Integration Platform Technologies: Siebel Enterprise Application Integration > Web Services >

About Siebel Authentication and Session Management SOAP Headers


You can use Siebel Authentication and Session Management SOAP headers to send and receive user credentials and session information. You can send a username and password for login that invokes one of the following sessions:

  • One that closes after the outbound response is sent.
  • One that remains open after the response is sent.

For example, a custom Web application can send a request that includes a username and password, and invokes a stateless session, one that remains open after the outbound response is sent. The Siebel Server generates an encrypted session token that contains user credentials and a session ID. The Siebel Server includes the session token in the SOAP header of the outbound response. The client application is responsible for capturing the returned session token and including it in the SOAP header of the next request.

The Session Manager on the SWSE extracts the user credentials and session ID from the session token and reconnects to the session on the Siebel Server. If the original session has been closed, a new session is created.

You can use the SOAP headers listed in Table 9 to invoke different types of sessions, and pass authentication credentials.

NOTE:  The values entered are case insensitive.

The namespace used with Siebel Authentication and Session Management SOAP headers is:

xmlns="http://siebel.com/webservices"

Table 9. Siebel Session Management and Authentication SOAP Headers
SOAP Header Block
Description

SessionType

You use the SessionType SOAP header to define the type of session. Valid values are None, Stateless and Stateful:

  • None. A new session is opened for each request and then closed after a response is sent out. The SessionType none may or may not include UsernameToken and PasswordText SOAP headers. When UsernameToken and PasswordText SOAP headers are included, these credentials are used for authentication.

    If the UsernameToken and PasswordText SOAP headers are excluded from the SOAP header, anonymous login is assumed. The anonymous login requires additional configuration in the Siebel Web Engine (eapps.cfg) and Named Subsystem configuration (AllowAnonymous).

    For more information about configuring Anonymous login, see Security Guide for Siebel Business Applications.

  • Stateless. A new session is opened for an initial request and the session remains open for subsequent requests. Relogin occurs automatically (transparent to the user) if the session is closed. UsernameToken and PasswordText must be included as SOAP headers in the initial request to open a stateless session.
  • Stateful. A new session is opened for an initial request and the session remains open for subsequent requests. Relogin does not occur automatically if the session is closed. UsernameToken and PasswordText must be included as SOAP headers in the initial request to open a stateful session.

If SessionType is absent, then the default value is None, and the session will be closed after the request is processed.

UsernameToken

You use the UsernameToken SOAP header to send the Login ID to the Siebel Server.

PasswordText

You use the PasswordText SOAP header to send the password used by the login ID to the Siebel server.

SessionToken

Session tokens are used with stateless requests. They are sent and received using the SessionToken SOAP header. After receiving an initial request with valid authentication credentials and a session type set to Stateless, the Siebel Server generates a session token and includes it in the SOAP header of the outbound response. The session token is encrypted and consists of a session ID and user credentials. The custom Web application uses the session token for subsequent requests. The Session Manager on the SWSE extracts a session ID and user credentials from the session token, and then passes the information to the Siebel Server. The session ID is used to reconnect to an existing session or automatically log in again if the session has been terminated.

For examples of using SOAP headers for session management and authentication, see Examples of Using SOAP Headers for Authentication and Session Management.

CAUTION:  Siebel Session Management and Authentication SOAP headers are supported on the following J2EE Application environments: Axis, BEA WebLogic, and IBM WebSphere.

NOTE:  The Siebel Session Management and Authentication SOAP headers are different from the SOAP headers used for WS-Security. For more information about WS-Security, see About WS-Security UserName Token Profile Support.

Integration Platform Technologies: Siebel Enterprise Application Integration Copyright © 2008, Oracle and/or its affiliates. All rights reserved. Legal Notices.