WS-Security User name Token |
|
WS-Security is a standard for securing Web services. This standard provides various formats for authentication and credentials. Process Platform supports WS-Security User name token as a way of providing credentials.
The User name token profile can be used when there is need for a standard way of authentication and authorization. WS-Security is an emerging standard and is used in many large enterprise systems. As message integrity is important, you should use message-level or transport-level security.
The WS-Security User name token contains credentials in the form of a user name and password. The service container verifies the given credentials before the SOAP request is executed. The request is then executed on behalf of the user and the organization. A password in a WS-Security User name token is of type 'PasswordText', which is a plain text password and must be protected against security attacks. Protection against attacks must be done by using SSL for the connection from the browser (IE) to the backend (Web server). For more information on how this authentication is part of a SOAP request, refer to Process Platform Identity.
Note: The WS-Security User name token is the identity type that is used to retrieve SAML assertions from Cordys Single Sign-On.
Configuration
- The Web server must be configured explicitly to allow anonymous access. When this is configured, the Web server will not try to authenticate, but the client must provide valid credentials in the SOAP message.
- Service group must have an authenticator configured in their service group configuration in LDAP. This authenticator will be used to verify the credentials.
Example
For an example of a SOAP header that uses the WS-Security User name token profile, refer to Example of WS-Security UsernameToken.