The Developer's Guide to SAP NetWeaver Security
Description
This practical guide for developers, system integrators, and software architects, describes security technologies in conjunction with SAP NetWeaver Application Server up to and including Release 7.0. In addition to covering the basic principles of Web Service Security, Single Sign-On, SAML, SPML, the book focuses on providing practical exercises and examples to help you establish a profound understanding of the standards used. To accomplish this, a cross-enterprise scenario is used in which system components (based on various technologies) are integrated with each other using different standards (Open Source, Microsoft .NET, J2EE, Legacy). This exclusive sample scenario focuses on key areas of the application layer, such as communication and data security as well as identity management, and it provides readers with numerous screenshots as well as volumes of sample code.
This comprehensive reference enables you to use - and benefit from - open security standards, based on service-oriented architectures (Enterprise SOA).
Highlights include:
Enterprise SOA and Web Services
Security Standards in SAP NetWeaver
Single Sign-On with SAML
Identity Management with SPML
Secure Communication with Web Services Security
More details
Person
Content
2 ... Basic Principles of IT Security ... 23
... 2.1 ... Security and Service-Oriented Architectures ... 24
... 2.2 ... Developing Security Concepts ... 34
... 2.3 ... Basic Security Measures ... 39
... 2.4 ... Public Key Infrastructure ... 49
... 2.5 ... Summary ... 52
3 ... Authentication and Authorization in SAP NetWeaver
Application Server Java ... 53
... 3.1 ... J2EE Application Security ... 54
... 3.2 ... J2EE Security in Practice ... 68
... 3.3 ... Application Security in J2EE Applications Using the
SAP User Management Engine API ... 98
... 3.4 ... Java Authentication and Authorization Service ... 133
... 3.5 ... Summary ... 148
4 ... Single Sign-On ... 151
... 4.1 ... Basic Principles ... 152
... 4.3 ... Intercompany Single Sign-On ... 194
... 4.4 ... Summary ... 287
5 ... Identity Provisioning ... 289
... 5.1 ... Basic Principles ... 289
... 5.2 ... Service Provisioning Markup Language ... 292
... 5.3 ... SPML Support in SAP NetWeaver ... 302
... 5.4 ... Federated Identity Provisioning ... 312
... 5.5 ... Summary ... 333
6 ... Secure Web Services ... 335
... 6.1 ... Architecture ... 335
... 6.2 ... Basic Web Service Standards ... 337
... 6.3 ... Security Standards ... 346
... 6.4 ... Interoperability ... 362
... 6.5 ... Support for Secure Web Services in SAP NetWeaver ... 366
... 6.6 ... Testing and Error Analysis ... 408
... 6.7 ... Enterprise Scenario: Process Automation with
Web Services ... 418
... 6.8 ... Exercise 6: Implementing the Subscenarios with
WS-Security ... 426
... 6.9 ... Summary ... 491
... Appendix ... 495
... A ... Setting Up the Certificate Authority and Key Management
in the Enterprise Scenario ... 497
... A.1 ... Installing the Certificate Authority ... 499
... A.2 ... Creating the SecureSale SSL Key Pair for Apache
Tomcat ... 504
... A.3 ... Setting Up the SSL Server for SecureSale in
SAP NetWeaver Application Server Java ... 507
... A.4 ... Setting Up the SSL Server for SecureShipping in
the SAP NetWeaver Application Server ABAP ... 515
... A.5 ... Creating the CompSOA SSL Key Pair ... 521
... A.6 ... Creating the SecureSale Web Service Key Pairs for
Signatures and Encryption in the SAP NetWeaver
Application Server Java ... 522
... A.7 ... Creating the CompSOA Web Services Keystore ... 526
... A.8 ... Creating the SecureShipping Web Service Key
Pair for Signatures ... 529
... A.9 ... Creating the TrustedBank Web Service Signature
Key Pair ... 531
... B ... Referenced Literature ... 535
... C ... Author ... 539