SOAP header
The SOAP header contains information about the service, the message, and the sender. It must include all of the fields shown.
Note:
The requirement for requests to contain the wsu:Timestamp, wsse:Username, and wsse:Password elements is defined in the WSDL by ws-policy. The URLs to include are:
wsa—http://www.w3.org/2005/08/addressing (username/password authentication)
wsu—http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd (username/password authentication)
wsse—http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd (signing in with X.509 cert (F5CERT))
If your web service toolkit does not support ws-policy, you must manually add these elements to the web service request.
Username authentication
| Field | Description | Standard |
|---|---|---|
| wsa:Action | SOAP action for the operation. Include this field as part of the summary for each SOAP operation. | WS-Addressing |
| wsa:MessageID | Unique ID for the message. | WS-Addressing |
| wsa:ReplyTo | Use the value that is shown in the example. | WS-Addressing |
| wsa:To |
Full URL of the service. Note: The full URL is different for each customer. |
WS-Addressing |
|
wsu:Timestamp
|
Time the message was created and when it expires. Oracle recommends a 5-minute time window. The software allows for five minutes of clock drift between servers. This value can be modified in the web.config file by setting the MaxClockSkew value. |
SOAP Message Security 1.0 |
| wsse:Username | User name of the user in the Oracle InForm study. | SOAP Message Security 1.0 |
| wsse:Password | Password of the user in the Oracle InForm study. | SOAP Message Security 1.0 |
F5CERT Certificate authentication
Request Headers:
| Field | Description | Standard |
|---|---|---|
| wsa:Action | SOAP action for the operation. Include this field as part of the summary for each SOAP operation. | WS-Addressing |
| wsa:MessageID | Unique ID for the message. | WS-Addressing |
| wsa:ReplyTo | Use the value that is shown in the example. | WS-Addressing |
| wsa:To |
Full URL of the service. Note: The full URL is different for each customer. |
WS-Addressing |
| wsse:Security | Provides the X.509 Certificate Token, time stamp, and the signature. | SOAP Message Security 1.1.1 |
|
wsse:Security/wsu.Timestamp
|
Time the message was created and when it expires. Oracle recommends a 5-minute time window. The software allows for five minutes of clock drift between servers. This value can be modified in the web.config file by setting the MaxClockSkew value. |
SOAP Message Security 1.1.1 |
| wsse:Security/BinarySecurityToken | The X.509 certificate referenced within the signature. | SOAP Message Security 1.1.1 |
| wsse:Security/Signature | The signature of the soap body. | XML Signature Syntax and Processing (Second Edition) |
Response Header:
| Field | Description | Standard |
|---|---|---|
| wsse:Security | Provides the signature confirmation. | SOAP Message Security 1.1.1 |
| wsse:Security/wsse11:SignatureConfirmation | Contains the contents of the <ds:SignatureValue> element of the request signature as the value of the @Value attribute of the <wsse11:SignatureConfirmation> element. | SOAP Message Security 1.1.1 |
Parent topic: Programming model and operations