SOAP Security
OIPA adheres to the WS-Security standards for the authentication of SOAP messages. The standards, as developed by the OASIS Open committee, can be referenced at the following two URLs. Paste a URL in a browser to view the standards.
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
The <wsse:UsernameToken> element is used to contain the authentication information. The username and password are specified inside of the <wsse:Username>, and <wsse:Password> elements, respectively. Use an OIPA user name and password here.
It is suggested that SSL (Secure Socket Layer) is used as a method of encryption for all SOAP messages.
The optional <wsse:Nonce> element allows a nonce to be used as added security. A nonce is a random number, in this case represented in base 64, which is embedded in the security header to aid in preventing old communications from being reused. This number is newly generated for each request on the client side and is returned along with the SOAP response from OIPA. The <wsu:Created> element must contain the timestamp of the creation time of the nonce.
SOAP File with Security
Copyright © 2009, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices