Previous Topic

Next Topic

Book Contents

Web service authentication

Customers must invoke the User Management Interface web service from their web service client using an HTTPS enabled load balancer (F5) URL. The User Management Interface web service runs in a secure mode called F5 to receive such web service calls. This mode requires a username token in the SOAP security header to provide the user name and password credentials to authenticate a request.

Username and password credentials should be included in each web service request’s SOAP header. The User Management Interface web service validates these credentials against the study in InForm. The username credentials used for this validation represent a standard InForm study user. This user should not be assigned to any sites or groups in InForm.

The User Management Interface web service denies access if the username credentials are invalid or if the account is not active. Repeatedly failed authentications result in account deactivation per standard InForm settings. Password expiration is not enforced to minimize operational overhead and must be implemented via business policy.

Send Feedback