Web Services Requests with Authentication against SAP

Owned by Darcy Curtin
Last updated: Mar 09, 2018 by Rakesh
2 min read

Overview

NLINK acts as a Web Services provider and optionally allows authenticating Web Service requests. NLINK can be setup to authenticate against Windows OS (Active Directory) or against an SAP system.

When authentication is done against Windows OS (or Active Directory), the users can be either local or domain users. The credentials are used only to authenticate, they are not used to connect to SAP.  The credentials used to connect to SAP are static and are configured as part of NLINK SAP External System Attributes.

When the credentials used for SAP need to be different based on incoming NLINK Web Services request, the NLINK Web Services External System needs to be setup to authenticate against the SAP system. In this case, the incoming Web Services requests to NLINK are authenticated against SAP system. Once authenticated, the credentials are then also used for SAP calls that occur in the context of that Web Services process in NLINK.

NLINK supports both HTTP and HTTPS based requests.

All Web Services calls to NLINK are stateless. The connection between NLINK and a Web Services client is maintained only for the duration of the call.

Web Services using SAP authentication

When using an SAP-based authentication Web Service, NLINK uses the preconfigured SAP Destination and SAP Client along with the user id and password supplied by the Web Services client to authenticate. The user credentials are requested from the Web Services client as required by HTTP protocol.  If the credentials are valid, only then is the incoming request processed and the corresponding response returned to the caller.

For SAP-based authentication, the user’s SAP language can also be specified. The language for the SAP user can be supplied as the HTTP header “Accept-Language”. The language codes should correspond to the two character (ISO) language code used by SAP. If no language is specified in the incoming Web Services request, then the language code specified in the configured SAP External System Attribute will be used.

The communication between the Web Services client and NLINK can be broken down into following steps:

  1. Initial Web Services request comes to NLINK either via HTTP or HTTPs without credentials.
  2. NLINK responds with HTTP 401 error.
  3. Web service re-sends the request with credentials.
  4. NLINK authenticates and responds to the request. In case of errors SOAP fault is returned.

The steps 1-3 are handled protocol (HTTP) stack used by client, used to illustrate communication. 

Actual request and response payloads (data) depends on the specific implementation and it is not part of this documentation.

When there is a problem authenticating the users, the response from NLINK will depend on settings. NLINK can respond with one of following:

  1. HTTP “500 internal server error” and corresponding SOAP fault with error returned by SAP.
  2. HTTP 403 error, when license limit is exceeded.