cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WebService basic userid,pwd authentication with in SAP Landscape.

Go to solution
Former Member

on ‎08-23-2011 1:53 AM

0 Kudos

Dear Friends,

I really appreciate If you could help in the following scenario,that would be really awesome help..

Background:

-

1. We have webservice set up in ECC6.0

2. We need to call the same webservice from consumer abap proxy in CRM within the same SAP landscape .

3. we want to use basic user/pwd authentication to implement between webservice PROVIDER and consumer abap proxy (webservice client)

Help needed:

-

What steps are needed to configure secure suthentication in SAP in the view of both provider, consumer , where to configure the user id / pwd authentication and how.

Note: We are not using PI in the middle, it is a direct sap to sap system communication .

Thanks and Regards.

Suraj.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-23-2011 11:40 AM
0 Kudos

Hi Suraj,

Please try and do some research before you post questions. Forum users are much more willing to help if they can see that the person put some effort into resolving the query themselves before posting a question.

First go to link below:

[http://help.sap.com/saphelp_nw70/helpdata/EN/47/3a989cbcef2f35e10000000a1553f6/frameset.htm]

Configure (or Check if the services are already configured for basic auth) the Provider Web Services on ECC 6.0 for Basic Authentication:

Web Services --> SOA Manager --> Configuring a Service Provider (ECC)

Generate the Consumer Proxy on CRM:

Web Services --> Consuming a Web Service --> Abap Proxy Generation --> Generating Proxies

Configuring a Consumer/Client Proxy (Logical Port):

Web Services --> SOA Manager --> Configuring a Consumer Proxy

Regards, Trevor

Show replies
Show replies
Former Member
‎08-27-2011 4:02 PM
0 Kudos

Hi Traver,

Really appreciate your immediate answer it is helpfull , Thanks lot, can you please some provide some more details about configuring user id , passward for the provider websevice for authentication. so that when webservice client pass user id/password it will be validated against the userid/password we set in configuration. what are the other configurations we need to do for basic authentication, I could not find any detailed steps

I am requesting for help only for authentication configuration.

Really appreciate your immediate help.

Thanks and Regards.

Suraj.

Former Member
‎08-29-2011 2:24 PM
0 Kudos

Hi Suraj,

Just setup a service user in ECC 6.0 as you normally create new users for ECC. Add the necessary authorization roles (WEBSERVICE) as required - search SAP Help for webservice authorization roles. You might need some additional roles added to the user for specific business functionality that was enabled through the webservice you've enabled on ECC. When you do the SOAMANAGER config for the ECC service, select the Basic Auth option.

When you configure the logical port on the consumer side, specify the user + pass that you've setup in ECC. At runtime, when the consumer proxy is executed, the user + pass credentials that you've specified in the logical port will be passed through to the provider for authentication (provided you specify the same logical port as the default port).

Regards, Trevor

Former Member
‎08-31-2011 10:39 AM
0 Kudos

Hi Traver,

Thanks lot for the immediate response, It is very helpfull answer, appreciate it.

My last clarification is, once we created a new Service User (myUser) in ECC for webservice (MyService) authentication , In ECC side Inorder to say use this new service user (MyUser,pwd) to webservice (ex: MyWebservice) , so that from webservice client pass the user myUser, Pwd (via logical port) that would be validated in ECC.

basically I am asking the authentication user assignment for service in ECC.

Webservice Name --> baisc auth user

MyService --> myUser

password

I tried to give this in SICF for my service, SAP System not allowing there, even though there is provision to enter user id, password for myService.

Really appreciate your immediate help and answer.

Thanks again.

Suraj.

Former Member
‎08-31-2011 10:55 AM
0 Kudos

Hi Suraj,

I'm sure if I understand your question fully but for the bits I understand:

- Create service user (with pwd) on ECC.

- Launch SOAMANAGER on ECC and configure your service for basic auth (that's all, you don't need to specify the user & pwd on ECC - even in SICF).

- Launch SOAMANAGER on CRM, search for your consumer proxy (you would have already generated using the ECC provider WSDL). Add, configure and set as default a logical port for your consumer proxy. Part of the logical port configuration is specifying a user & pwd, use the one that you setup on ECC for this.

This way, when you execute the consumer proxy and because you set this logical port (with user & pwd) as the default for the consumer proxy, these login credentials will be passed through to ECC for authentication. Then you will see either an authentication failure (if login credentials passed are invalid), a deserialization error from the ECC system if authentication is successful but data being passed from CRM to ECC is not valid (formats) OR a business error from the ECC webservice (if authenication is successful) if there is some added validation there. Or maybe even a success message if all goes well...

Regards, Trevor

Former Member
‎09-02-2011 12:04 PM
0 Kudos

Thanks lot Traven, really appreciate your immediate help and response. It is more clear now.

1.One last clarification , do you mean, when consumer proxy passes user id, password (via logical port), is that to login to webservice for authentication?

2.So provider webservice /WS Runtime checks whether the user,pwd sent by consumer proxy exists or not in SAP? If exists the webservice call will be success other wise authentication fail?

Can you please make me understand the above two points, we will be done with it.

Thanks Again Traver.

Have a great weekend.

Suraj.

Former Member
‎09-02-2011 12:48 PM
0 Kudos

Hi Suraj,

Question 1:

The user + pwd combination (in the logical port) grants the consumer (service) access to the ECC Web Application Server. So authentication is at Web AS level and not per specific web service. This means that (depending on what additional authorization roles you specify for this user) this user + pwd combo could potentially have access to other web services on ECC. So choose user + pwd + roles and how you convey this to the consumer carefully. This is also a very "low" security option (hence it's called "basic authentication"), i.e. these details are not protected over the network and you could probably catch it with a basic network sniffer. So if your user + pwd combo is correct, you are granted Web AS access but this does not necessarily translate to the web service's successful execution...See question 2 for more...

Question 2:

So (after question 1) you've now been granted Web AS access. The WS Runtime will then do an authorization (does the user have the necessary SERVICE roles) check to execute web services. Once that is passed, depending on the business function being exposed as a service, there might be additional authorization checks to see if the user is able to execute what is being requested from a business perspective. So there are technical and business authorization checks.

If all of that is passed, then you have a success.

Regards, Trevor

Former Member
‎09-08-2011 2:41 PM
0 Kudos

Thanks much Traver, really appreciate your fentastic help. I am clear now.

Hatts off to your knowledge. I am really blessed with it.

One more help needed from you, I need to create classification systems in an hierarchical manner and assign the services to classifications in service registry.

I tried to find out, but could not find step by step procedure in SDN, and also need to Enable discovery of service from development environment.

Really appreciate if you could put some light into it.

ex:

In Service Registry, classification hierarchy as follows

ORM

SCM

SalesOrder

Service Name (assigned service)

like that I have to create multi hierarchical classfications .

What tools are help full from developmet environment to search services using classification as search parameters.

Thanks in Advance.

Suraj.

Answers (0)

Ask a Question