Web Service Runtime Configuration

Security Settings Default

You can configure security settings for the service provider and service consumer for the runtime of Web services.

Settings

You make pre-settings for this during the Web service design in the Enterprise Services Repository for service interfaces and in the relevant AS ABAP or AS Java development environment.

ES Repository: Service Interface, under Security Profile

AS ABAP: Making a Web Service Secure

AS Java: Setting an Authentication Level, Setting the Transport Guarantee Level

Security Settings

In the runtime configuration, you can configure service providers individually or together using profiles. Not all security settings are available when using profiles.

Transport Level
- HTTPS
  HTTP communication that is secured with SSL (Secure Sockets Layer)
  
  More information: Network and Communication Security
HTTP Authentication
The authentication information is found in the HTTP header.
- User Name/Password (Basic)
- X.509 Certificate
  Authentication with an X.509 certificate.
- Logon Ticket
  Authentication with an SAP Assertion Ticket.
More information: HTTP Transport Level Authentication
Message Authentication
More information: Using Message Level Authentication

The authentication information is found in the SOAP header.
- User Name/Password (Basic)
  Authentication with WS Security UsernameToken
  
  More information: WS Security UsernameToken
- X.509 Certificate
  Authentication with a signed SOAP message, user authentication by certificate
  
  More information: WS Security XML Signature/Encryption
- SAML Assertion
  Authentication with a signed SAML 1.1 Assertion
  
  More information: SAML Token Profile
Message Security/WS Security
The security settings affect the SOAP document.
- WS secure conversion (for AS Java version February 2005, for AS ABAP version 1.3)
  Messages are secured with a pre-defined symmetrical key. The key is re-used in further calls.
  
  More information: WS SecureConversation
- Add/Require Signature and Add/Require Encryption
  Messages are secured with an XML signature and XML encryption with asymmetrical keys.
  
  More information: WS Security XML Signature/Encryption

You choose one of the predefined security settings during the runtime configuration for the service consumer.

Recommended WS Security Scenarios

SAP has put together recommendations for you on combining authentication and transport guarantee mechanisms. You can also get information on what prerequisites you have to fulfill to implement the scenario in your systems.

More information: Recommended WS Security Scenarios