username token policy webservice producer

Basheer_Unnisa3 · December 14, 2015, 3:36pm

Hi,

I am required to expose a service in webMethods i.e. webMethods is going to be the provider of the service. I am supposed to secure the webservice with a username token policy. Does anyone know how I can handle the username token parameters sent by the consumer?

I could only find information on adding handlers to consumer desriptors on this forum. Thanks for helping out!!

Holger_von_Thomsen · December 14, 2015, 6:31pm

Hi Basheer,

please provide the version of your wM suite.

Please check the documentation for WS Aliases as well as ACLs and Client certificates.
This might help to sort things out.

Regards,
Holger

Tong_Wang · December 14, 2015, 6:32pm

pls review the Web_Services_Developers_Guide, it should give you enough info to start with.
If you have specific issue/question, you can raise it to the forum.

Yeom_jaeryung1 · January 22, 2016, 7:47am

HI. Basheer unnisa

shared to policy username policy

example : C:\SoftwareAG97\IntegrationServer\instances\default\config\wss\policies

Username_token_only < you want file name and show name to pocliy tab.

<wsp:Policy wsu:Id=“Username_token_only” Name=“Username_token_only”
xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”
xmlns:wsp=“Web Services Policy Framework (WS-Policy) and Web Services Policy Attachment (WS-PolicyAttachment)”>

<wsp:ExactlyOne>
	<wsp:All>
		<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
			<wsp:Policy>
			<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
			</sp:UsernameToken>
			</wsp:Policy>
		</sp:SignedSupportingTokens>
	</wsp:All>
</wsp:ExactlyOne>

</wsp:Policy>

good luck!

MR_as173d · January 25, 2016, 8:41am

Basheer – Did you finish this task ? Can you share sample policy file over here which will be useful to others. In my environment I can see Username_Signature, Username_Over_Transport & Username_Encryption files.

Thanks,

Basheer_Unnisa3 · January 25, 2016, 10:16am

I was able to add the policy by placing the policy file in this location:
…/IntegrationServer/instances/default/config/wss/policies/

I have attached the policy file to be placed in this location. After you have done this, you may need to restart your server for the policy to reflect in designer.

After this, open the provider WSD in designer, click on policies tab, right click and select the username token policy you have just added and save. Your webservice is now secure with a username token policy.

MR_as173d · January 25, 2016, 11:42am

Thanks Basheer Unnisa, but didn’t find attachment, can you please.

Thanks,

Basheer_Unnisa3 · January 25, 2016, 12:06pm

attached policy file
Username_Token.zip (381 Bytes)

MR_as173d · January 25, 2016, 12:33pm

Thanks Basheer Unnisa.

Thanks,

MR_as173d · January 25, 2016, 12:51pm

Basheer Unnisa – which wM version you are on ?

I am having local wM8.2. I just tried the steps which you gave but didn’t find anything as part of WSD provider’s policies in designer.

Thanks,

Basheer_Unnisa3 · January 25, 2016, 12:59pm

I am using 9.8. See attached screen shot for the provider WSD policies tab from my designer.

MR_as173d · January 25, 2016, 1:01pm

Okay, thanks for your time.

Thanks,