Web service authentication
To address web service client authentication attacks, the InForm User Management Interface software supports username tokens. To ensure the integrity of web client authentication, follow the proper handling of the authentication artifacts.
The InForm User Management Interface web service supports username token authentication. Refer to the User Guide for information on how to invoke the web service using username token authentication.
To ensure that the web client authentication is secure, the password for the username token should be treated with the utmost care, as password exposure can compromise the authentication mechanisms. The InForm User Management Interface software does not store the password in clear-text on the file system and does not log the password.
The client web service password should be protected in the same way as the username token. The password should always be stored in an encrypted form. To reduce password exposure during password exchange, do not transfer the password through unencrypted side channels between web service endpoint parties. The authentication of each side channel endpoint is also a concern during the password exchange and is open to social engineering attacks if it is not done properly.