Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

User authentication for SOAP service

Hi,

Currently we are developing a SOAP to RFC scenario for our client. We will receive the request from a website and process the data and send back the response to the website itself. We have successfully implemented the interface, but the source system owners are not happy with enclosing the username and password in the URL itself. They feel it as a security threat to enclose the username and password in it. Currently we have provided the url in the below format,

https://hostname:port/XISOAPAdapter/MessageServlet?channel=:Businesssystem:CommunnicationChannel&nosoap=true&sap-user=username&sap-password=password

Is there anything that could be done, so that we don't have to provide the username and password in the URL. Also they mentioned that they don't have a provision like the SOAP UI tool to enter the username and password in their system, where they can only pass the URL. The source application uses Java for their development.

Kindly help me on this.

Former Member
replied

Well, it is strange what you are saying. I have successfully tested it in SOAP UI without the credentials in the Aut tab, just with the HTTP Header. Please refer to this blog I have created on this topic in the meantime to check if your configuration is correct:

A closer look at SOAP Sender authentication

I have included a screenshot from SOAP UI there, to help you with this verification.

Greg

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question