SAP PI/PO
XMLDSig
Increases security of communication by adding XML Digital Signature (XMLDSig) to XML messages
Highlighted features
XMLDSig Adapter Module adds digital signature (XMLDSig) to XML messages in SAP PI/PO system. The messages are signed with X.509 private key stored in AS Java Keystore. X.509 public certificate is always attached to the message, so that the signature can be easily validated by a receiver.
DEMO VERSION
TRY IT NOW!
Download the demo version and check if the Adapter Module fulfills your requirements.
Limitations: The demo version works only with the provided demo certificate (demo.p12 included in the zip archive, password: indevo).
Installation
The solution is delivered as an Adapter Module EAR file (Enterprise Application Archive).
Extract EAR file from the provided ZIP archive and deploy it into your SAP PI/PO system as described in the guide.
You’ll need SAP NetWeaver Developer Studio (NWDS, version >= 7.31) or access to SUM (Software Update Manager) to deploy the solution into your system.
SYSTEM REQUIREMENTS
SAP PI/PO
version >= 7.31
System JDK
version >= 1.6 (Java 6)
Usage
- Import the required Certificate and Key (X.509) into AS Java Key Storage as described here (for the demo version, import the PKCS#12 file included in ZIP archive: demo.p12, password: indevo).
- Open a receiver Communication Channel in either NWDS or Integration Directory in Change Mode
- Switch to Module(s) tab
- Add XMLDSig module before the standard CallSapAdapter module: enter XMLDSig as Module Name, select Local Enterprise Bean as Type and enter a Module Key (e.g. dsig)
- Specify the parameters in Module Configuration section (see Parameters section below for details)
- Save and Activate your changes
Parameters
keystoreView (required) – the name of the View in AS Java Keystore where X.509 private key and pubic certificate are stored
keystoreEntry (required) – the name of the Entry Keystore View storing the private key/public certificate pair.
canonicalizationMethodURI (optional) – URI of an algorithm used to generate the canonical form of a given XML document (see W3C Canonical XML for more details).
Possible canonicalization algorithms:
(*) – default option
| Algirithm Name | Algorithm URI |
|---|---|
| Canonical XML (without comments) | http://www.w3.org/TR/2001/REC-xml-c14n-20010315 |
| Canonical XML with comments (*) | http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments |
| Exclusive Canonical XML (without comments) | http://www.w3.org/2001/10/xml-exc-c14n# |
| Exclusive Canonical XML with comments | http://www.w3.org/2001/10/xml-exc-c14n#WithComments |
digestMethodURI (optional) – URI of an algorithm used to calculate the digest of an XML document.
Possible digest algorithms:
(*) – default option
| Algirithm Name | Algorithm URI |
|---|---|
| SHA1 (*) | http://www.w3.org/2000/09/xmldsig#sha1 |
| SHA256 | http://www.w3.org/2001/04/xmlenc#sha256 |
| SHA384 | http://www.w3.org/2001/04/xmldsig-more#sha384 |
| SHA512 | http://www.w3.org/2001/04/xmlenc#sha512 |
signatureMethodURI (optional) – URI of an algorithm used to sign an XML document
Possible signature algorithms:
(*) – default option
| Algirithm Name | Algorithm URI |
|---|---|
| RSA_SHA1 (*) | http://www.w3.org/2000/09/xmldsig#rsa-sha1 |
| DSA_SHA1 | http://www.w3.org/2000/09/xmldsig#dsa-sha1 |
| HMAC_SHA1 | http://www.w3.org/2000/09/xmldsig#hmac-sha1 |
| RSA_SHA256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 |
IMPORTANT
The available algorithms depend on your AS Java System configuration and Security Providers installed in your system. Please check if the required algorithm is supported by your AS Java System.
Licensing and pricing
The license is granted per company. You can install the tool on any number of SAP PI/PO systems owned by your company.
Please contact us for individual quotation if you’d like to acquire more than 1 license.