Configuring SSO with X.509 Certificate Token
ProfilesUse this section to configure the use of X.509 certificate token profiles for document level WS authentication.
For this SSO mechanism, the WS consumer is authenticated by the WS provider based on an XML signature, generated with the private key of the WS consumer and transported in the SOAP message header of the request.
X.509 certificate
token profiles use the underlying security concepts of
Public-Key
Technology for the security of the WS access authentication process for
this authentication scenario.
●
To support the use
of X.509 token profiles on the AS Java you have to import the certificates of
the trusted for WS authentication Certification Authorities in the keystore
view WebServiceSecurity. For more information, see
Using the AS Java Key
Storage.
●
To support the use
of X.509 token profiles on the AS ABAP you have to import the certificates of
the trusted for WS authentication Certification Authorities in the PSE
WSKey. For more information, see
Trust
Manager.
...
1. Use the System Landscape Selection functions of the NWA to select the AS Java and AS ABAP systems to configure. For more information, see Defining System Selections.
To configure a WS service endpoint for providing a WS
a. Using the WS Configurationfunctions in NWA select the Service Definition, the corresponding Service Endpoint to configure and choose the Security management functions for the selected service endpoint.
b. Switch to Edit mode.
c. Enable the X.509 Certificate checkbox for Message Authentication.
d. Configure strong message security options for outgoing WS responses and incoming WS requests.
To configure a WS logical port for consuming a WS
a. Using the WS Clients Configuration functions in NWA, select the Proxy Definition, the corresponding Logical Port to configure and choose the Security management functions for the selected logical port.
b. Switch to Edit mode.
c. Enable the X.509 Client Certificate radio button for Message Authentication.

Use the Details button for additional information about providing the private key for generating the XML signature for the X.509 certificate token profile.
d. Configure strong message security options for outgoing WS requests and incoming WS responses.