cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Inbound web service calls with Message Level Security via WebDispatcher

santosh_k3
Active Participant

on ‎07-03-2019 8:44 AM

0 Kudos

Hi All,

My requirement is to achieve the message level security for all web service calls(SOAP) that is made by the 3rd party server.

In our landscape we use the web dispatcher between the 3rd party system and SAP PO server.

My query is once we enable the web services security in the SOAP sender channel , which certificates has to be mentioned in the Inbound Processing tab in ICO if we use web-dispatcher in between.

Whether it is 3rd party server certificates or the certificates of the web dispatcher?

which certificate to be shared to 3rd party server ( whether it is PO certificate or web-dispatcher certificate)?

Thanks

Sai

Show replies
Show replies
gaffaransari
Participant
‎07-03-2019 12:47 PM
0 Kudos

Hi,

It depends upon where you terminate the SSL. If you do it on PO then it should be PO certificate otherwise then WD. WD acts as a reverse proxy here.

Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member607993
Contributor
‎07-04-2019 12:05 PM
0 Kudos

Hi Sai,

Usually all external system will have SSL trusted libraries to handle the client certificates and available in most of the resttemplate or soaptemplate to call the API.

For example .jdk jas all has ssl related libraries and If we are using only jre without jdk bundle then we need to manually download and give the Web dispatcher SSL certificates.

In the web dispatcher you need to setup the URL filtering before sharing API contracts to external system(setting up the URI permissions appropriately). Also you can do Session-Stickiness, request identification, high availability with parallel load balancing, HTTPS scheduling, prevention attacks from DDos and XSS. For more details on Web dispatcher you can refer below links:

https://blogs.sap.com/2010/07/29/url-filtering-in-the-sap-icm-and-web-dispatcher/

https://wiki.scn.sap.com/wiki/display/SI/Web+Dispatcher+as+a+URL+filter

https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/48/9ac19148c673e8e10000000a42189b/frameset.h...

Thanks and Regards - Rajesh PS

Show replies
Show replies
ravicarpenter
Active Participant
‎07-04-2019 10:59 AM
0 Kudos

You are mixing web dispatcher with MLS. There is no connection between the 2 i.e. you can have MLS even without web dispatcher. Web dispatcher just serves as reverse proxy. For MLS the messages should be decrypted/encrypted at PO level. This way, all your integration scenario and the artifacts associated with them (keys etc.) reside at a single layer. Imagine, if there are 20 scenarios each having their own key for encryption/decryption.

For validating the message you use partner's public certificate and for decrypting the message you use your own private key (partner would use your public key to encrypt).

Show replies
Show replies
vicky20691
Active Contributor
‎07-03-2019 9:10 AM
0 Kudos

Hi,

The certificates should be of 3rd party to whom you are connecting. WD just masks the URL and it is still internal.

Regards,

Vikas

Show replies
Show replies
Ask a Question