Bookshelf Home | Contents | Index | PDF |
Integration Platform Technologies: Siebel Enterprise Application Integration > Web Services > About Web Services Security Support > About WS-Security UserName Token Profile SupportSiebel Business Applications support the WS-Security's UserName Token mechanism, which allows for the sending and receiving of user credentials in a standards-compliant manner. The UserName token is a mechanism for providing credentials to a Web Service where the credentials consist of the UserName and Password. The password must be passed in clear text. The UserName token mechanism provides a Web Service with the ability to operate without having the username and password in its URL or having to pass a session cookie with the HTTP request. The following is a sample of the UserName token showing the username and password: <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"> http://schemas.xmlsoap.org/ws/2002/07/secext <wsse:UsernameToken xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"> <wsse:Username>WKANDINSKY</wsse:Username> <wsse:Password Type="wsse:PasswordText">AbstractArt123</wsse:Password> About Support for the UserName Token MechanismSupport for the UserName Token mechanism includes the following:
The following is an example of passing the user name and password by way of a URL: http:// Username=SADMIN&Password=SADMIN With UserName tokens, the URL does not reveal the user credentials: http:// NOTE: Using WS-Security is optional. If security is of the utmost importance, and if it is critical that the password not be provided in clear text, use HTTPS. About Using the UserName Token for Inbound Web ServicesThe Inbound Web Services view provides an interface for associating operations with authentication types. The names of the operations need to be globally unique. The applet shown in Figure 27 can be defined as requiring no authentication, or requiring a UserName Token with username and password provided in clear text. NOTE: No authentication type implies that the user credentials are in the URL. About Using the UserName Token for Outbound Web ServicesEach Web Service operation in the Outbound Web Services list applet may be tied to an authentication type by selecting from the Authentication Type picklist (see Figure 28) in the Operations picklist, in the following applet. |
Integration Platform Technologies: Siebel Enterprise Application Integration | Copyright © 2008, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |