This blog is about the configuration of Web Service Security (WSS) between the Cloud Integration  SOAP adapter and the SAP Process Orchestration (SAP PO) SOAP adapter.

It is the prerequisite for any subsequent step that a successful Web Service call is made from Cloud Integration (acting as Web Service Consumer) to SAP PO (acting as Web Service Provider). To enable WSS, the public certificates must be exchanged between the systems. You use the settings below to enable WSS within the adapters.

WSS Settings in SAP PO

In our example, we use an Integrated Configuration running on an SAP PO 7.31 release. Take a look at the settings below on the Inbound Processing tab:

WSS Settings in Cloud Integration

In Cloud Integration, a SOAP receiver channel must be configured. The value for Message Protocol must be SOAP 1.x. The target address has the following structure:

https://<host>:<port>/XISOAPAdapter/MessageServlet?senderService=<senderService>&interface=<interface>&interfaceNamespace=<interfaceNamespace>

The placeholders for host, port, senderService, interface and interfaceNamespace must be adapted. In this example, the address must be as follows:

https://<host>:55001/XISOAPAdapter/MessageServlet?senderService=AVT_SENDER&interface=OneWay_Out&interfaceNamespace=http://hci.sap.com/interop

The settings on the WS-Security tab must be:

Note: In case you have the Message Exchange Pattern request-response, the public certificate of the private certificate, which is used by SAP PO to sign the response message, must be added to the system.jks of Cloud Integration. Otherwise the message is rejected.