Start of Content Area

This graphic is explained in the accompanying text Authentication for Web Services

Web service clients can authenticate themselves either by using the authentication mechanisms provided by the HTTP protocol such as basic authentication, or by adding a security token to the WS Security header. Depending on the authentication mechanism, different authentication options are available.

      Default at design time: Strong

The following alternatives are available in the runtime configuration:

       HTTP Authentication

       X.509 Client Certificate

       Logon Ticket

Alternatively:

       Message Authentication

       X.509 Client Certificate

       SAML Assertion

      Default at design time: Basic

In addition to the options listed under Strong, you must also choose one of the following security measures:

       HTTP Authentication

       User ID/Password

Alternatively:

       Message Authentication

       User ID/Password

      Default at design time: None

You can select from any of the security measures, or you can choose to not make any security settings at all.

Design of Web Services in the AS ABAP and AS Java

In the ABAP application server and Java application server, you provide specifications for the authentication level when designing Web services.

For strong authentication, specify Security level High. For basic authentication, specify Security level Medium or Low.

For more information: Authentication for Web Services (AS ABAP), Setting an Authentication Level

Runtime Configuration in SAP NetWeaver Administrator

You can display the minimum security level for authentication that you have defined in the ABAP application server or Java application server in SOA Management or in SAP NetWeaver Administrator under Authentication. Ensure that you always maintain the minimum security level in the runtime configuration.

      Settings for Web Services:

       In SAP NetWeaver Administrator under Configuration Management   Infrastructure Management Web Services Administration for WS Configuration under Service Endpoints on the Service Definition Details tab page.

       You will find the settings for Web Service Clients under Configuration Management   Infrastructure Management Web Services Configuration, and the settings for WS Clients under Logical Ports on the Proxy Definitions Details tab page.

Make the following entries:

      To set strong authentication, go to the Security tab and choose X.509 Client Certificate or Logon Ticket either for HTTP Authentication or Message Authentication.

For more information:

Configuring Transport Authentication with X.509 Certificates

Configuring Transport Authentication with Assertion Tickets

Single Sign-On with X.509 Certificate Token Profiles

      To set basic authentication, go to the Security tab and choose UserID/Password either for HTTP Authentication or Message Authentication.

For more information: Using Message Level Authentication, Authentication for Web Services

Runtime Configuration for ABAP Web Services in SOA Manager

You can also configure any Web services that you have developed in AS ABAP in SOA Manager as well. The same security mechanisms are available.

For more information: Runtime Configuration with the SOA Manager

 

End of Content Area