SOAP Adapter

The SOAP adapter translates between native SOAP messages and XI messages, where the SOAP body is always interpreted as the XI payload. SOAP messages can be secured by using either Web service security (signature only) or S/MIME standards (signature and encryption).

The following table summarizes the security-relevant aspects of the SOAP adapter:

Aspect

SOAP Adapter

Underlying protocol

HTTP

Inbound and outbound connections should be secured by SSL.

Inbound configuration

Configuration in sender channel of type SOAP in Integration Directory.

Messaging user is authenticated by basic authentication or SSL client certificate.

Signature validation or decryption can be activated in the channel configuration, where a security profile (Web service security or S/MIME) must be selected. The J2EE keystore views of the actual certificate for signature validation or decryption are configured in the sender agreement associated with the channel.

Messaging user must have the security role xi_adapter_soap_message in the Adapter Engine.

Outbound configuration

Connection and user must be defined by a receiver channel of type SOAP in the Integration Directory.

Signing or encrypting of the SOAP message can be activated in the channel configuration, where a security profile (Web service security or S/MIME) must be selected. The J2EE keystore views of the actual certificate for signing or encrypting are configured in the receiver agreement associated with the channel.

User authentication and anonymous logon are possible. If authenticated, the user must have appropriate authorizations in the receiver system.

For a detailed description of how to configure SSL for the Adapter Engine see HTTP and SSL. For a description of digital signatures, see Message-Level Security.