cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict access to ServiceProvider in SOAMANAGER

Former Member
0 Kudos

Hi

May not be correct place for SOAMANAGER questions, but there are little activity in the Web Service forum.

Requirement: We have set up a ServiceProvider proxy in SOAMANAGER. Our requirement is that the server that call our endpoint should provide a client SSL certificate for this purpose. We also want no other server/user to be able to connect to this particular endpoint, i.e. we somehow need to specify that only this server's certificate is allowed to make a successful call.

Is that possible in SOAMANAGER? I can't see any place where we can relate a specific certificate to a specific service endpoint as a filter.

Is there somewhere else we can configure this? It should be a valid question as we risk that any external server with it's certificate stored in our STRUST can call our service...

Thank you

regards Ole

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Ole,

Please refer to the following link. Same should apply for SOAMANAGER:

http://scn.sap.com/thread/1271276

Best Regards

H.

Former Member
0 Kudos

Hi & thanks!

IP Filtering is not possible on a web service level as I see it. Yes, we can filter IPs in our firwall or load balancer, but there will still be many other applications etc that can call the service as they are allowed in our network and may identify themselves properly on the backend system.

What we need is to be able to say that only this particular user and/or only this particular certificate is allowed to use this particular service.

PS: PI is not used in this scenario.

regards Ole

Former Member
0 Kudos

Hi Ole,

I understood that PI is not part of the scenario. However I am pretty sure that SOAMANAGER also does not provide the possibility to restrict the IPs calling the service. This should be filtered via firewall or web proxy.

However when you are talking about a user: You could implement that the web service needs to be accessed via user, for this please refer to:

http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/ac469337a24845e10000000a421138/content.htm

Best Regards

Harald

Former Member
0 Kudos

Hi

Yes, BasicAuthentication is a functionality, but as with certificates, you cannot specify one particular user to be used - you are just saying that a user/password must be provided. Any of the users in the ECC system may be used.

regards Ole