Integration Platform Technologies: Siebel Enterprise Application Integration > Web Services > About Web Services Security Support >

About WS-Security UserName Token Profile Support

Siebel Business Applications support the WS-Security UserName Token mechanism, which allows for the sending and receiving of user credentials in a standards-compliant manner. The UserName token is a mechanism for providing credentials to a Web service where the credentials consist of the UserName and Password. The password must be passed in clear text. The UserName token mechanism provides a Web service with the ability to operate without having the username and password in its URL or having to pass a session cookie with the HTTP request.

NOTE:  Using WS-Security is optional. If it is critical that the password not be provided in clear text, use HTTPS.

The following is an example of a UserName token showing the user name and password:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>
<wsse:UsernameToken xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsse:Username>Username</wsse:Username>
<wsse:Password Type="wsse:PasswordText">Password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>

To enable the oracle/wss_username_token_service_policy, the corresponding business service for the imported outbound WSDL must include a specific business service property, which is as follows:

• Property Name: auth_policy
• Value: oracle/wss_username_token_service_policy policy. If the property is not specified, then the default value is oracle/no_authentication_service_policy.

NOTE:  If you are using Web single sign-on (SSO), then use the Siebel trust token value in wsse:Password instead of the password.

About Support for the UserName Token Mechanism

Support for the UserName Token mechanism includes the following:

• Allows an inbound SOAP request to contain user credentials that can be provided to the inbound SOAP dispatcher to perform the necessary authentication
• Allows an inbound SOAP dispatcher to perform the necessary authentication on an inbound SOAP request that contains user credentials
• Allows an outbound SOAP request to contain user credentials that can be utilized by the external application

NOTE:  Passing user credentials in the URL is not supported in Siebel CRM, version 8.2, and version 8.1, Fix Pack 8.1.1.9 and higher.

Using the UserName Token for Inbound Web Services

The Inbound Web Services view provides an interface for associating operations with authentication types. The names of the operations must be globally unique. The applet shown in Figure 28 can be defined as requiring a UserName Token with username and password provided in clear text.

Figure 28. Inbound Web Services View and the UserName Token

NOTE:  If you want to use Siebel Authentication and Session Management SOAP headers, then set the authentication type to None. For more information, see About Siebel Authentication and Session Management SOAP Headers.

Using the UserName Token for Outbound Web Services

Each Web service operation in the Outbound Web Services list applet might be tied to an authentication type by selecting from the Authentication Type picklist from the Outbound Web services list, as shown in Figure 29.

Figure 29. Outbound Web Services Operations PickList