Authentication for Web ServicesWeb service clients can authenticate themselves either by using the authentication mechanisms provided by the HTTP protocol such as basic authentication, or by adding a security token to the WS Security header. Depending on the authentication mechanism, different authentication options are available.
● Default at design time: Strong
The following alternatives are available in the runtime configuration:
○ HTTP Authentication
■ X.509 Client Certificate
■ Logon Ticket
Alternatively:
○ Message Authentication
■ X.509 Client Certificate
■ SAML Assertion
● Default at design time: Basic
In addition to the options listed under Strong, you must also choose one of the following security measures:
○ HTTP Authentication
■ User ID/Password
Alternatively:
○ Message Authentication
■ User ID/Password
● Default at design time: None
You can select from any of the security measures, or you can choose to not make any security settings at all.
In the ABAP application server and Java application server, you provide specifications for the authentication level when designing Web services.
For strong authentication, specify Security level High. For basic authentication, specify Security level Medium or Low.
For more
information: Authentication for Web
Services (AS ABAP),
Setting an
Authentication Level
You can display the minimum security level for authentication that you have defined in the ABAP application server or Java application server in SOA Management or in SAP NetWeaver Administrator under Authentication. Ensure that you always maintain the minimum security level in the runtime configuration.
● Settings for Web Services:
○ In SAP NetWeaver Administrator under Configuration Management → Infrastructure Management → Web Services Administration for WS Configuration under Service Endpoints on the Service Definition Details tab page.
○ You will find the settings for Web Service Clients under Configuration Management → Infrastructure Management → Web Services Configuration, and the settings for WS Clients under Logical Ports on the Proxy Definitions Details tab page.
Make the following entries:
● To set strong authentication, go to the Security tab and choose X.509 Client Certificate or Logon Ticket either for HTTP Authentication or Message Authentication.
For more information:
Configuring Transport
Authentication with X.509 Certificates
Configuring Transport Authentication with Assertion Tickets
Single Sign-On with X.509 Certificate Token Profiles
● To set basic authentication, go to the Security tab and choose UserID/Password either for HTTP Authentication or Message Authentication.
For more
information: Using Message Level
Authentication,
Authentication for Web
Services
You can also configure any Web services that you have developed in AS ABAP in SOA Manager as well. The same security mechanisms are available.
For more
information:
Runtime Configuration
with the SOA Manager