Oracle Waveset 8.1.1 Web Services

Editing soap.epassword and soap.password Properties

The user specified in soap.username is known as the proxy user.

You can specify only one password property for the proxy user:

Establishing a proxy user is convenient for clients because authentication is not required by the web service. This configuration is common for portal environments where the Waveset server is only accessed by other applications that handle user authentication.


Caution – Caution –

Using a proxy user can be dangerous if the HTTP port on which the responding server resides is generally accessible. Anyone who knows the Waveset server’s URL and understands how to build SPML requests can configure Waveset operations for the proxy user to perform.


The SPML standard does not specify how to perform authentication and authorization. Several related web standards are available for authentication, but these standards are not yet in common use. At this time, the most common approach for authentication is to use the Secure Socket Layer (SSL) between applications and the server. Waveset does not dictate how to configure SSL.

If you cannot use a proxy user or SSL, Waveset supports a vendor-specific extension to SPML that allows the client to log in and maintain a session token, which can be used to authenticate subsequent requests. You can use the LighthouseClient class (an extension of the SpmlClient class that includes support for specifying credentials) to perform a login request and pass a session token in all SPML requests.


Note –

The Service Provider SPML interface does not support authentication and authorization. However, you can configure the Waveset SPML interface to use the IDMXUser view instead of using Service Provider SPML.

Service Provider assumes that clients accessing Waveset have been authenticated and authorized by an access management application. The client has all possible rights when using the Service Provider SPML interface.

To prevent sensitive data from being exposed between the client and Waveset, consider accessing the Service Provider SPML interface over SSL.