In this blog Post, I am going to explain NTLM authentication for windows based web-services and the steps required for configuration and connectivity using SOAP axis adapter (Receiver channel in my use case)
What is NTLM ?
In a windows network NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product..
What is NTLM authentication Protocol?
Windows Challenge/Response (NTLM) is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems. NTLM uses an encrypted challenge/response protocol to authenticate a user without sending the user’s password over the wire.
From SAP PI/PO perspective, Customer will provide us the user credentials and will let us know if the end server supports authentication types NTLM version 1 or 2.
In the use case taken in consideration , Requirement was to post data from SAP S4 hana into MIcrosoft server with authentication type as NTLM via NAV webservice..
I will not talk about the sender configuration and mapping as it is not in the scope of this blog.
Configurations in SOAP axis receiver adapter :
Before moving to actual Channel configuration , I will explain few terminologies:
Handler : The handler is a basic processing component in Axis. Each handler must implement interface.axis.Handler or alternatively simply extend the org.apache.axis.handlers.BasicHandler
class that partially implements this interface.
The handler : java:com.sap.aii.adapter.axis.ra.transport.http.ApacheHTTPClientSender is used as it supports NTLM v2 authentication.
For enabling usage of this handler , we have to follow steps to create SDA file using SDA maker and deploy on server. The steps are described in the SAP note : 2062567 – Integration of Apache HttpClient library in the PI Axis adapter and 1028961 – How to prepare axisproviderlib.sda for Adapter Framework. For more information on Module configuration , we can check in FAQ-axis adapter available on SAP launchpad.
If you open XI Axis Adapter Message Servlet (http://<system_host>:<system_port>/XIAxisAdapter/MessageServlet), you can find information about the links from which the needed Axis framework and additional components can be downloaded. The following components are basis for the Axis Framework and are mandatory to present.
Testing : PreliminaryTesting can be done using wireshark tool to check if authentication is successful.
In this way , Integration with Microsoft server using NTLM authentication is possible using the new handler from Apache added in SOAP axis adapter.