Skip to Content
author's profile photo Former Member
Former Member

PI connecting to WS using Kerberos


From PI we are supposed to connect to a web service using kerberos authentication.

We have not found much information regarding a "how-to" on this. Maybe you could help?

-> Do we use SOAP or WS adapter?

-> If WS adapter, what authentication method do we use?

-> If SOAP adapter, we assume it is "Axis" message protocol, but what authentication method do we use? Certificate?

-> Any other things we have to be aware of when configuring Kerberos authentication?


regs S

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Posted on Sep 09, 2011 at 02:35 PM

    Use SOAP adapter. Regarding authentication use certificate. I think you can use both Axis or plain SOAPadapter for authentication (Depends on the end system requirement).

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member


      Thank you!

      Still I am not sure if this is the whole solution - don't we have to configure anything in PI, only provide a certificate?

      Do we have to provide 2 interfaces, one towards the Active Directory and one towards the service?

      I have searched notes and forums, but there is no resource explaining the steps needed in PI, only how to configure java stack etc, so that is why I'm asking if a certificate should be enough.

  • Posted on Oct 29, 2011 at 03:43 PM


    Kerberos authentication is not supported for SOAP Web Serices with the WS Adapter neither as consumer nor as provider.

    Wheter it's possible with SOAP Adapter? I don't know for sure but I doubt it will work.

    If it would be supported you would't need to specify any certificate. The whole trust setup (you usually do this by exchanging certificates) would be based on the fact that the application server where the ABAP runs on is part of o kerberos realm (e.g. MS Active Directory Domain). So the trust setup has already been done on operating system level.

    What other authentication options instead of Kerberos are available on the provider side?



    Edited by: Mathias Essenpreis on Oct 29, 2011 5:47 PM

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.