Authentication for Web Services (AS
ABAP)
You can set the authentication level for Web Services.
For more information, refer to the section Creating a Service Definition.
Using the security profile settings for high, medium, and low, you can set strong or basic authentication levels.
● Security profile High means authentication level Strong
Strong Authentication (X.509 Client Certificate)
Strong authentication authenticates the user through mutual SSL authentication. An SSL client certificate must be provided for this.
Strong authentication can refer to the HTTP header or the document.
For more
information, refer to the section
Using X.509 Client
Certificates.
● Security profile Medium or Low means Authentication level Basic
Basic Authentication (user name / password)
○ This authentication authenticates the user based on the user ID and password in the HTTP header.
This option is supported for HTTP and HTTPS.
○ The user is authenticated on the basis of the user name and the password in the document. (Document Authentication)
● Security profile None means Authentication level None
No authentication during transport or in the document
These settings are default values for setting the runtime configuration in SOA Management or, if available, in the SAP NetWeaver Administrator. Here you can specify the minimum security setting for the appropriate Web service at runtime. In the runtime configuration settings, it is not possible to fall below these values.
For more information, refer to the section Authentication for Web Services.
The Internet Communication Framework requires a logon. If you perform your logon using a WS security user name token, a user switch will be executed in SOAP runtime.
For this purpose, the service user DELAY_LOGON is used. Do not assign any roles or profiles to this user.