Authentication of a WS Client Using a SAP Logon Ticket

Similar documents
Using Business Graphics

SAP Composite Application Framework. Creating a Content Package Object

Integrating a Web Service in a Composite Application. SAP Composite Application Framework

SAP Composite Application Framework. Creating an External Service type Callable Object in Guided Procedures

How To Set up NWDI for Creating Handheld Applications in SAP NetWeaver Mobile 7.1

SAP NetWeaver How-To Guide

How To Recover Login Module Stack when login to NWA or Visual Administrator is impossible

What s New / Release Notes SAP Strategy Management 10.1

How to Use Function Keys in Mobile Applications for Handhelds

How to Install SAP Netweaver 2004s ABAP Edition on Your Local PC

Install TREX for CAF Version 1.00 March 2006

How To... Reuse Business Objects and Override Operations of a Business Object

How To... Configure Integrated Configurations in the Advanced Adapter Engine

Web Dynpro for ABAP: Tutorial 4 - Display Bookings of Selected Flight

Simplified Configuration of Single System Update in Maintenance Optimizer

How To...Configure Integration of CUP with SPM

How To... Promote Reports and Input Schedules Through Your System Landscape

Setting Up an Environment for Testing Applications in a Federated Portal Network

Creating Your First Web Dynpro Application

SAP Composite Application Framework. Creating a Callable Object in Group: Miscellaneous

Do Exception Broadcasting

How To... Master Data Governance for Material: BADI USMD_SSW_SYSTEM_METHOD_CALLER to create successor change request

SAP BW 3.3 April 2004 English. General Ledger Analysis. Business Process Procedure. SAP AG Neurottstr Walldorf Germany

How to Create a New SAPUI5 Development Component

Configure SSO in an SAP NetWeaver 2004s Dual Stack

SAP NetWeaver How-To Guide

How To... Master Data Governance for Material: BADI USMD_SSW_PARA_RESULT_HANDLER to merge result of parallel workflow tasks

How-To... Add Sensitive Content into an Area

configure an anonymous access to KM

MDM Syndicator Create Flat Syndication File

How To Generate XSD Schemas from Existing MDM Repositories

SOA Security Scenarios: WebAS Java, Message Level Security with no Transport Guarantee

Web Dynpro for ABAP: Tutorial 5 Component and Application Configuration

How To...Use a Debugging Script to Easily Create a Test Environment for a SQL-Script Planning Function in PAK

How to Upgr a d e We b Dynpro Them e s from SP S 9 to SP S 1 0

Enterprise Portal Logon Page Branding

Consuming Web Dynpro components in Visual Composer.

SAP NetWeaver How-To Guide How to use Process Execution Manager Using SAP Test Data Migration Server

A Step-By-Step Guide on File to File Scenario Using Xslt Mapping

How To Develop a Simple Web Service Application Using SAP NetWeaver Developer Studio & SAP XI 3.0

Forwarding Alerts to Alert Management (ALM)

How to Work with Analytical Portal

How to Set Up and Use the SAP OEE Custom UI Feature

Visual Composer - Task Management Application

How to Browse an Enterprise Services Registry in Visual Composer

How to Package and Deploy SAP Business One Extensions for Lightweight Deployment

How to Set Up Data Sources for Crystal Reports Layouts in SAP Business One, Version for SAP HANA

SAP NetWeaver How-To Guide. SAP NetWeaver Gateway Virtualization Guide

SAP Centralized Electronic Funds Transfer 1.8

How To Configure the Websocket Integration with SAP PCo in SAP MII Self Service Composition Environment Tool

How To Troubleshoot SSL with BPC Version 1.01 May 2009

How To... Master Data Governance for Material: File Down- and Upload

link SAP BPC Excel from an enterprise portal Version th of March 2009

Transport in GP. How-to Guide Beginning with SAP NetWeaver 2004s SPS06. Version 2.00 January 2006

Installation Guide Business Explorer

How to Set Up and Use the SAP OEE Custom KPI Andons Feature

How To Configure IDoc Adapters

Web Page Composer anonymous user access

How To Customize the SAP User Interface Using Theme Editor

Cache Settings in Web Page Composer

Introducing SAP Enterprise Services Explorer for Microsoft.NET

SAP GRC Access Control: Configuring compliant user provisioning (formerly Virsa Access Enforcer) into CUA Systems

Configure UD Connect on the J2EE Server for JDBC Access to External Databases

How To Extend User Details

How To Integrate the TinyMCE JavaScript Content Editor in Web Page Composer

How to View Dashboards in the Self Service Composition Environment with Additional Metadata

Extract Archived data from R3

Visual Composer Build Process

SAP NetWeaver 04 Security Guide. Operating System Security: SAP System Security Under Windows

