Runtime Configuration with the SOA Manager

You can configure security settings for the service provider and service consumer for the runtime of Web services.

Settings

You perform pre-settings for this purpose during Web service design in the AS ABAP development environment. You will find pre-settings for Web Services in the SOA Manager (Transaction SOAMANAGER) under Application and Scenario Administration Administration of Individual Services for services and consumer proxies in the tab page called Details.

Security Settings

In the runtime configuration, you can configure service providers individually or together using profiles. Not all security settings are available when using profiles.

Transport Guarantee
- HTTPS
  HTTP communication that is secured with SSL (Secure Sockets Layer).
  
  For more information, see Using the Secure Sockets Layer Protocol with the AS ABAP.
- Signature and Encryption
  Messages are secured with an XML signature and XML encryption with asymmetrical keys.
  
  More information: WS Security XML Signature/Encryption
- Secure Conversation
  Messages are secured with a pre-defined symmetrical key. The key is re-used in further calls.
  
  More information: WS SecureConversation
HTTP Authentication
The authentication information is found in the HTTP header.
- User Name/Password (Basic)
- X.509 Certificate
  Authentication with an X.509 certificate.
- Logon Ticket
  Authentication with an SAP Assertion Ticket.

More information: HTTP Transport Level Authentication

Message Authentication
The authentication information is found in the SOAP header.

More information: Using Message Level Authentication
- User Name/Password (Basic)
  Authentication with WS Security UsernameToken
  
  More information: WS Security UsernameToken
- X.509 Certificate
  Authentication with a signed SOAP message, user authentication by certificate
  
  More information: WS Security XML Signature/Encryption
- SAML 1.1
  Authentication with a signed SAML 1.1 Assertion
  
  More information: SAML Token Profile

You choose one of the predefined security settings during the runtime configuration for the service consumer.

Recommended WS Security Scenarios

SAP has put together recommendations for you on combining authentication and transport guarantee mechanisms. You can also get information on what prerequisites you have to fulfill to implement the scenario in your systems.

More information: Recommended WS Security Scenarios