Show TOC Start of Content Area

Background documentation Authentication for Web Services  Locate the document in its SAP Library structure

Web services enable you to use standards-based and technology platform-independent communication between systems. A Web service (WS) is a self-contained, modularized function that can be published, discovered, and accessed across a network using open standards. For the caller or sender of a WS, a service is a black box that may require input and deliver a result.

You can use authentication and security protection for consuming and providing WS either at the HTTP transport level or at the SOAP message level. Thereby you can use standard HTTP authentication mechanisms, such as HTTP basic authentication with user ID and password, as well as WS standard mechanisms to enable authentication at the higher SOAP message level. SOAP message level authentication is suited to the specific authentication requirements for WS access and also enables you to use strong SOAP message authentication mechanisms, such as XML signatures, for inbound and outbound WS communication.

The AS ABAP WS framework enables you to use authentication mechanisms that are based on the WS Security standard, driven by the Organization for the Advancement of Structured Information Standards (OASIS). You can configure the use of authentication for consuming and providing Web services for the SAP NetWeaver application platform at the HTTP transport level or at the SOAP message level.

Implementation Considerations

To use a WS, a WS Consumer initiates a transaction with a WS provider using the Simple Object Access Protocol (SOAP). The WS consumer can be a system that is configured to consume a specific WS from the WS provider. The SOAP transaction request can be transported over the Internet using the HTTP protocol.

For HTTP transport level authentication, the authentication credentials are transported in the HTTP header for the WS message. Using this transport level for authentication, you can use some of the authentication and SSO mechanisms supported for Web based access, for example logon tickets for WS authentication. In addition, with the AS ABAP you can use HTTP level authentication with username and password and SSO with X.509 certificates, where the configured mechanisms use the corresponding authentication infrastructures for Web-based access.

Web service messages, however, may travel over any number of connections and potentially traverse many intermediaries. To support this decoupled interaction, point-to-point and connection-oriented authentication at the HTTP transport level alone can be insufficient or inappropriate.

Therefore, SAP NetWeaver also enables you to use authentication at the SOAP message level, or document level authentication, where the authentication credentials are transported in the SOAP header for the WS message. The document level authentication mechanisms supported by SAP NetWeaver are based on the WS Security standard and enable you to use WS authentication and SSO according to the specific security requirements for WS communication.

Features

You can use the configuration tools for the underlying technology stacks of SAP NetWeaver to configure the use of supported mechanisms for WS authentication. The available configuration options enable you to use authentication for providing and consuming Web services both at the HTTP transport and at the SOAP document level.

For more information about relevant security considerations when using the supported WS authentication mechanisms, see:

      HTTP transport level authentication

      SOAP document level authentication

Configuration

For more information about configuring the use of WS authentication for SAP NetWeaver components, see Single Sign-On for Web Services.

 

End of Content Area