cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAP adapter - digital signature

Former Member

on ‎11-19-2008 4:30 AM

0 Kudos

Hi experts,

I have a scenario from XI sender to SOAP receiver to a webservice.

I want to produce a digital signature on the document going out from SOAP adapter.

I have gone through all blogs they deal just with creation of certificates and sap help says a lot conceptually, but to help me out I was wondering if any of u have done such a scenario..and could any one guide me through it...

Also I came across a few docs dealing with some settings in ABAP side..Im not able to picture the requirement..

does the basis have to do ne thing to ensure XI can produce a digital signature..

I will reaaly glad if ne one could articulate.

Thanks & Regards,

Rupash

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

bhavesh_kantilal
Active Contributor
‎11-19-2008 5:48 AM
0 Kudos

Hello,

In terms of security what are you trying to do?

1. https ; i.e, use SSL?

2. Payload Encryption?

3. Digital Signatures to sign your payload?

Each of these activities have a bunch of common tasks and also their usage in XI varies depending on what you want to achieve.

Regards

Bhavesh

Show replies
Show replies
Former Member
‎11-19-2008 6:33 AM
0 Kudos

Hi Bhavesh,

I want to ensure non repudiation of origin hence i would like to adopt digital signature.

Can i do it using SSL?..but thats just a certificate exchange right?..My SOAP request to the wsdl should be the protagonist..Could u tell me how this could me done..

Also In digital signature..Im not able to get the exact info..how can the entire message be signed..?

Is any coding necessary?....

Thanks & Regards,

Rupash

bhavesh_kantilal
Active Contributor
‎11-19-2008 6:52 AM
0 Kudos

Hello,

For Non -Repudiation of Origin, you would need to,

1. Set up SSL on your j2EE engine (multiple blogs and articles on SDN provide a step by step )

2. If needed, you would need to create a separate key-pair in XI and get it signed by a CA for use for Non Repudiation.

3. Use the private Key of this key pair to sign your SOAP message , you will get the option to provide the Keystore view and name in the requirement Receiver Agreement.

4. Your partner would need the public portion of the key pair and will validate the signature using this public key when the message reaches his end.

regards

Bhavesh

Former Member
‎11-19-2008 7:46 AM
0 Kudos

Thanks Bhavesh,

Appreciate your help, how do i ensure that the receiver can verify the generated signature?..he's on non sap..apache based actually....

is there ne code for it?

on SSL ..when i did the test for connection..it would just display the certificate..server authentication...

and as its not sap receiver..can i still do any authentication..would you suggest some blog for my requirement stated above..cos all blogs i have seen stop at generation of certificates..?

also..I have loved ur blogs..especially the one on receiver JDBC synch call...Y dont u write one some time soon?..

Regards,

Rupash

bhavesh_kantilal
Active Contributor
‎11-19-2008 7:54 AM
0 Kudos

>

how do i ensure that the receiver can verify the generated signature?..he's on non sap..apache based actually....

>

> is there ne code for it?

No. Just as XI in its WAS Java and WAS Abap hasa inbuilt functionality to verify digital signatures, your partner should be able to do the same on his end.

Configuration and set up would be needed depending on how Apache supports digitakl signatures but from your end you just need to provide the public portion of your key to the partner

> on SSL ..when i did the test for connection..it would just display the certificate..server authentication...

> and as its not sap receiver..can i still do any authentication..would you suggest some blog for my requirement stated above..cos all blogs i have seen stop at generation of certificates..?

I didn't understand this portion. Do you mean to say, when you hit the SSL url of your Webservice provider , you are diplayed the certificate and then need to provide Authentication of user name and password?

If yes, then in XI you would need to load the partner public certificate, taken from this url and load it into the TrustedCA's keystore view if it is a self signed certificate. If it is a certificate signed by a Certificate Authority, then you need to make sure that the CA's certificate chain is loaded in the Trusted CA's.

Unfortunately, as this is a topic with too much of breadth, and also as it needs a functional understaning of how security works, I don't think there will be one blog that answers all your questions.

once you get hang of it, its quite simple.

> also..I have loved ur blogs..especially the one on receiver JDBC synch call...Y dont u write one some time soon?..

Thanks for the feedback. Appreciate it. Laziness and myself are best friends and hence no blog (for now )

Regards

Bhavesh

Ask a Question