Secure Transmission

To use a Web service, a user (or other client) sends a document to a server using the Simple Object Access Protocol (SOAP), which is then sent over the network using the HTTP protocol. The transmission of the document can either be secured by using HTTP over SSL, or by signing and/or encrypting the SOAP document using OASIS WS Security.

SSL

For transport security, the SSL Protocol is supported by the SAP Web AS and the Web Service Proxy. In this way, all the data for a Web service call can be transmitted between client and server in an encrypted form.

Design-Time Configuration

?      Web Service

To secure transmission using SSL, select HTTPS as the transport protocol in the WS Deployment Descriptor Editor:

Alternatively, you can proceed to the Web Service Definition, select the feature Transport Guarantee, and choose the value Integrity + Confidentiality.

?      Web Service Proxy

The Web service called by the proxy must support SSL and have a URL starting with https. Besides entering an URL with https:// no further configuration is needed at design time.

Runtime Configuration

?      Web Service

You have to map client certificates to users (see: Using Client Certificates for User Authentication and Managing User Certificates in the Visual Administrator). Make sure that the J2EE Engine has been appropriately configured (see: Configuring the Use of SSL on the SAP J2EE Engine).

?      Web Service Proxy

As part of establishing an SSL connection, the SSL server certificate is returned. By default, all SSL server certificates are trusted. To limit the accepted SSL server certificates to those issued by certain certificate authorities, the certificates of the certificate authorities must be stored in a keystore view (see: Key Storage Service).

In the Visual Administrator, choose the service Web Service Security. Choose the client proxy and select the radio button Accept certificates in keystore view on Transport Security tab.

 

See also:

Configuring Transport Authentication

Configuring Document Authentication