Skip to main content
Skip table of contents

Web Service Configuration

This section walks through the process of using the SOA (service-oriented architecture) in your environment. It involves the following steps:

Activating Web Dynpro in SAP

In order to use SOAMANAGER (or any other WDA application), some SICF services must be activated.  If transaction SOAMANGER does not start:

  1. Proceed according to SAP notes 11245535174841088717, and/or use the report RSICF_SERVICE_ACTIVATION (run for WEB_DYNPRO_ABAP).

  2. Also activate /sap/bc/webdynpro/sap/wdhc_help_center (online help).

  3. For more details, please refer to SAP Online help for RSICF_SERVICE_ACTIVATION.

Creating Logical Port

This section explains how to create a logical port for HaloENGINE Service and HaloENGINE connection in SOAMANAGER. To establish a connection between the HaloENGINE and HaloCORE Add-On, you need to configure the Consumer Proxy as explained below:

SAP System Certificate

At this point, you should have exported the SAP system’s certificate and uploaded it to the HaloENGINE admin portal. When configuring the logical port, be sure to choose the exact same certificate that is exported from SAP to ensure a successful connection.

Methods for creating a logical port

  1. WSDL Based Configuration - Via HTTP Access: The URL that points to the WSDL document for the service. This is the URL for the binding that was generated for the HaloENGINE web service. You need to know the access parameters for the WSDL document.

  2. WSDL Based Configuration - Via File: The system extracts the endpoint URL from the WSDL document. The WSDL document is stored as a file.
    Note: In SAP NetWeaver 7.00 version, creating a logical port via WSDL-Based Configuration (Via HTTP Access and Via File) fails with an error. In that case, you must create the logical port by method #3, "Manual Configuration."

  3. Manual Configuration: You need to know the endpoint URL and configuration settings of the HaloENGINE. Note: In some SAP instances with non-current support package levels, the option "X.509 SSL Client Certificate" is not available for selection. In that case, you must create the logical port using the WSDL, either over HTTP access or by uploading the WSDL file.

Limitations on S/4HANA Environments

The following note only applies to S/4HANA environments when using the 'Via HTTP Access' option to create the logical port.

Basic authentication

After clicking Next on the WSDL Information page, you may see the following error message: "User/password is not set and SSL client PSE cannot be used for http". This is due to the missing login credentials. To resolve it, enter your username in the WSDL Access User and password in the WSDL Access User Password text fields.

Basic Authentication for S4HANA.png

Basic authentication

X509 authentication

When using the X509 authentication option, make sure to select Default in SSL Client PSE and provide the correct URL with https://[FQDN/IP]:[port]/[haloengine_wsdl].

X509 Auth S4HANA.png

X509 authentication

Consumer Proxy List

The proxies are listed in the following table.

Consumer Proxy

Description 

Description

/SECUDESD/CO_AUDIT67

HaloEngineServerMonitorInterface

This service is required to audit and forward log records to HaloENGINE for forwarding to SIEM systems. 

/SECUDESD/CO_CSP67

HaloKProProxyNew

Refer to the section Installation Manual of HaloCORE for DMS.

/SECUDESD/CO_HENG67

HaloEngineProcessInterface

This service is required to classify and process files.

/SECUDESD/CO_SFHENG

HaloEngineStatefulProcessInterface

If the character-based files are downloaded in multiple packages, this service is used to append all the individual packages and do the HaloCORE process to the last file.

Secude consumer proxies

Process Interface

This logical port is mandatory to classify and process files via HaloENGINE.

Proxy name

/SECUDESD/CO_HENG67

WSDL

http://[FQDN/IP]:[port]/haloengine-server/process?wsdl

Process Interface

  1. Call transaction SOAMANAGER.

  2. On the Service Administration tab, click on the Web Service Configuration link.

  3. Search by Object Type - Consumer Proxy and Object Name /SECUDE*.

  4. Press Enter.

  5. The following Secude objects will be listed. Note that the list will also show all Secude objects that are currently available, including both current and older consumer proxies. However, the table below shows the current proxies.

