Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WS_AAE Adapter - SAML

former_member182290
Participant
‎06-02-2016 1:59 PM

In this blog we will see how to configure WS_AAE adapter (Sender) for SAML.

WS_AAE Adapter supports SAML 1.1 - Sender Vouches

For more information please refer below links to get head around SAML (old but good one)

http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/com.sap.nw.wpc.runtime.docs/media/streamingmedia/ev...

Single Sign on for Web Services - Security and Identity Management - SCN Wiki

You would have three different role players in a Web Services SSO with SAML scenario:

  • WS Consumer - User authenticates at the Token Issuer (STS) and requests a SAML Token with the WS-Trust protocol. Uses its private key to create a signature over the SAML Token and the message body
  • STS (Token Issuer) -Token Issuer authenticates the User and issues a SAML Token in the response to the WS Consumer with the WS-Trust protocol
  • WS Provider - To confirm the WS Consumer identity, WS Provider verifies the signature and compares the identity information in the SAML Token with the identity information of the WS Consumer’s Public Key certificate

Sender Vouches

*Source - SIM 207  (link)

In this scenario we will configure SOAP UI which plays WS Consumer and STS Role and SAP PO plays WS Provider Role.

https://www.soapui.org/soapui-projects/ws-security.html#3-Outgoing-WS-Security-configurations

Follow below steps to establish trust relationship between WS Consumer (Soap UI) and WS Provider (PO)

  • Generate Key Pair for SOAP UI (soap UI support JKS key store format) ( You can use any key generation tool keystore-explorer)
  • Export Public Key Certificate
  • Import the Public Key Certificate into NWA - Configuration - Certificates and Keys - WebServiceSecurity  (Key storage View)

Setting Up soapUI to generate SAML Token (STS) and Sign the SAML Token and Message (WS Consumer)

  • Create a SoapUI Project
  • Create WS Security Configuration
    • Select your project and right click, select “Show Project View” from context menu
    • Select "WS-Security Configuration" Tab
      • Import Key Store (jks) file with key pair (* you need to enter the keystore password) .

                             

      • Select "Outgoing WS-Security Configuration" Tab and click on "+"

                                 

      • Enter a Unique name

                                     

                                         

      • Click on "+" and add sequence of configuration steps

                                        1. Timestamp (optional)

                                        2. SAML

                                        3. Signature

                                           

                                             

                                                 

      • Configure Authorization for the project

                                                     

                                                         

                                                           

                                                              Done with SoapUI configuration

  • Create a PO scenario with WS_AAE sender adapter
      • Configure sender communication channel

                       

                           

        

Once you done with configuration of ICO , you are ready to test

end point for soapUI : https://<host name>:<port>/WSAdapter/<Custom Endpoint Address>


Configuring the Sender WS Adapter - Advanced Adapter Engine - SAP Library


25 Comments
Labels in this area
Popular Blog Posts