Configuring Client Keystore for Web Services

Similar documents
Non-SAP Backend System Readiness Check

Creating RFC Destinations

Configuring the Web Service Runtime for ATTP

Configuring the SAP Cryptolibrary on the ABAP Application Server

Development Information Document Version: CUSTOMER. ABAP for Key Users

SAP Workforce Performance Builder 9.5

ATTP Settings for ATTP to ATTP Connection

SAP Enable Now. Desktop Components (Cloud Edition)

SAP Enable Now. System Requirements

SAP Workforce Performance Builder

SAP Workforce Performance Builder 9.5

System Requirements and Technical Prerequisites for SAP SuccessFactors HCM Suite

Afaria Document Version: Windows Phone Enterprise Client Signing

SAP Vora - AWS Marketplace Production Edition Reference Guide

Advanced Reporting in the Online Report Designer Administration Guide

SAP IoT Application Enablement Reuse Components and Templates

Master Guide for SAP HANA Smart Data Integration and SAP HANA Smart Data Quality

Manual 1704 Document Version: SAP SE or an SAP affiliate company. All rights reserved. PUBLIC. SAP Enable Now.

SAP Workforce Performance Builder 9.5

1704 SP2 CUSTOMER. What s New SAP Enable Now

SAP Enable Now. Desktop Assistant

What's New in SAP HANA Smart Data Streaming (Release Notes)

PUBLIC Rapid Deployment Guide

SAP Enable Now What s New. WHAT S NEW PUBLIC Version 1.0, Feature Pack SAP Enable Now What s New. Introduction PUBLIC 1

SAP Pharma Network Onboarding Guide

VERSION 1.0, FEATURE PACK What s New SAP Enable Now

PUBLIC DQM Microservices Blueprints User's Guide

edocument for Hungary Invoice Registration - SAP Cloud Platform Integration Guide (SAP S/ 4HANA Cloud)

Security Information for SAP Asset Strategy and Performance Management

PUBLIC SAP Vora Sizing Guide

CUSTOMER Upgrade: SAP Mobile Platform SDK for Mac OS

ADDITIONAL GUIDES Customer SAP Enable Now System Requirements Customer

Security Guide SAP Supplier InfoNet

Security Information for SAP Asset Strategy and Performance Management

SAP Business One Upgrade Strategy Overview

CUSTOMER SAP Afaria Overview

Standalone Retrofit. Required Steps when Upgrading to SAP Solution Manager 7.2, SP03

SAP Business One Upgrade Strategy Overview

Visual Business Configuration with SAP TM

Deleting SAP HANA Delivery Units and Products

SAP Anywhere Security Guide

Secure Login for SAP Single Sign-On Sizing Guide

edocument for Italy - SAP Cloud Platform Integration Guide

SAP Policy Management, group insurance add-on 1.1

Business Add-Ins (BAdIs) for SD Jam Integration Document Version:

Feature Scope Description Document Version: CUSTOMER. SAP Analytics Hub. Software version 17.09

Starting Guide for Data Warehousing Foundation Components on XSA

Software and Delivery Requirements

Onboarding Guide THE BEST RUN. IMPLEMENTATION GUIDE PUBLIC Document Version:

SAP Business One, version for SAP HANA Platform Support Matrix

How To... Master Data Governance for Material: BADI USMD_SSW_SYSTEM_METHOD_CALLER to create successor change request

SAP Jam add-in for Microsoft Office Outlook Administration Guide and Release Notes

Integrating a Web Service in a Composite Application. SAP Composite Application Framework

SAP Jam Communities What's New 1808 THE BEST RUN. PUBLIC Document Version: August

How to Set Up and Use Electronic Tax Reporting

Automated Java System Post-Copy Configuration Using SAP Landscape Management 3.0, Enterprise Edition

How To... Master Data Governance for Material: BADI USMD_SSW_PARA_RESULT_HANDLER to merge result of parallel workflow tasks

SAP Jam Application Launcher for Microsoft Windows Reference Guide

Demand Management. Job Processing Guide for SAP DM. Release 6.4

Managing Business Rules THE BEST RUN. PLANNING AND DESIGN PUBLIC SAP Global Track and Trace Document Version: Cloud 2018.

