XMLDSig for SAP PI/PO
Increases security of communication by adding XML Digital Signature (XMLDSig) to XML messages
Highlighted features
XMLDSig Adapter Module adds digital signature (XMLDSig) to XML messages in SAP PI/PO system. The messages are signed with X.509 private key stored in AS Java Keystore. X.509 public certificate is always attached to the message, so that the signature can be easily validated by a receiver.
Keystore Integration
Store your private keys and X.509 certificates securely in AS Java Keystore
Customization
Configure the module to use any of the digest and signature methods supported by your SAP AS Java System
No Programming Required
Add a digital signature to your message in just few minutes in Integration Builder
Easy Installation
Just deploy XMLDSig Adapter Module into your system to start using it!
DEMO VERSION
TRY IT NOW!
Download the demo version and check if the Adapter Module fulfills your requirements.
Limitations: The demo version works only with the provided demo certificate (demo.p12 included in the zip archive, password !nDEV0).
Installation
The solution is delivered as an Adapter Module EAR file (Enterprise Application Archive).
Extract EAR file from the provided ZIP archive and deploy it into your SAP PI/PO system as described in the guide.
You’ll need SAP NetWeaver Developer Studio (NWDS, version >= 7.31) or access to SUM (Software Update Manager) to deploy the solution into your system.
System requirements
SAP PI/PO
version >= 7.31
System JDK
version >= 1.6 (Java 6)
Usage
- Import the required Certificate and Key (X.509) into AS Java Key Storage as described here (for the demo version, import the PKCS#12 file included in ZIP archive: demo.p12, password !nDEV0).
- Open a receiver Communication Channel in either NWDS or Integration Directory in Change Mode
- Switch to Module(s) tab
- Add XMLDSig module before the standard CallSapAdapter module: enter XMLDSig as Module Name, select Local Enterprise Bean as Type and enter a Module Key (e.g. dsig)
- Specify the parameters in Module Configuration section (see Parameters section below for details)
- Save and Activate your changes
Parameters
keystoreView (required) – the name of the View in AS Java Keystore where X.509 private key and pubic certificate are stored
keystoreEntry (required) – the name of the Entry Keystore View storing the private key/public certificate pair.
canonicalizationMethodURI (optional) – URI of an algorithm used to generate the canonical form of a given XML document (see W3C Canonical XML for more details).
Possible canonicalization algorithms:
(*) – default option
| Algirithm Name | Algorithm URI |
|---|---|
| Canonical XML (without comments) | http://www.w3.org/TR/2001/REC-xml-c14n-20010315 |
| Canonical XML with comments (*) | http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments |
| Exclusive Canonical XML (without comments) | http://www.w3.org/2001/10/xml-exc-c14n# |
| Exclusive Canonical XML with comments | http://www.w3.org/2001/10/xml-exc-c14n#WithComments |
digestMethodURI (optional) – URI of an algorithm used to calculate the digest of an XML document.
Possible digest algorithms:
(*) – default option
| Algirithm Name | Algorithm URI |
|---|---|
| SHA1 (*) | http://www.w3.org/2000/09/xmldsig#sha1 |
| SHA256 | http://www.w3.org/2001/04/xmlenc#sha256 |
| SHA384 | http://www.w3.org/2001/04/xmldsig-more#sha384 |
| SHA512 | http://www.w3.org/2001/04/xmlenc#sha512 |
signatureMethodURI (optional) – URI of an algorithm used to sign an XML document
Possible signature algorithms:
(*) – default option
| Algirithm Name | Algorithm URI |
|---|---|
| RSA_SHA1 (*) | http://www.w3.org/2000/09/xmldsig#rsa-sha1 |
| DSA_SHA1 | http://www.w3.org/2000/09/xmldsig#dsa-sha1 |
| HMAC_SHA1 | http://www.w3.org/2000/09/xmldsig#hmac-sha1 |
| RSA_SHA256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 |
Licensing and pricing
The license is granted per company. You can install the module on any number of SAP PI/PO systems owned by your company.
Please contact us for individual quotation if you’d like to acquire more than 1 license.
