cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAMANAGER - WS security option

Former Member

on ‎07-17-2015 1:58 PM

0 Kudos

Dear guru,

i'm working with SAP web service technology. I build twe web service:

  • 1 WS consumer starting from WSDL file
  • 1 WS provider starting from WSDL file

Both services are up and running.

From security point of view i have a tricky requirement: both the WS must respect these features:

  1. transport channel security: http (not SSL required) with http login (userID and password)
  2. message security: WS secuirty is needed (WS username token: WS user and and password via soap header)

For the first point: no problem, i've been able to set up http login as requested.

After a lot of trials (changing security setting in SOAMANAGER and in ABAP WS definition - see enclosed pictures) , i didn't find out how to set up the WS security in addition to the http login security setting. It seems that the two security setting cannot be activated together.

For example, for the consumer WS, i'd like to obtain a message like the one attached to the message (sample.xml) where the WS credentials are passed via SOAP header. On the other hand, for the WS provider, i'd like to configure the security setting in order SAP can handle the WS security authentication check.

Any suggestion?

Thanks in advance

KR

Fabrizio

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎08-19-2015 3:58 PM
0 Kudos

Ehy guru,

no one ever tried to configure a web service provider with ws security (header security) to accept message payload like this:



<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema">


<S:Header>


<wsse:Security S:mustUnderstand="1">


<wsu:Timestamp xmlns:ns15="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">


<wsu:Created>2015-08-18T16:00:17Z</wsu:Created>


<wsu:Expires>2015-08-18T16:05:17Z</wsu:Expires>


</wsu:Timestamp>


<wsse:UsernameToken xmlns:ns15="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="uuid_ecbd28b7-4fb5-45e4-9054-6fd8ee5ba598">


<wsse:Username>xxxxxx</wsse:Username>


<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>


</wsse:UsernameToken>


</wsse:Security>


</S:Header>


<S:Body>


.....


</S:Body>


</S:Envelope>

KR

Fabrizio Gemma

Show replies
Show replies
Jelena
Active Contributor
‎08-20-2015 11:49 PM
0 Kudos

First and foremost - never start the question on SCN with "dear guru". It's a sure way to get your question ignored.

You can't have different security level for the same web service, as far as I recall. Whenever we required different security we created different web services.

Not sure if it's an ABAP question though, you might want to check in the Basis forum for more up-to-date information.

Ask a Question