Académique Documents
Professionnel Documents
Culture Documents
Topics
Introduction to SAP XI 3.0 System Landscape Directory Integration Repository Integration Directory Monitoring Adapter Framework Business Process Management Server Administration Security B2B and Industry Standards
Security Topics
Recommended setup for inter enterprise connectivity Some pointers for certificate management in the J2EE key store
User Store
Standard: Users are maintained in the ABAP user store Can also be integrated with LDAP based user administration
Certificate Store
XI and RNIF protocols support message level security based on digital signature RNIF protocol also supports encryption The required certificates to be used need to be entered into the key store of the J2EE engine In the Integration Directory these certificates are referred by the name of the key store view and the certificate name
Users
With respect to authentication and authorization, we distinguish two major scenarios. During design and configuration, dialog users communicate through the Integration Builder with XI. At runtime the actors are computer systems rather than humans!
2. At runtime
Dialog Users
Dialog users represent human users that log on through the various UIs of the Integration Builder Dialog users are generally maintained in the ABAP part of the SAP Web AS The roles for the different dialog users are predefined and shipped with the installation
Service Users
Service users provide dialog free access to XI components
Service users have the SAP user roles on the ABAP part of the Web Application Server
XIREPUSER
XIRWBUSER
IntegrationXIISUSER Directory SystemXILDUSER Landscape Directory Business Process Engine Integration Engine Adapter Engine
customer specific copy of XIAPPLUSER
Integration Server
XIAFUSER
XILDUSER
IDocs RFCs
SAP System
File DB JMS
User maintenance Users and roles are maintained via the standard Web AS ABAP user management (SU01) After a short delay, the updated users are automatically replicated to the J2EE engine
UME frontend
XI 1.0 /
XI 2.0
XI 3.0
XI protocol
XI 3.0
RNIF
Message Level Security (for B2B) Signature Data Integrity Non-Repudiation of origin Non-Repudiation of receipt Encryption
P P P
P P P
P
P
WS-Security
(XML-Signature)
Technology
S/MIME
Security Outlook
Availability
Levels of Security Connection Level Security Message Level Security (for B2B) Signature Data Integrity Non-Repudiation of origin Non-Repudiation of receipt Encryption
Focus of future security enhancements for XI
SAP AG 2004, Title of Presentation / Speaker Name / #
XI 1.0 /
XI 2.0
XI 3.0
XI protocol
XI 3.0
RNIF
P P P
P P P
P
P
Message Exchange
In general, the message exchange between business systems can be separated into two communication segments that are treated differently from an authentication and authorization point of view:
HTTP(S)
HTTP(S)
Configuring SSL for message exchange for ABAP and Java are different SSL can also be configured for technical communication like cache updates and respository access in the directory
Application Gateway
External Partners
IS
Proxy
Business Systems
Proxies and application gateways are placed in the outer DMZ providing access control between Internet and internal networks
SAP AG 2004, Title of Presentation / Speaker Name / #
Internet
J2EE engine Pointers for security related configuration Trusted certification authorities on J2EE key store
J2EE engine Pointers for security related configuration Creation of server certificate
J2EE engine Pointers for security related configuration Partners public key in the J2EE key store
J2EE engine Pointers for security related configuration User authentication for the different views created
Further Documentations
SAP Web As Network and Communication Security: This section describes the network and communication security for the SAP Web AS.
SAP Web AS Security Guide for ABAP Technology: This section describes the security aspects involved with the SAP WebAS when using ABAP technology. SAP Web AS Security Guide for J2EE Technology: This section describes the security aspects involved with the SAP WebAS when using Java or J2EE technology.