Web Services Security
Using Http Basic Authentication
Using Http NTLM Authentication
WS-Security
Introduction
To configure WS-Security for a Web Services Resource, open
the Web Services Resource, select the Web Service Adapter under adapters, click the WSS icon 
on the toolbar, then select the WS-Security tab. The Web Services Adapter supports Username
Tokens and Timestamps from the OASIS
WS-Security specification.
- Click
the
icon to create a new WS-Security header - Click
the
icon to delete a WS-Security header - Click
the
icons to change the order in which the
WS-Security headers are added to the request document
Three types of WS-Security header are supported and can be added:
- User Token Plain Text: unencrypted username and password authentication
- User Token Hashed Text: username and encrypted password authentication
- WSS Timestamp - configure a time limit on the web service call before the request/response expires
For more information regarding WS-Security protocol, please refer to the OASIS WS-Security specification.
User Token Plain Text
This token supports basic username and password authentication when a web service is invoked. If the client username and password does not match the integration web service username and password, a SOAP Fault is returned back to the client. This method of authentication supports both plain text and hashed text passwords.
|
Username |
User name. Substitutable field and environment field variables can be used starting with && e.g. &&$ENV_USERXX. |
|
Password |
Password. Substitutable field and environment field variables can be used as above. |
|
Confirm password |
Same as password |
User Token Hashed Text
This is the same as the plain text token above except that
the password is encrypted using the SHA-1 hashing algorithm. The example below shows the SOAP Message sent
to the server using this token:
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/
wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-21382323" xmlns:wsse="http://docs.o
asis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.
xsd">
<wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-2004
01-wss-wssecurity-secext-1.0.xsd">username</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
-username-token-profile-1.0#PasswordDigest" xmlns:wsse="http://docs.oasis-open.o
rg/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">XiznkRuKWEkq0hdHL/nzL
S2XojI=</wsse:Password>
<wsse:Nonce xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-secext-1.0.xsd">9C3KP/T0s7vQlXHcfgN4VQ==</wsse:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2006-12-08T16:00:04.297Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
</soap:Body>
</soap:Envelope>
WSS Timestamp
This token supports the ability to set an expiry time on the web service call. If a request is received from the client that is out-of-date then a standard web SOAP Fault is returned to the client stating that the web service call has expired.
|
Timestamp duration |
Enter the time in seconds or milliseconds depending on the timestamp precision attribute |
|
Timestamp precision |
If checked, the above field is entered in milliseconds, if unchecked in seconds |
The example below
shows the SOAP Message sent to the server using Timestamp authentication set to
10 seconds before expiry:
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/
wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp
wsu:Id="Timestamp-9611746" xmlns:wsu="http://docs.oasis-open.o
rg/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2006-12-08T17:02:51.287Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2006-12-08T17:03:01.287Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
</soap:Body>
</soap:Envelope>
Http Security
Introduction
The Ebase web
services adapter supports HTTP Basic Authorization security in accordance to
the W3C Http/1.0 Protocol.
Using
Http Basic Authentication
Http Basic
authorization is a HTTP/1.0 standard used by web servers to authenticate a
client to allow access to particular web applications. Http basic authentication
adds the username and password as an encrypted string to the HTTP Header. If
the username is bill and the password is mypass,
the following HTTP Header is added to the HTTP Request:
Authorization: Basic
YmlsbDpteXBhc3M=
To configure Http-Security for a Web Services Resource, open
the Web Services Resource, select the Web Service Adapter under adapters, click the WSS icon 
on the toolbar, then select the Http-Security tab.
1)
Select
Enable Http Authentication.
2)
Enter
the username. This value supports substitutable parameters.
See substitutable
parameters section for more details.
3)
Enter
the password. This value supports substitutable parameters.
See substitutable
parameters section for more details.
4)
Confirm
the password.
5)
Click OK
Button.
Using Http NTLM
Authentication
NTLM (NT LAN Manager) is a Microsoft authentication protocol. NTLM authentication is configured in exactly the same as Http Basic Authentication, except that the domain name is included as part of the username. The username must be entered as <domain-name>\<username>.