Data Validation in Visual Composer for SAP NetWeaver Composition Environment

Create Partitions in SSAS of BPC Version 1.00 Feb 2009

Quick Reference Guide SAP GRC Access Control Compliant User Provisioning (formerly Virsa Access Enforcer): HR Triggers

Exercise 1: Adding business logic to your application

Configure TREX 6.1 for Efficient Indexing. Document Version 1.00 January Applicable Releases: SAP NetWeaver 04

How To... Configure Drill Through Functionality

How To... Use the BPC_NW Mass User Management Tool

Integrate a Forum into a Collaboration Room

Access Control 5.3 Implementation Considerations for Superuser Privilege Management ID-Based Firefighting versus Role-Based Firefighting Applies to:

How To...Custom BADI for rounding off values in SAP BUSINESSOBJECTS Planning and Consolidation, version for SAP NetWeaver.

How to Translate a Visual Composer Model Part I

Installing a Patch for Portal Platform 6.0 on Web AS 6.40 SAP NetWeaver 04

Single Sign-on For SAP NetWeaver Mobile PDA Client

How-to Guide SAP NetWeaver 04. Web Dynpro Themes. Version Applicable Releases: SAP NetWeaver 7.0

Use the J2EE SOAP Adapter

How to Set Up and Use Electronic Tax Reporting

SDN Contribution HOW TO CONFIGURE XMII BUILD 63 AND IIS 6.0 FOR HTTPS

Setup an NWDI Track for Composition Environment Developments

R e l ea se 6. 20/

How To Enable Business Workflow for SAP NetWeaver Gateway 2.0

SAP - How-To Guide MDG Custom Object Data Replication How to Configure Data Replication for MDG Custom Objects (Flex Option)

Use Business Objects Planning and Consolidation (version for the Microsoft platform) BPF services in Xcelsius

Sizing for Guided Procedures, SAP NetWeaver 7.0

Building a Tax Calculation Application

Building a Composite Business Process from Scratch with SAP NetWeaver BPM Guide 2

Create Monitor Entries from an update routine

The test has been performed using a 64 Bit SAP NetWeaver Application Server Java 7.1 Enhancement Package 1 SP4 or greater system.

Create Monitor Entries from a Transformation routine

How to Use Definitions in Rules Composer

SAP ME Build Tool 6.1

Advanced Input Help - The Object Value Selector (OVS)

Transcription:

Authentication of a WS Client Using a SAP Logon Ticket Release 650 HELP.BCWEBSERVICES_TUTORIALS

SAP Online Help 04.04.2005 Copyright Copyright 2004 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iseries, pseries, xseries, zseries, z/os, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, and Informix are trademarks or registered trademarks of IBM Corporation in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden. SAP, R/3, mysap, mysap.com, xapps, xapp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. Authentication of a WS Client Using a SAP Logon Ticket 650 2

SAP Online Help 04.04.2005 Icons in Body Text Icon Meaning Caution Example Note Recommendation Syntax Additional icons are used in SAP Library documentation to help you identify different types of information at a glance. For more information, see Help on Help General Information Classes and Information Classes for Business Information Warehouse on the first page of any version of SAP Library. Typographic Conventions Type Style Example text Example text EXAMPLE TEXT Example text Example text <Example text> EXAMPLE TEXT Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Cross-references to other documentation. Emphasized words or phrases in body text, graphic titles, and table titles. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER. Authentication of a WS Client Using a SAP Logon Ticket 650 3

SAP Online Help 04.04.2005 Authentication of a WS Client Using a SAP Logon Ticket... 5 Importing Projects... 6 Configuring the Logical Port for Use of Logon Tickets... 7 Configuring the Client Generating a SAP Logon Ticket... 10 Exporting the Certificate Used for Generating the Ticket... 12 Authentication of a WS Client Using a SAP Logon Ticket 650 4

SAP Online Help 04.04.2005 Authentication of a WS Client Using a SAP Logon Ticket Task In this tutorial, you will learn based on a predefined project all the development steps required to configure an existing Web service in such a way that it authenticates itself to the Web service provider via a SAP logon ticket. The predefined Web service CreditCheck is to be used. The Web service CreditCheck offers the simple function of checking the credit-worthiness of a customer on the basis of the customer number. If a customer number between 1001 and 1005 is passed, the credit limit of the customer is returned. Otherwise a message informs you that no corresponding customer exists. The client uses a jsp application to simulate a simple sales portal. If a customer makes an order, the system uses the corresponding customer number to check whether the sum of the order is within the credit limit of that customer. This check is carried out using the Web service CreditCheck. Since an SAP logon ticket is always issued for one specific user, the client application is configured in such a way that an authentication via user name and password is required. To learn how to configure servlets and jsp applications, refer to Integrating Security Functions. Objectives By the end of this tutorial, you will be able to:! Authenticate an existing Web service client to the Web service provider using a SAP logon ticket. Prerequisites You can call the Web service CreditCheck if you have worked through the tutorial Creating a User Authentication Using Logon Tickets or deployed the solution EAR file on a J2EE Engine. You can access the SAP J2EE Engine using the Visual Administrator. Systems, Installations, and Authorizations You have installed the SAP NetWeaver Developer Studio and configured it for use of the SAP J2EE Engine. Knowledge You understand the functioning of a JSP Web service client, for example, by reading the topic Creating a Client JavaServer Page. Next Step: Importing Projects [Seite 6] Authentication of a WS Client Using a SAP Logon Ticket 650 5

