Hierarchy
SAP_GWFND (Software Component) SAP Gateway Foundation⤷
OPU-FND-CS (Application Component) IWF Common Services⤷
/IWFND/COF (Package) GW Framework - Configuration
IMG Activity
| ID | /IWFND/WSS_SETUP | Configure Web Service Message-Based Authentication |
| Transaction Code | /IWFND/50000065 | (empty) |
| Created on | 20100114 | |
| Customizing Attributes | /IWFND/WSS_SETUP | Configure Web Service Message-Based Authentication |
| Customizing Activity | /IWFND/WSS_SETUP | Configure Web Service Message-Based Authentication |
Document
| Document Class | SIMG | Hypertext: Object Class - Class to which a document belongs. |
| Document Name | /IWFND/IMG_WSS_SETUP |
Use
When you use message or SOAP document level authentication for Web service access, the authentication credentials of the Web service consumer are transported in the header of the SOAP envelope using authentication token profiles (SAML Token Profile).
This activity runs the report WSS_SETUP, which allows you to enable message security.
This report is used once in the provider system to activate message authentication (SAML authentication). You must run the report after system setup. Otherwise, the user DELAY_L_<SID> and its password will not exist. A logon to a Web service provider would then fail with 401 header error. its password will not exist. A logon to a Web service provider would then fail with 401 header error.
The procedure for the Web service consumer to access the Web service provider using the ICF is as follows:
- The Web service authenticates itself with a SAML token.
- The ICF cannot evaluate the SOAP authentication in the document; instead, it requires HTTP authentication. Therefore, it uses the DELAY_L_<SID> user and password stored in the ICF for authentication.
- The Web service provider evaluates the SAML token. If the user and password matches, it replaces the DELAY_L_<SID> user with the user specified in the SAML token.
Requirements
Standard settings
Activities
- Click on the activity icon. This will open report WSS_SETUP.
- Select the following security options:
Field Explanation
ICF Node Update Select this checkbox to check and, if necessary, repair the DELAY_L_<SID> user in all ICF nodes. This may be necessary if the DELAY_L_<SID> user has been locked or changed, or if its password has been changed.
Provider Configuration Select this checkbox if you want to use WS Secure Conversation. This is a dedicated service required to obtain the SecureContentToken.
Algorithm Suite Select an algorithm suite. If your groupware supports sha256 encryption, you should select an algorithm containing sha256 (for example, Basic256Sha256Rsa15).
Clock Skew Specify the tolerance value to compensate for time difference between the consumer and provider system.
Detect message replays Select this checkbox to detect and prevent Web service messages that are being called repeatedly.
SAML 1.1 Trust Select Use SAML Trust here.
Test Run Select this checkbox to test the report execution without making actual changes to the system.
- Choose Execute to run the report and configure the system.
For more details on using this activity, see the topic Message-Based Authentication with WS-Security on the SAP Library at http://help.sap.com/SAPHELP_NW04s/helpdata/EN/c0/d809a4e0bf493b9aed84c6912a1759/frameset.htm.
Example
Business Attributes
| ASAP Roadmap ID | 204 | Establish Functions and Processes |
| Mandatory / Optional | 1 | Mandatory activity |
| Critical / Non-Critical | 1 | Critical |
| Country-Dependency | A | Valid for all countries |
Maintenance Objects
| Maintenance object type | C | Customizing Object |
| Assigned objects | ||||||
|---|---|---|---|---|---|---|
| Customizing Object | Object Type | Transaction Code | Sub-object | Do not Summarize | Skip Subset Dialog Box | Description for multiple selections |
| IMGDUMMY | D - Dummy object | /IWFND/WSS_SETUP |
History
| Last changed by/on | SAP | 20110315 |
| SAP Release Created in | 100 |
