Configuring WS-Security UsernameToken and WS-SecureConversation (Symmetric Connection Creation)

Context

This procedure provides a detailed process of all necessary steps to secure Web Services with SecureConversation and to set up the authentication of the users using user name and password. This example uses two AS ABAP systems and individual SOA Manager configuration.

Procedure

1. Set up the trust relationship between the systems so that the provider trusts the consumer and the consumer trusts the provider.

   More information:

   • Encryption

     • Preparing the WS Consumer AS ABAP for Encryption

     • Exporting an Encryption Certificate for the WS Provider AS ABAP

2. In the SOA Manager of the provider, on the Business Administration tab page, choose the Single Service Administration link.

   1. Find the service that is to be accessed using the UsernameToken and for which you now want to define an end point.

   2. Select the service in the list of search results and choose Apply Selection.

   3. On the Configurations tab page, choose the Create Service button.

   4. In the dialog box, specify the name of the new service, its description, and the name of the end point (binding name, such as UN_SC_SYMM), and choose Copy settings.

   5. Scroll down, to specify the options for security at transport and message levels on the Provider Security tab page.

   6. Under Transport Guarantee, select the Symmetric message signature/encryption radio button, and check the SecureConversation checkbox, and under Authentication Method, under Authentication at Message Level, check the User ID and Password.

   7. Save your entries.

   8. On the Overview tab page, use the input help to select the end point defined above. Choose the linkDisplay WSDL URL for Selected Binding.

   9. Enter the name and password of the user that has access authorization for the WSDL document.

3. In the SOA Manager of the consumer, on the Business Administration tab page, choose the Web Service Administration link.

   1. Find the consumer proxy that is to be used to access the service end point, and for which you want to define a logical port.

   2. Select the consumer proxy in the list of search results and choose Apply Selection.

   3. On the Configurations tab page, choose the Create Log. Port button.

   4. Specify the following in the dialog box:

      • The name of the new service

      • The name of the logical port and its description

      • For configuration type, select the WSDL-Based Configuration button

      • Under WSDL access settings, select the Via HTTP Access radio button

      • Under WSDL location, copy the URL that you called for the WSDL document in the provider to the field URL for WSDL Access:.

      • WSDL access user: the same user as in the provider

      • WSDL access user password: the same password as in the provider

      • Choose the Copy settings button.

   5. Scroll down.

   6. In the User Name field, specify the user name, and in the Password field, specify the password of the user that has access to the WSDL URL.

   7. In the Encryption Certificate field, specify the encryption certificate of the provider that you imported above.

   8. Save your entries.