... SAP Online Help 04.04.2005 Importing Projects The following projects are available for this tutorial: Deployable proxy project CreditLimitCheckProxy (the proxy used for the Web service CreditLimitCheck) WEB project CreditLimitCheckWeb (the Web service consumer) EAR project CreditLimitCheckWebEAR (for deploying the Web project) The projects are available in the form of a ZIP file and can be downloaded here. Procedure Importing Projects into the SAP NetWeaver Developer Studio 1. Download the ZIP file and save it to any directory on your local hard disk or directly in the work area of the SAP NetWeaver Developer Studio. 2. Unpack the ZIP file. 3. Start the SAP NetWeaver Developer Studio. 4. Import the projects CreditLimitCheckProxy, CreditLimitCheckWeb, and CreditLimitCheckEAR and open the J2EE Explorer in the J2EE deployment perspective. Result Once you have imported the project into the Developer Studio, the following structure is displayed in the J2EE Explorer. Authentication of a WS Client Using a SAP Logon Ticket 650 6

SAP Online Help 04.04.2005 Next Step: Configuring the Logical Port for Use of Logon Tickets [Page 7] Configuring the Logical Port for Use of Logon Tickets A logical port contains the configuration of the client-side SOAP runtime environment, such as the URL or the security settings of a Web service. If you want to access a Web service using a proxy, this is done via a logical port. Every logical port corresponds to a configuration of the Web service as offered by the Web service provider. To be able to create a logical port, you first require a Web service definition. The latter can be obtained using the overview page of a Web service, for example. However, it can also be imported from the local file system or a UDDI registry. This section explains based on an existing proxy - how to create a logical port and access it from within the application. When using SAP logon tickets, you do not have to provide detailed information for the authentication - for example, the entry of user name and password or the selection of a specific certificate. The Ticket is always issued for the user who is logged on. This means, this authentification type allows the configuration at design time. Additional settings - for example, for the Visual Administrator - are not necessary, Authentication of a WS Client Using a SAP Logon Ticket 650 7

... SAP Online Help 04.04.2005 Prerequisites You have ensured that your Workbench proxy settings are the same as those in your Intranet. Check these settings in the Developer Studio by choosing Window Preferences Workbench Proxy Settings. The structure of your projects CreditLimitCheckProxy, CreditLimitCheckWeb, and CreditLimitCheckWebEar is currently displayed in the J2EE Explorer. Procedure Creating and Using Logical Ports 1. Call the Web service homepage of the Web service CreditCheck. The link to the Web service definition can be found under the heading WSDL. Copy this link to your clipboard and return to the SAP NetWeaver Developer Studio. 2. Choose New Logical Ports from the context menu for the node CreditLimitCheckProxy com.sap.demo.proxy.creditchecklocalproxy Logical Ports. 3. In the dialog box WSDL URL, insert the link from the clipboard and confirm by choosing OK. The logical port TICKETPort_Document appears in your project hierarchy. If the specified logical port should not appear, check whether you are using the Web service definition of the correct Web service. Also, note the prerequisites for this tutorial. 4. Open the file CreditLimitCheck.jsp by double-clicking the node CreditLimitCheckWeb web.xml CreditLimitCheck.jsp. Select the Source tab (bottom left in your preview pane) to display the source text. 5. Search for the following statement in the source code: CreditCheckViDocument port = (CreditCheckViDocument) obj.getlogicalport("noneport_document", CreditCheckViDocument.class); 6. Replace the statement with: CreditCheckViDocument port = (CreditCheckViDocument) obj.getlogicalport("ticketport_document", CreditCheckViDocument.class); The Web service consumer now uses the logical port TICKETPort_Document, which accesses a configuration of the Web service that requires authentication via a SAP logon ticket. Authentication of a WS Client Using a SAP Logon Ticket 650 8