    1_Consumer proxies 67.png

    Secude consumer proxies in SOA

  6. From the listed objects, click the Consumer proxy /SECUDESD/CO_HENG67.

  7. Click Create > WSDL Based Configuration.

    2_WSDL based Configuration 67.png

    WSDL based Configuration

  8. The General Configuration Settings page will appear.

  9. Enter a name and description in Logical Port Name and Description text boxes respectively.  

    3_General Configuration 67.png

    General Configuration Settings #1

  10. Click Next.

  11. From here, you can choose one of the following methods that best suits you.

Method 1: Via HTTP Access 

  1. Click Via HTTP Access. In URL for WSDL Access text box, enter the HTTP address to access your WSDL. For example: http://commoneng.local:8383/haloengine-server/process?wsdl

    4_Method1_Via HTTP Access 67.png

    General Configuration Settings #2

  2. Click Next

  3. In Binding Selection page, click Next. Go to step 5.

Method 2: WSDL Based Configuration - WSDL in a file 

  1. The WSDL Information configuration page will appear:

    5_File_WSDL 67.png

    WSDL in a file

  2. Click Via File, click Browse and select the XML file that was created when deploying the HaloENGINE (C:\Program Files\Secude\Tomcat\webapps\haloengine-server\WEB-INF\haloengine-server-process.wsdl).                   

  3. Click Next.

  4. In the Binding Selection page, click Next

  5. The Consumer Security page will appear:   

    6_File_Consumer Security 67.png

    Consumer Security

    1. For SSL Client PSE of transaction STRUST, you must indicate the correct certificate location (PSE node of the SAP Trust Manager). Make sure that you choose the same certificate that is added to the HaloENGINE admin portal.

    2. Click Next

  6. The HTTP Settings page will appear:

    7_File - HTTP Settings 67.png

    HTTP Settings

    1. In the case of Method 2, details will be generated automatically, however, you must provide the Fully Qualified name of the domain/IP address of the system in the Computer Name of Access URL (Host). Note: Make sure the hostname entered in the field Computer Name of Access URL (Host) on the page Transport Binding must match that stored in the server's certificate. 

    2. Click Next.

  7. The SOAP Protocol page will appear: 

    8_File_WDSL_SOAP Protocol 67.png

    SOAP Protocol

  8. Click Finish.

  9. The logical port is successfully created. Make sure the parameter Message ID Protocol is set to Suppress ID Transfer. If it is not set by default, you must manually configure it.

Method 3: Manual Configuration 

  1. Click Create > Manual Configuration. On the General Configuration page, enter a name and description in the Logical Port Name and Description text boxes, respectively.    

  2. Click Next.

  3. The Consumer Security page will appear:

    9_Manual method 3-Consumer Security page.png

    Consumer Security Page

    1. Click X.509 SSL client Certificate in Authentication Settings.

    2. For SSL Client PSE of transaction STRUST, you must indicate the correct certificate location (PSE node of the SAP Trust Manager). Make sure that you choose the same certificate that is added to the HaloENGINE admin portal.

    3. Click Next.

  4. The HTTP Settings page will appear: 

    10_Manual-HTTP Settings page 67.png

    HTTP Settings Page

    1. In URL Access Path, enter the URL of the HaloENGINE. For addressing the exposed web service use: /haloengine-server/process and for accessing the WSDL over HTTP use: /haloengine-server/process?WSDL

    2. In Computer Name of Access URL (Host), enter the Fully Qualified name of the domain/IP address of the system.

    3. In Port Number of Access URL: select the port 8383/8746

    4. In URL Protocol Information: select the protocol HTTP/HTTPS. Note: If you are communicating with the HaloENGINE over HTTPS, the hostname entered in the field Computer Name of Access URL (Host) must match that stored in the server's certificate. Otherwise, the connection will fail with ICM_HTTP_SSL_ERROR, and the trace file visible in transaction SMICM will mention an error of type SSLERR_SERVER_CERT_MISMATCH

    5. Click Next

  5. The SOAP Protocol page will appear:

    11_File_SOAP Protocol 67.png

    SOAP Protocol Page

    1. In the Message ID Protocol list, select Suppress ID Transfer.

    2. Click Finish. 

  6. The logical port has been created. 

    12_New logical ports 67.png

    New logical port

Monitor Interface

This logical port is required to monitor and forward log records to the HaloENGINE for forwarding to SIEM systems. Please note that you can follow any of the above methods to create the monitor interface.   

