Hi,
is it possible to customize the processing of inbound WS Security tokens in AS ABAP?
Using a Web Service engine in Java based systems there are often plug points where custom code can be called in order to
- extract a security token from a message
- process the security token (e.g. validate / verify the token)
- log on the user (using JAAS)
This would allow things such as custom WS Security tokens or identity assertion.
I am particularly looking for a way for identity assertion: Assume a Web Service provided would be able to validate trust between itself and a caller (e.g. by a username and password in a signed Username token). The provider can allow the trusted callee to assert an identity under which the provider code is to be executed. This is happening in SAML or when using X.509 certificates over an SNC connection, however, I have no idea how I would achieve the same using custom security tokens or a second Username token in the same message ....
Any thoughts?
Jens