Integration Platform Technologies: Siebel Enterprise Application Integration > Web Services > About Web Services Security Support >

About WS-Security UserName Token Profile Support

Siebel Business Applications support the WS-Security UserName token mechanism, which allows for the sending and receiving of user credentials in a standards-compliant manner. The UserName token is a mechanism for providing credentials to a Web service where the credentials consist of the UserName and Password. The password must be passed in clear text. The UserName token mechanism provides a Web service with the ability to operate without having the username and password in its URL or having to pass a session cookie with the HTTP request.

NOTE:  Using WS-Security is optional. If it is critical that the password not be provided in clear text, then use HTTPS.

The following is an example of a UserName token showing the username and password:

<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">

<wsse:UsernameToken xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">

<wsse:Username>WKANDINSKY</wsse:Username>

<wsse:Password Type="wsse:PasswordText">AbstractArt123</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

NOTE:  If you are using Web single sign-on (SSO), then use the Siebel trust token value in wsse:Password instead of the password.

About Support for the UserName Token Mechanism

Support for the UserName Token mechanism includes the following:

• Allows an inbound SOAP request to contain user credentials that can be provided to the inbound SOAP dispatcher to perform the necessary authentication
• Allows an inbound SOAP dispatcher to perform the necessary authentication on an inbound SOAP request that contains user credentials
• Allows an outbound SOAP request to contain user credentials that can be utilized by the external application

NOTE:  Passing user credentials in the URL is not supported in the current release of Siebel CRM.

Using the UserName Token for Inbound Web Services

The Inbound Web Services view provides an interface for associating operations with authentication types. The names of the operations must be globally unique. The applet shown in Figure 33 can be defined as requiring a UserName Token with username and password provided in clear text.

Figure 33. Inbound Web Services View and the UserName Token

NOTE:  If you want to use Siebel Authentication and Session Management SOAP headers, then set the authentication type to None. For more information, see About Siebel Authentication and Session Management SOAP Headers.

Using the UserName Token for Outbound Web Services

Each Web service operation in the Outbound Web Services list applet might be tied to an authentication type by selecting from the Authentication Type picklist (see Figure 34) in the Operations picklist, in the following applet.