Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WEBAS ABAP 7.0 as Webservice provider with X.509 based authentification

Go to solution
Former Member

‎12-19-2008 8:01 AM

0 Kudos

Hello,

We are using SAP WEBAS ABAP 7.0 (no J22EE stack available).

I have exposed some RFC Function Modules as Webservices, and these are accessible using https and username/password.

A new requirement is now to use X.509 based authentification.

Is it possible to use certificate based authentification with WebAS ABAP 7.0?

Is there any documentation around explaining the client side (non SAP Axis based clients)?

Thanks

Matthias

1 ACCEPTED SOLUTION

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎12-26-2008 6:47 PM

0 Kudos

> 

> Hello,
> We are using SAP WEBAS ABAP 7.0 (no J22EE stack available).
> 
> I have exposed some RFC Function Modules as Webservices, and these are accessible using https and username/password.
> 
> A new requirement is now to use X.509 based authentification.
> 
> Is it possible to use certificate based authentification with WebAS ABAP 7.0?
> 
> Is there any documentation around explaining the client side (non SAP Axis based clients)?
> 
> Thanks
> 
> Matthias

Are you referring to "network / protocol level authentication" or "message-based authentication"?

For the first one, the X.509 certificates are used for (mutual) SSL authentication (keyword: "client certificate authentication").

For the latter one, the X.509 certificate is used to digitally sign (or encrypt) the SOAP message (or parts of it) - keywords: "X.509 Token", "WS-Security".

4 REPLIES 4

Go to solution
Former Member

‎12-19-2008 8:12 AM

0 Kudos

Yes, this is possible. You'll have to install the SAP Crypto Lib and, then using STRUST, import keys and certificates. You'll have to configure/monitor HTTPS using SMICM. I hope these pointers are enough to get you started.

The SAP Crypto Lib stores its keys in the database and files (both!). If this isn't good enough, you'll have to use the SECUDE library to be able to store the keys in a HSM.

Go to solution
Former Member
In response to Former Member

‎12-19-2008 1:04 PM

0 Kudos

Hi,

One more point : The X509 client certificate authenticates you with only the ICM. You also need to make a mapping between the client certificate and an abap user to be able to run your web service.

Look in help.sap.com to find out the name of the custo table.

Regards,

Olivier

Go to solution
Former Member
In response to Former Member

‎12-23-2008 11:20 AM

0 Kudos

Ok, I forgot that (I also skipped a lot of other details btw ;). You have to use SM30 to change the view VUSREXTID. External ID type is "DN".

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎12-26-2008 6:47 PM

0 Kudos

> 

> Hello,
> We are using SAP WEBAS ABAP 7.0 (no J22EE stack available).
> 
> I have exposed some RFC Function Modules as Webservices, and these are accessible using https and username/password.
> 
> A new requirement is now to use X.509 based authentification.
> 
> Is it possible to use certificate based authentification with WebAS ABAP 7.0?
> 
> Is there any documentation around explaining the client side (non SAP Axis based clients)?
> 
> Thanks
> 
> Matthias

Are you referring to "network / protocol level authentication" or "message-based authentication"?

For the first one, the X.509 certificates are used for (mutual) SSL authentication (keyword: "client certificate authentication").

For the latter one, the X.509 certificate is used to digitally sign (or encrypt) the SOAP message (or parts of it) - keywords: "X.509 Token", "WS-Security".