Implementing Secure Outbound Web Services

9 Responses to Implementing Secure Outbound Web Services

  1. babu, this is awesome. I was waiting for this for a very long time. One more thing I noticed is that, even though these credentials are updated in the WSDLS, we will not be able to see this. Try to use the WSDL given by the external system in SOAP Ui, . In the properties window you can see that the username and passowrd are copied and in the first run itself you will get the soap response. If the same WSDLs is moved to Siebel Tools, you will be getting an authentication error from the target middleware/system. Your suggestion is the solution for this problem. Meanwhile most of the middleware systems have a capability to limit the IP addresses from which the request is coming.In a small organisation, people are using network security rather than web service security. Middleware can also do an anonymous registration based on IP addressess. I dont have an example to figure this right here.

  2. babu, this is awesome. I was waiting for this for a very long time. One more thing I noticed is that, even though these credentials are updated in the WSDLS, we will not be able to see this. Try to use the WSDL given by the external system in SOAP Ui, . In the properties window you can see that the username and passowrd are copied and in the first run itself you will get the soap response. If the same WSDLs is moved to Siebel Tools, you will be getting an authentication error from the target middleware/system. Your suggestion is the solution for this problem. Meanwhile most of the middleware systems have a capability to limit the IP addresses from which the request is coming.In a small organisation, people are using network security rather than web service security. Middleware can also do an anonymous registration based on IP addressess. I dont have an example to figure this right here.

  3. hi , iam a little confused with the approach the cfg changes mention as far as i know are for tracing and dumping of EAI process property . which section actually does adds username an dpassword in IO definition or outbound message header.

    • Dear Arc
      If the UserName and Password are Keep on Changing then Create LOV’s for the User Name and Password in the Application ( Explicitly for the Outbound Web Service)

      As Provided in the Above Example

      UserName  Literal Test1

      Make this as

      UserName  Expression LookUpValue(“UserName “,UserName)

      Similarly for the Password also

      This is the easy method where u can change the UserName and Password in the Application itself, which doesn’t required any compilation/repository change

      When u do the Clear Cache for the above LOV’s you are done

      Try this Approach and do let me know your comments

      Cheers

      Babu Rajendra Prasad Mugnara

  4. Hi Neel/Babu,

    Thats a good article.

    We are facing a challenge in relation to the article – Outbound webservices. Our client has provided wsdl, certificate (X.509 standard certificate). Our setup is complete – Imported the certificate in our Siebel server, Imported the WSDL for webservice definition, proxy business service, Internal & External & Mapping definition and finally the Workflow is in place. We are able to generate the SOAP request but we are not getting the binary security token info in the SOAP header to make a successful transaction. Any ideas/suggestions ?

    Thanks.

Leave a Reply

Contribute