What's New in SAP Landscape Transformation Replication Server 2.0 SP13

Enhanced Notification Processing (ENP) in Plant Connectivity 15.1

How To Protect your Intellectual Property

Installing and Updating SAP HANA Products and Software Components

What's New in SAP Landscape Transformation Replication Server 2.0 SP15

Setting Up an Environment for Testing Applications in a Federated Portal Network

SAP Jam for Microsoft Office integration Reference Guide THE BEST RUN

How To... Configure Integrated Configurations in the Advanced Adapter Engine

JCo 3.0 in Web Channel 7.54

SAP Mobile Secure Rapiddeployment. Software Requirements

How To... Master Data Governance for Material: File Down- and Upload

Conditions for Safety Statements

SAP Business One Hardware Requirements Guide

How To...Configure Integration of CUP with SPM

How To Set up NWDI for Creating Handheld Applications in SAP NetWeaver Mobile 7.1

Access Control 5.3 Implementation Considerations for Superuser Privilege Management ID-Based Firefighting versus Role-Based Firefighting Applies to:

SAP Business One Hardware Requirements Guide

How To... Promote Reports and Input Schedules Through Your System Landscape

Service Level Report Dashboard 7.2

SAP Business One Hardware Requirements Guide

Integration between Digital Compliance Service User Interface and esign Application Service Provider User Interface

Promotion Optimization Guide for SAP DM. Demand Management. Release 6.4. Target Audience Business Users

SAP Branch Agreement Origination V3.703: Software and Delivery Requirements

SAP Business One Integration Framework

Server Extension User s Guide SAP BusinessObjects Planning and Consolidation 10.0, version for the Microsoft platform

CLD100. Cloud for SAP COURSE OUTLINE. Course Version: 16 Course Duration: 2 Day(s)

HA240 SAP HANA 2.0 SPS02

How To Recover Login Module Stack when login to NWA or Visual Administrator is impossible

Focused Build for SAP Solution Manager

Quick Guide to Implementing SAP Predictive Analytics Content Adoption rapiddeployment

Strategic Dashboard 7.2

SAP - How-To Guide MDG Custom Object Data Replication How to Configure Data Replication for MDG Custom Objects (Flex Option)

How To... Use the BPC_NW Mass User Management Tool

How To... Reuse Business Objects and Override Operations of a Business Object

Single Sign-On Extensions Library THE BEST RUN. PUBLIC SAP Single Sign-On 3.0 SP02 Document Version:

Configuring Job Monitoring in SAP Solution Manager 7.2

SAP Centralized Electronic Funds Transfer 1.8

SAP NetWeaver How-To Guide

How-To... Add Sensitive Content into an Area

SAP Landscape Transformation Replication Server

Transcription:

Configuration Guide SAP Information Collaboration Hub for Life Sciences Document Version: 1.1 Released to Customer Date: Non-SAP Backend System on SAP Information Collaboration Hub for Life Sciences

Typographic Conventions Type Style Example Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Textual cross-references to other documents. Example EXAMPLE Example Example <Example> EXAMPLE Emphasized words or expressions. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER. 2017 SAP SE or an SAP affiliate company. All rights reserved. 2

Document History Version Status Date Change 1.0 Final 2016-09-07 First release 1.1 Released 2017-09-18 Released to customer with rename to ICHLS (Hub) 2017 SAP SE or an SAP affiliate company. All rights reserved. 3

Table of Contents 1 About This Document... 5 1.1 Purpose and Scope... 5 1.2 Target Audience... 5 1.3 Glossary... 5 1.4 Related Information... 6 2 Introduction... 7 3 Client Keystore... 8 4 Keys Contained in the Keystore... 9 5 Important Disclaimers and Legal Information... 10 5.1 Coding Samples... 10 5.2 Accessibility... 10 5.3 Gender-Neutral Language... 10 5.4 Internet Hyperlinks... 10 2017 SAP SE or an SAP affiliate company. All rights reserved. 4

1 About This Document 1.1 Purpose and Scope This document describes how to establish a client keystore for SAP Information Collaboration Hub for Life Sciences integration. The SAP Information Collaboration Hub for Life Sciences is referred to as the Hub in this document. This document is for non-sap backend systems only. 1.2 Target Audience This document is for the technical implementation team involved in integration and onboarding with the Hub, including: Implementation and integration teams System Administrators Information Security Officers Network Administrators 1.3 Glossary Term Abbreviation Definition Certificate Authority CA Entity that issues electronic documents that verify a digital entity's on the internet. In a Pharma Network integration scenario, any participant provided with a client certificate must be signed by an SAP-Trusted CA. Keystore Self-contained collection of certificates and keys that are actively used in the establishment of connectivity to the Hub Message Level Security MLS Summarizes the security settings that can be applied to protect the content of a message. Depending on the chosen standard, message level security can imply digitally signing or verifying, and 2017 SAP SE or an SAP affiliate company. All rights reserved. 5

