SOAP Message Security Header

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Send Mail Feedback
Save Permalink URL

Navigation: TeamConnect Setup and Development > Web Services Help > Getting Started > Creating an Application

For each client proxy you can define an interceptor with SOAP message security header content (for TeamConnect authentication). The interceptor should be added to the client proxy once and afterward, the corresponding security header will be automatically inserted into each XML message resulting from a Web Service request.

The interceptor for the message security header needs to contain the following:

•A string variable for the TeamConnect user name used to authenticate to the system.

If you are writing a Web Service client application in a Software as a Service (SaaS) environment, the user name should use the format: user@domain

•A string variable for the TeamConnect user password used to authenticate to the system. During message transfer the password will be sent as unencrypted clear text.

If you need to transmit the password in a more secure manner, you can set up SSL between your client application and the TeamConnect instance.

For a more detailed example, see the Security Headers Sample Code section of the Client Application Components (Java/Apache CXF) appendix.

The TeamConnect Web API is compliant with the WS-Security 1.1 OASIS standard. Currently only authentication using the UsernameToken is supported. For more information, see:

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

Sample SOAP Message Security Header for Authentication

In your custom application, you should define a security header for SOAP/HTTP requests that looks like:

<soap:Header>

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/

oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">

<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/

01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

wsu:Id="UsernameToken-1809471" xmlns:wsse="http://docs.oasis-

open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/

oasis-200401-wss-wssecurity-secext-1.0.xsd">administrator</

wsse:Username>

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-

200401-wss-username-token-profile-1.0#PasswordText"

xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-

wssecurity-secext-1.0.xsd">password</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soap:Header>

//administrator should be replaced with a valid TeamConnect user name with sufficient rights to perform required functions.

//password should be replaced with the administrator user's password.