......... SAP Online Help 04.04.2005 7. Save your changes. Configuring the Logical Port for Use of SAP Logon Tickets 1. Open the new logical port by double-clicking the node CreditLimitCheckProxy com.sap.demo.proxy.creditlimitcheckproxy Logical Ports TICKETPort_Document. A window containing the properties of the logical port appears. 2. Select the Security tab. The security settings are displayed. 3. Select HTTP Authentication as the Authentication and activate the option Use SAP Logon Ticket. Leave the remaining settings unchanged and save your changes. Deploying the Changed Web Service and Proxy 1. Choose Build EAR from the context menu for the project CreditLimitCheckProxy and deploy the file CreditLimitCheckProxy CreditLimitCheckProxy.ear on the J2EE Engine. 2. Regenerate the files CreditLimitCheckWeb.war and CreditLimitCheckWebEar.ear by choosing Build WEB Archive or Build Application Archive from the context menus for the projects CreditLimitCheckWeb and CreditLimitCheckWebEar and deploy the file CreditLimitCheckWebEAR.ear on your J2EE Engine. Result You have created a new logical port called TICKETPort_Document and have made it accessible by deploying the proxy on the J2EE Engine. The Web service client is now configured in such a way that it uses the port TICKETPort_Document and uses a SAP logon ticket to logon to the Web service provider. Next Step: Creating, Signing, and Exporting the Client Certificate [Extern] Authentication of a WS Client Using a SAP Logon Ticket 650 9

... SAP Online Help 04.04.2005 Configuring the Client Generating a SAP Logon Ticket The Web service proxy tries to logon to the Web service provider using the SAP logon ticket but does not generate the ticket itself. The proxy can only transfer an existing ticket. You must configure the client application so that it issues a logon ticket for the user at the user s logon. Prerequisites The structure of your projects CreditLimitCheckWeb and CreditLimitCheckWebEar is currently displayed in the J2EE Explorer. Procedure Adjusting the Logon Configuration of the Client Application 1. Double-click the node CreditLimitCheckWeb web-j2ee-engine to display the various settings of the WEB project. 2. Activate the Security tab in the dialog box which opens on the right. The security settings of the project are displayed. 3. In the tree structure Security roles, select the entry login configuration. Enter CreditLimitCheck in the field Security policy domain (on the right). Leave the other fields unchanged. 4. Choose Add below the tree structure. A new entry <new login module> is displayed. Change the name by entering BasicPasswordLoginModule in the field Name (on the right). Select optional as the Priority. 5. Select the entry login configuration again and choose Add again. 6. Enter the name CreateTicketLoginModule for the new login module and enter sufficient under Priority. Authentication of a WS Client Using a SAP Logon Ticket 650 10

SAP Online Help 04.04.2005 7. Save your changes. 8. Regenerate the files CreditLimitCheckWeb.war and CreditLimitCheckWebEar.ear by choosing Build WEB Archive or Build Application Archive from the context menus for the projects CreditLimitCheckWeb and CreditLimitCheckWebEar and deploy the file CreditLimitCheckWebEAR.ear on your J2EE Engine. Result If you call the client application CreditLimitCheck, you need to logon using the user name and password in case you have not done it before. After a successful logon, an SAP logon ticket is generated for this user. Next Step: Configuring the Web Service Client for Securing the Server Identity [Extern] Authentication of a WS Client Using a SAP Logon Ticket 650 11

... SAP Online Help 04.04.2005 Exporting the Certificate Used for Generating the Ticket An SAP logon ticket is generated using an X 509 certificate. Before the certificate can be checked by the Web service provider for its actual origin and its trustworthiness, it must be exported from the client s system to be made available for the providing system. Procedure If the Web service and its client are located on the same SAP J2EE Engine, this step is not necessary. The SAP J2EE Engine automatically accepts SAP logon tickets it has issued itself. Exporting the Certificate 1. Start the Visual Administrator and log on to the SAP J2EE Engine that contains your Web service. 2. Select the node <SID> - Server - Services Key Storage and activate the tabs Runtime (top) and Data (bottom) in the right window. 3. Select the entry TicketKeystore in the Views area and the entry SAPLogonTicketKeypaircert under Entries. 4. Choose Export in the area Entry (bottom right) and, in the dialog box that appears, save the certificate as a crt file in your file system. Result The certificate used for generating the SAP logon ticket can now be made available for the Web service provider. This allows the provider to check the ticket for authentity and trustworthiness. If the system of the Web service provider is already configured appropriately, you can now test the client application. The tutorial Creating a User Authentication Using Logon Tickets shows you how to configure the Web service for user authentication using a SAP logon ticket. Note that after a successful logon to the Web service provider, you act as the user for which the SAP logon ticket was issued. You can test the client application by calling the URL in your browser. A simple screen for creating orders is displayed. After choosing the Order button, you are requested to enter the Customer Identity Card Number. If you press the Check button, the Web service CreditLimitPrivateLocal is called and the value you entered in the text field is passed. The result is then evaluated and displayed. Note that only data for the customer numbers 1001 to 1005 is displayed. For all other values, a message is displayed stating that no customer was found for that number. Authentication of a WS Client Using a SAP Logon Ticket 650 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback