Configuring WS-Security UsernameToken and WS-SecureConversation (Symmetric Connection Creation)

Context

This procedure provides a detailed process of all necessary steps to secure Web Services with SecureConversation and to set up the authentication of the users using user name and password. This example uses two AS ABAP systems and individual SOA Manager configuration.

Procedure

1. Set up the trust relationship between the
   systems so that the provider trusts the consumer and the consumer trusts the provider.

   More information:

   • Encryption

     • Preparing
       the WS Consumer AS ABAP for Encryption

     • Exporting
       an Encryption Certificate for the WS Provider AS ABAP

2. In the SOA Manager of the provider, on the Business
   Administration tab page, choose the Single
   Service Administration link.

   1. Find the service that is to be accessed using the UsernameToken and for which you now want to define an end point.

   2. Select the service in the list of search results and choose Apply
      Selection.

   3. On the Configurations tab
      page, choose the Create
      Service button.

   4. In the dialog box, specify the name of the new service, its description, and the name of the end point (binding name, such as UN_SC_SYMM), and choose Copy
      settings.

   5. Scroll down, to specify the options for security at transport and message levels on the Provider
      Security tab page.

   6. Under Transport
      Guarantee, select the Symmetric
      message signature/encryption radio button, and check the SecureConversation checkbox,
      and under Authentication
      Method, under Authentication
      at Message Level, check the User
      ID and Password.

   7. Save your entries.

   8. On the Overview tab
      page, use the input help to select the end point defined above. Choose the linkDisplay
      WSDL URL for Selected Binding.

   9. Enter the name and password of the user that has access authorization for the WSDL document.

3. In the SOA Manager of the consumer, on the Business
   Administration tab page, choose the Web
   Service Administration link.

   1. Find the consumer proxy that is to be used to access the service end point, and for which you want to define a logical port.

   2. Select the consumer proxy in the list of search results and choose Apply
      Selection.

   3. On the Configurations tab
      page, choose the Create
      Log. Port button.

   4. Specify the following in the dialog box:

      • The name of the new service

      • The name of the logical port and its description

      • For configuration type, select the WSDL-Based
        Configuration button

      • Under WSDL access settings, select the Via
        HTTP Access radio button

      • Under WSDL location, copy the URL that you called for the WSDL document in the provider to the field URL
        for WSDL Access:.

      • WSDL access user: the same user as in the provider

      • WSDL access user password: the same password as in the provider

      • Choose the Copy
        settings button.

   5. Scroll down.

   6. In the User
      Name field, specify the user name, and in the Password field,
      specify the password of the user that has access to the WSDL URL.

   7. In the Encryption
      Certificate field, specify the encryption certificate of the provider that you imported above.

   8. Save your entries.