Term Abbreviation Definition encrypting and decrypting the content of a message. Onboarding Process of connecting a participant to the Hub. Onboarding covers all tasks necessary to configure the connection and data exchange between a participant system and the Hub. Participant Company or organization that onboards to the Hub Transport Layer Security TLS Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both referred to as SSL, are cryptographic protocols that provide communications security over a computer network. Tenant Represents the resources of the cloud-based integration platform of the Hub allocated to a participant. X.509 Standard for a public key infrastructure (PKI) to manage digital certificates and public-key encryption. Key part of the Transport Layer Security protocol used to secure web and e-mail communication. Web Service Service offered by an electronic device to another electronic device, communicating with each other using the World Wide Web. In the Hub integration scenario, Web Services are the preferred integration method. 1.4 Related Information Introduction to the SAP Information Collaboration Hub for Life Sciences SAP Information Collaboration Hub for Life Sciences Administrator Guide SAP Information Collaboration Hub for Life Sciences Configuration Guides for non-sap backend systems 2017 SAP SE or an SAP affiliate company. All rights reserved. 6

2 Introduction This document assumes that: The server keystore relates to Transport Layer Security (TLS) authentication with the Hub Keys used for Message Level Security (MLS) are stored in a separate keystore 2017 SAP SE or an SAP affiliate company. All rights reserved. 7

3 Client Keystore The client keystore contains the necessary certificates to allow a participant system to authenticate with the Hub. The following figure shows the process. When a participant system makes a web service call to the Hub, the participant system and the Load Balancer in the Hub mutually authenticate. 1. The Load Balancer provides its client certificate to the participant system. 2. The participant system validates the certificate. The participant system has the client certificate stored in its keystore. 3. The Load Balancer validates that the certificate is an X.509 certificate whose root is signed by one of the SAP Trusted Certificate Authorities. 4. Once mutual authentication succeeds, the Load Balancer passes the request and the client certificate of the participant system to the Hub tenant. 5. The Hub authorizes the request. During onboarding, the participant client certificate is persisted to the runtime of the tenant. 2017 SAP SE or an SAP affiliate company. All rights reserved. 8

4 Keys Contained in the Keystore The following table shows details of the relevant keys and certificates, including ownership. Key Owner Format Purpose Client Private Key Participant X.509/SSL The private key is coupled with the corresponding Client Public Key. Client Public Key Participant X.509/SSL The public key is passed during the web service call, so that the Load Balancer can validate the root client certificate, and it is also passed to the tenant for authorization. This key is provided by the participant to the SAP Onboarding Team who add the key to the tenant access control list/runtime. This allows for the authorization step, shown in the above figure. Client Chain and Root Certificates Hub Load Balancer Root Certificate Participant X.509/SSL The keystore must hold the corresponding chain and root client certificates that are provided by the participant s Certificate Authority (CA). SAP X.509/SSL The Load Balancer root certificate is used to validate the SAP Load Balancer. The Load Balancer passes its client certificate to the calling system using the root certificate to validate the incoming SAP Load Balancer certificate. This certificate is provided to the participant during onboarding. 2017 SAP SE or an SAP affiliate company. All rights reserved. 9

5 Important Disclaimers and Legal Information 5.1 Coding Samples Any software coding and/or code lines/strings ("Code") included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended to better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, unless damages were caused by SAP intentionally or by SAP's gross negligence. 5.2 Accessibility The information contained in the SAP documentation represents SAP's current view of accessibility criteria as of the date of publication; it is in no way intended to be a binding guideline on how to ensure accessibility of software products. SAP in particular disclaims any liability in relation to this document. This disclaimer, however, does not apply in cases of wilful misconduct or gross negligence of SAP. Furthermore, this document does not result in any direct or indirect contractual obligations of SAP. 5.3 Gender-Neutral Language As far as possible, SAP documentation is gender neutral. Depending on the context, the reader is addressed directly with "you", or a gender-neutral noun (such as "sales person" or "working days") is used. If when referring to members of both sexes, however, the third-person singular cannot be avoided or a gender-neutral noun does not exist, SAP reserves the right to use the masculine form of the noun and pronoun. This is to ensure that the documentation remains comprehensible. 5.4 Internet Hyperlinks The SAP documentation may contain hyperlinks to the Internet. These hyperlinks are intended to serve as a hint about where to find related information. SAP does not warrant the availability and correctness of this related information or the ability of this information to serve a particular purpose. SAP shall not be liable for any damages caused by the use of related information unless damages have been caused by SAP's gross negligence or willful misconduct. All links are categorized for transparency (see: http://help.sap.com/disclaimer). 2017 SAP SE or an SAP affiliate company. All rights reserved. 10

www.sap.com/contactsap 2017 SAP SE or an SAP affiliate company. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback