrity and privacy protection. SSL also provides server side authentication (the server identifies itself to the provider). The client side authentication (on connection establishment, the consumer identifies itself to the provider) can be enforced by selecting the X.509 Certificate option under Authentication Method below. The combination of both provides a mutual authentication.

    • Symmetric Message Signature / Encryption: This option secures the data exchange on the Web service (SOAP) message level. The SOAP message will be signed and encrypted where both the signature and the encryption is calculated using a symmetric session key. This key is created by the consumer and is used for the complete request/response cycle. The symmetric key itself will be transferred in encrypted format using the provider’s public key of its Public-Private-Key-pair.

    • Asymmetric Message Signature / Encryption: Secures the data exchange on the Web service (SOAP) message level. The SOAP message will be signed and encrypted. The signature is computed using the consumer’s private asymmetric key. The encryption is calculated using a symmetric session key which is created by the consumer for the request to the provider. The provider will generate a new symmetric key for the response encryption. The symmetric key itself will be transferred in encrypted format using the provider’s asymmetric public key.

    • Secure Conversation: The SOAP message is signed and encrypted using a symmetric session key. This key will be used for multiple request/response cycles until the Secure Conversation session is terminated, for example when a sequence of a Web Service Reliable Message is terminated. The chosen communication security together with the chosen authentication method will be used to establish the Secure Conversation session.

    • Extended Signature and Header Protection: This will provide additional means of protecting SOAP messages, for example signature encryption, signature confirmation and SOAP header encryption.

    Authentication Settings

    Here, you determine how the consumer and the provider authenticate themselves to each other. You need to select at least one option from the authentication method section before the service can be saved. You can also select multiple methods.

    • No Authentication: This specifies that your service is considered public. The authentication is done with a fixed user account specified as additional input in this option. This user account will be stored in the binding's ICF node as service user.

    • Transport Channel Authentication: The authentication is done by means of the transport channel. You specify a User ID/Password, a X.509 client certificate, or a SAP assertion ticket authentication. The authentication information for User ID/Password and SAP assertion ticket authentication will be transferred as HTTP header. For more information, see Using Logon Tickets with AS ABAP

      X.509 SSL Client Certificate only works in combination with Communication Security SSL where authentication is performed inside the SSL layer.

    • Message Authentication: The authentication is done in the Web service message itself as defined in the Web service security standard. The authentication information is transferred within the SOAP security header.

      You can specify the following types of message authentication: User ID/password (Username Token), X.509 certificate (X509 Token) or Single Sign On using SAML (SAML Token).

  9. (Optional) You can edit the SOAP protocol information.

    Transport Binding

    Here, the access URL of the binding is displayed. You can also define an alternative URL for messages, if, for example, your provider can only use a fixed access path. You need to specify an alternative path, for example, if the service is not local or if it is behind a firewall. The access path that you set as Alternative Access Path adds one additional, alternative access path to the Web service.

    Message Attachments Handling

    Here, you can specify if the consumer is allowed to send message attachments that are not modeled but freely defined by the consumer.

  10. (Optional) You can change the operation settings.

    Here, you can specify the Outbound Message Action and the SOAP Action for the operation. You can enter a URL that identifies the intent of the call. The SOAP action is set as an HTTP header when the Web service call is made through HTTP.

  11. Finish the wizard to save the binding.

    The service can now be called under its access URL by Web service consumers, and the WSDL document for the service is available.

Result

You have configured a Web Service provider. This provider can now be called by a consumer. A WSDL document is now available for this Web service provider. You can display the URL of the WSDL document by choosing the Open Service WSDL Generation (Open Service WSDL Generation) icon in the Service Actions column on the Configurations tab. A WSDL is also available for the binding. To open it, choose the Open Binding WSDL Generation (Open Binding WSDL Generation).

On the Configurations tab, the following actions are available for the services and bindings:

  • Activate / Deactivate service and its bindings

  • Display, create, edit, delete binding

  • Delete service and its bindings

  • Open service WSDL generation

  • Republish binding to Services Registry

    Each binding is automatically published to the local Services Registry. You can manually republish the binding here.

  • Open binding WSDL generation