on 07-17-2015 1:58 PM
Dear guru,
i'm working with SAP web service technology. I build twe web service:
Both services are up and running.
From security point of view i have a tricky requirement: both the WS must respect these features:
For the first point: no problem, i've been able to set up http login as requested.
After a lot of trials (changing security setting in SOAMANAGER and in ABAP WS definition - see enclosed pictures) , i didn't find out how to set up the WS security in addition to the http login security setting. It seems that the two security setting cannot be activated together.
For example, for the consumer WS, i'd like to obtain a message like the one attached to the message (sample.xml) where the WS credentials are passed via SOAP header. On the other hand, for the WS provider, i'd like to configure the security setting in order SAP can handle the WS security authentication check.
Any suggestion?
Thanks in advance
KR
Fabrizio
Ehy guru,
no one ever tried to configure a web service provider with ws security (header security) to accept message payload like this:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<S:Header>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns15="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
<wsu:Created>2015-08-18T16:00:17Z</wsu:Created>
<wsu:Expires>2015-08-18T16:05:17Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:ns15="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns14="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns13="http://www.w3.org/2003/05/soap-envelope" wsu:Id="uuid_ecbd28b7-4fb5-45e4-9054-6fd8ee5ba598">
<wsse:Username>xxxxxx</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</S:Header>
<S:Body>
.....
</S:Body>
</S:Envelope>
KR
Fabrizio Gemma
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
First and foremost - never start the question on SCN with "dear guru". It's a sure way to get your question ignored.
You can't have different security level for the same web service, as far as I recall. Whenever we required different security we created different web services.
Not sure if it's an ABAP question though, you might want to check in the Basis forum for more up-to-date information.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.