01-22-2009 8:05 PM
Hi experts,
We have some webservices exposed in SAP WEB AS and we need to ensure that only authorized users can call these services, from a wide range of .NET and J2EE applications. One of our requirements is never send userid and password to consume the service, so we need to send some kind of certificate.
We have been studing the use o SAML to make this, but anybody knows how to make it work? Which configurations we must make? Consider two scenarios:
a. A .NET application deployed in a IIS consumes a service exposed in a SAP WEBAS
b. A J2EE application deployed in a Weblogic Server consumes a service exposed in SAP WEBAS.
Thanks in advance,
Haroldo
01-23-2009 9:14 AM
Hi,
If you use a netweaver 7.0 abap stack as a web service provider, you have to configure authentication and security from SOAMANAGER.
Do a search on help.sap.com with SAML ans SOAMANAGER as keywords.
Be careful to read OSS notes because this part of netweaver changes a lot with Support Packages levels.
I think this is still a work in progress but it is supposed to work.
I've not yet tried it. Good luck !
If you succeed to make it work, please inform us.
Regards,
Olivier