Adapters Running on the Integration Server

There are two adapters that run on the Integration Server:

·        The IDoc adapter

The IDoc adapter translates between XI messages and IDoc calls, which rely on the tRFC protocol.

·        The Plain HTTP adapter

The Plain HTTP adapter handles HTTP requests, in which the XI message header data is transported using URL parameters, and the HTTP body only contains the message payload.

The following table summarizes the security-relevant aspects of both adapters:

IDoc Adapter

Plain HTTP Adapter

Underlying protocol

tRFC

Inbound and outbound connections should be secured by Secure Network Communication (SNC).

HTTP

Inbound and outbound connections should be secured by Secure Sockets Layer (SSL).

Inbound configuration

Connection and user must be defined in RFC destination of type 3 from sender IDoc system to Integration Server.

User must have role SAP_XI_APPL_SERV_USER on Integration Server.

HTTP sender must use URL <host>:<port>/sap/xi/adapter_plain and a corresponding HTTP logon procedure of AS-ABAP.

User must have role SAP_XI_APPL_SERV_USER on Integration Server.

Outbound configuration

Connection and user must be defined by a channel of type IDoc in the Integration Directory. The channel must reference an SM59 destination from the Integration Server to the receiver IDoc system.

User must have the corresponding IDoc and application authorizations in the receiver IDoc system.

Connection and user must be defined by a channel of type HTTP in the Integration Directory.

User authentication and anonymous logon are possible.

If authenticated, user must have appropriate authorizations in the receiver system.

For a detailed description of how to configure SSL for the Adapter Engine, see HTTP and SSL.