SOAP header
The SOAP header contains information about the service, the message, and the sender. It must include all of the fields shown.
Note: The requirement for requests to contain the wsu:Timestamp, wsse:Username, and wsse:Password elements is defined in the WSDL by ws-policy. The URLs to include are:
wsa—http://www.w3.org/2005/08/addressing (username/password authentication)
wsu—http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd (username/password authentication)
wsse—http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd (signing in with X.509 cert (F5CERT))
If your web service toolkit does not support ws-policy, you must manually add these elements to the web service request.
Username authentication
Field |
Description |
Standard |
---|---|---|
wsa:Action |
SOAP action for the operation. Include this field as part of the summary for each SOAP operation. |
WS-Addressing |
wsa:MessageID |
Unique ID for the message. |
WS-Addressing |
wsa:ReplyTo |
Use the value that is shown in the example. |
WS-Addressing |
wsa:To |
Full URL of the service. Note: The full URL is different for each customer. |
WS-Addressing |
wsu:Timestamp
|
Time the message was created and when it expires. Oracle recommends a 5-minute time window. The software allows for five minutes of clock drift between servers. This value can be modified in the web.config file by setting the MaxClockSkew value. |
SOAP Message Security 1.0 |
wsse:Username |
User name of the user in the InForm study. |
SOAP Message Security 1.0 |
wsse:Password |
Password of the user in the InForm study. |
SOAP Message Security 1.0 |
F5CERT Certificate authentication
Request Headers:
Field |
Description |
Standard |
---|---|---|
wsa:Action |
SOAP action for the operation. Include this field as part of the summary for each SOAP operation. |
WS-Addressing |
wsa:MessageID |
Unique ID for the message. |
WS-Addressing |
wsa:ReplyTo |
Use the value that is shown in the example. |
WS-Addressing |
wsa:To |
Full URL of the service. Note: The full URL is different for each customer. |
WS-Addressing |
wsse:Security |
Provides the X.509 Certificate Token, time stamp, and the signature. |
SOAP Message Security 1.1.1 |
wsse:Security/wsu.Timestamp
|
Time the message was created and when it expires. Oracle recommends a 5-minute time window. The software allows for five minutes of clock drift between servers. This value can be modified in the web.config file by setting the MaxClockSkew value. |
SOAP Message Security 1.1.1 |
wsse:Security/BinarySecurityToken |
The X.509 certificate referenced within the signature. |
SOAP Message Security 1.1.1 |
wsse:Security/Signature |
The signature of the soap body. |
XML Signature Syntax and Processing (Second Edition) |
Response Header:
Field |
Description |
Standard |
---|---|---|
wsse:Security |
Provides the signature confirmation. |
SOAP Message Security 1.1.1 |
wsse:Security/wsse11:SignatureConfirmation |
Contains the contents of the <ds:SignatureValue> element of the request signature as the value of the @Value attribute of the <wsse11:SignatureConfirmation> element. |
SOAP Message Security 1.1.1 |