Show TOC

Procedure documentationConfiguring an STS as a Token Issuer Locate this document in the navigation structure

Prerequisites

  • You have released the scenario, as described in SAP Note 1320198.

    If you are using one of the following SSO/STS scenarios, the following prerequisites must be fulfilled.

    • STS scenario with symmetric key for confirming signature (authentication only)

    • STS scenario with asymmetric consumer key for confirming signature (authentication only)

  • Messages between the WS provider and WS consumer are secured, either at transport level with the Secure Sockets Layer protocol (HTTPS) or at message level (symmetric message encryption/signature). In the case of symmetric message encryption, you need to import the encryption certificate of the WS provider into the PSE WSSCRT in the Trust Manager of the WS consumer.

Procedure

Create the logical port for the connection to STS.

  1. In the SOA Manager of the WS consumer, on the Service Administration tab page, choose the link Configuration of Individual Services.

    1. Find the consumer proxy that is to be used to access the service end point, and for which you want to define a logical port.

      Internal Name: CO_WSSESECURITY_TOKEN_SERVICE, External Name Name: SecurityTokenServiceIn.

    2. Select the consumer proxy in the list of search results and choose Apply Selection.

    3. On the Configurations tab page, choose the Create Log. Port button.

    4. Specify the following in the dialog box:

      • The name of the logical port and its description

      • For configuration type, select the Meta Data Exchange Protocol radio button

      • The STS MEX URL

        Note Note

        Use HTTP or HTTPS in the URL, depending on whether you have configured SSL for the connection between STS and the WS consumer.

        End of the note.

      • The STS endpoint URL

        Note Note

        You can only use this URL for one logical port. The logical port set up with the URL is available for all WS consumer configurations.

        End of the note.

      • The MEX access user that you specified in STS

      • The MEX user password that you specified in STS

      • Choose the Copy settings button.

    5. Scroll down.

    6. If necessary, in the Encryption Certificate field, enter the STS encryption certificate that you previously imported into the PSE WSSCRT of the WS consumer with transaction STRUST.

    7. If applicable, in the Signature Certificate field, specify the signature certificate of the WS consumer that you previously created with transaction STRUST in the WS consumer's PSE WS-Security Other System Encry (WSSKEY).

    8. Save your entries.