Web Services Security
Using Http Basic Authentication
Using Http NTLM Authentication
To configure WS-Security for a Web Services Resource, open the Web Services Resource, select the Web Service Adapter under adapters, click the WSS icon on the toolbar, then select the WS-Security tab. The Web Services Adapter supports Username Tokens and Timestamps from the OASIS WS-Security specification.
Three types of WS-Security header are supported and can be added:
For more information regarding WS-Security protocol, please refer to the OASIS WS-Security specification.
This token supports basic username and password authentication when a web service is invoked. If the client username and password does not match the integration web service username and password, a SOAP Fault is returned back to the client. This method of authentication supports both plain text and hashed text passwords.
Username |
User name. Substitutable field and environment field variables can be used starting with && e.g. &&$ENV_USERXX. |
Password |
Password. Substitutable field and environment field variables can be used as above. |
Confirm password |
Same as password |
This is the same as the plain text token above except that
the password is encrypted using the SHA-1 hashing algorithm. The example below shows the SOAP Message sent
to the server using this token:
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/
wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-21382323" xmlns:wsse="http://docs.o
asis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.
xsd">
<wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-2004
01-wss-wssecurity-secext-1.0.xsd">username</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
-username-token-profile-1.0#PasswordDigest" xmlns:wsse="http://docs.oasis-open.o
rg/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">XiznkRuKWEkq0hdHL/nzL
S2XojI=</wsse:Password>
<wsse:Nonce xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-secext-1.0.xsd">9C3KP/T0s7vQlXHcfgN4VQ==</wsse:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2006-12-08T16:00:04.297Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
</soap:Body>
</soap:Envelope>
This token supports the ability to set an expiry time on the web service call. If a request is received from the client that is out-of-date then a standard web SOAP Fault is returned to the client stating that the web service call has expired.
Timestamp duration |
Enter the time in seconds or milliseconds depending on the timestamp precision attribute |
Timestamp precision |
If checked, the above field is entered in milliseconds, if unchecked in seconds |
The example below
shows the SOAP Message sent to the server using Timestamp authentication set to
10 seconds before expiry:
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/
wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp
wsu:Id="Timestamp-9611746" xmlns:wsu="http://docs.oasis-open.o
rg/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2006-12-08T17:02:51.287Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2006-12-08T17:03:01.287Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
</soap:Body>
</soap:Envelope>
The Ebase web
services adapter supports HTTP Basic Authorization security in accordance to
the W3C Http/1.0 Protocol.
Http Basic
authorization is a HTTP/1.0 standard used by web servers to authenticate a
client to allow access to particular web applications. Http basic authentication
adds the username and password as an encrypted string to the HTTP Header. If
the username is bill and the password is mypass,
the following HTTP Header is added to the HTTP Request:
Authorization: Basic
YmlsbDpteXBhc3M=
To configure Http-Security for a Web Services Resource, open
the Web Services Resource, select the Web Service Adapter under adapters, click the WSS icon on the toolbar, then select the Http-Security tab.
1)
Select
Enable Http Authentication.
2)
Enter
the username. This value supports substitutable parameters.
See substitutable
parameters section for more details.
3)
Enter
the password. This value supports substitutable parameters.
See substitutable
parameters section for more details.
4)
Confirm
the password.
5)
Click OK
Button.
NTLM (NT LAN Manager) is a Microsoft authentication protocol. NTLM authentication is configured in exactly the same as Http Basic Authentication, except that the domain name is included as part of the username. The username must be entered as <domain-name>\<username>.