Proxy name

/SECUDESD/CO_AUDIT67

WSDL

http://[FQDN/IP]:[port]/haloengine-server/monitor?wsdl

Monitor Interface

  1. From the listed objects, click the Consumer proxy /SECUDESD/CO_AUDIT67.

  2. In the General Configuration Settings page - enter a name and description in the Logical Port Name and Description text boxes, respectively. Click Next.

    13_Monitor Interface.png

    Logical Port Name

  3. Via File: Click Browse and select the XML file that was created when deploying the HaloENGINE. For example: C:\Program Files\Secude\Tomcat\webapps\haloengine-server\WEB-INF\haloengine-audit.wsdl 

  4. Via HTTP Access: In URL for WSDL Access field, enter HTTP address to access your WSDL. For example: http://commoneng.local:8383/haloengine-server/monitor?wsdl            

  5. In the Binding Selection page, click Next.  

  6. In the Consumer Security page, you must select the certificate location (PSE node of the SAP Trust Manager), depending upon the certificate you have imported into HaloENGINE. (For details, see the SAP online help for transaction STRUST.)

  7. In the HTTP Settings page, enter the Fully Qualified name of the domain IP address of the system. Please make sure the hostname entered in the field Computer Name of Access URL (Host) on page Transport Binding must match that stored in the server's certificate. 

    14_Monitor.png

    HTTP Settings page

  8. In the SOAP Protocol page, make sure the parameter Message ID Protocol is set to Suppress ID Transfer. If it is not set by default, you must manually configure it.

  9. Click Finish

  10. The logical port is successfully created.

    15_Monitor.png

    New logical port - Monitor

Stateful Process Interface 

This logical port is required to append all the individual packages of character-based files that are downloaded in multiple packages, and then classify and process the final file. Please note that you can follow any of the above methods to create the interface.

Proxy name

/SECUDESD/CO_SFHENG

WSDL

http://[FQDN/IP]:[port]/haloengine-server/stateful_process?wsdl

Stateful Process Interface

  1. From the listed objects, click the Consumer proxy /SECUDESD/CO_SFHENG.

  2. In General Configuration Settings page - enter a name and description in Logical Port Name and Description text boxes, respectively. Click Next.

    16_Statefull Interface.png

    Logical Port Name

  3. Via File: Click Browse and select the XML file that was created when deploying the HaloENGINE. For example: C:\Program Files\Secude\Tomcat\webapps\haloengine-server\WEB-INF\haloengine-stateful-process.wsdl

  4. Via HTTP Access: In URL for WSDL Access field, enter HTTP address to access your WSDL. For example: http://commoneng.local:8383/haloengine-server/stateful_process?wsdl    

  5. In Binding Selection page, click Next.  

  6. In Consumer Security page, you must select the certificate location (PSE node of the SAP Trust Manager), depending upon the certificate you have imported into HaloENGINE. (For details, see the SAP online help for transaction STRUST.)

  7. In HTTP Settings page, enter the Fully Qualified name of the domain/IP address of the system. Please make sure the hostname entered in the field Computer Name of Access URL (Host) on page Transport Binding must match that stored in the server's certificate. 

    17_Statefull Process.png

    HTTP Settings page

  8. In the SOAP Protocol page, make sure the parameter Message ID Protocol is set to Suppress ID Transfer. If it is not set by default, you must manually configure it.

  9. Click Finish. The logical port is successfully created.

    18_Stateful process.png

    New logical port - Stateful

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close