XMLDSig for SAP PI/PO

Increases security of communication by adding XML Digital Signature (XMLDSig) to XML messages

Highlighted features

XMLDSig Adapter Module adds digital signature (XMLDSig) to XML messages in SAP PI/PO system. The messages are signed with X.509 private key stored in AS Java Keystore. X.509 public certificate is always attached to the message, so that the signature can be easily validated by a receiver.

Keystore Integration

Store your private keys and X.509 certificates securely in AS Java Keystore

Customization

Configure the module to use any of the digest and signature methods supported by your SAP AS Java System

No Programming Required

Add a digital signature to your message in just few minutes in Integration Builder

Easy Installation

Just deploy XMLDSig Adapter Module into your system to start using it!

DEMO VERSION

TRY IT NOW!​

Download the demo version and check if the Adapter Module fulfills your requirements.

Limitations: The demo version works only with the provided demo certificate (demo.p12 included in the zip archive, password: indevo).

Installation

The solution is delivered as an Adapter Module EAR file (Enterprise Application Archive).

Extract EAR file from the provided ZIP archive and deploy it into your SAP PI/PO system as described in the guide.

You’ll need SAP NetWeaver Developer Studio (NWDS, version >= 7.31) or access to SUM (Software Update Manager) to deploy the solution into your system.

System requirements

SAP PI/PO
version >= 7.31

System JDK
version >= 1.6 (Java 6)

Usage

  1. Import the required Certificate and Key (X.509) into AS Java Key Storage as described here (for the demo version, import the PKCS#12 file included in ZIP archive: demo.p12, password: indevo).
  2. Open a receiver Communication Channel in either NWDS or Integration Directory in Change Mode
  3. Switch to Module(s) tab
  4. Add XMLDSig module before the standard CallSapAdapter module: enter XMLDSig as Module Name, select Local Enterprise Bean as Type and enter a Module Key (e.g. dsig)
  5. Specify the parameters in Module Configuration section (see Parameters section below for details)
  6. Save and Activate your changes

Parameters

keystoreView (required) – the name of the View in AS Java Keystore where X.509 private key and pubic certificate are stored

keystoreEntry (required) – the name of the Entry Keystore View storing the private key/public certificate pair.

canonicalizationMethodURI (optional) – URI of an algorithm used to generate the canonical form of a given XML document (see W3C Canonical XML for more details).

Possible canonicalization algorithms:
(*) – default option

Algirithm NameAlgorithm URI
Canonical XML (without comments)http://www.w3.org/TR/2001/REC-xml-c14n-20010315
Canonical XML with comments (*)http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
Exclusive Canonical XML (without comments)http://www.w3.org/2001/10/xml-exc-c14n#
Exclusive Canonical XML with commentshttp://www.w3.org/2001/10/xml-exc-c14n#WithComments

digestMethodURI (optional) – URI of an algorithm used to calculate the digest of an XML document.

Possible digest algorithms:
(*) – default option

Algirithm NameAlgorithm URI
SHA1 (*)http://www.w3.org/2000/09/xmldsig#sha1
SHA256http://www.w3.org/2001/04/xmlenc#sha256
SHA384http://www.w3.org/2001/04/xmldsig-more#sha384
SHA512http://www.w3.org/2001/04/xmlenc#sha512

signatureMethodURI (optional) – URI of an algorithm used to sign an XML document

Possible signature algorithms:
(*) – default option

Algirithm NameAlgorithm URI
RSA_SHA1 (*)http://www.w3.org/2000/09/xmldsig#rsa-sha1
DSA_SHA1http://www.w3.org/2000/09/xmldsig#dsa-sha1
HMAC_SHA1http://www.w3.org/2000/09/xmldsig#hmac-sha1
RSA_SHA256http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

Licensing and pricing

The license is granted per company. You can install the module on any number of SAP PI/PO systems owned by your company.
Please contact us for individual quotation if you’d like to acquire more than 1 license.