Table of Contents

Search

  1. Preface
  2. Part 1: Using Process Developer
  3. Part 2: Creating and Modifying Processes
  4. Part 3: Functions, Events, Errors, and Correlation
  5. Part 4: Testing and Deployment
  6. Part 5: Process Central and Process Server (On-Premises)

Process Developer

Process Developer

Authentication

Authentication

Select this policy assertion as described in Adding Policy Assertions.
This policy describes the HTTP credentials required for access to a service.
Inbound authentication is for messages received for My Role services and for replies from invoked Partner Role services. Outbound authentication is for replies from My Role services and messages sent to invoked Partner Role services.
Set the following parameters:
Outbound Authentication Policy
Username
Name of the user authorized to access the service
Password
Password for the authorized user
Preemptive HTTP Credentials
Preemptive authentication sends basic authentication credentials without being challenged by the remote host. Care must be taken to ensure that this option is only used to communicate over secure channels to prevent unnecessary disclosure of user credentials
Send
wsse:UsernameToken
in Header
If checked, credentials are sent as a OASIS WS-Security
UsernameToken
element in the SOAP Header. To include a Nonce (a nonce is an arbitrary number used only once in a cryptographic communication) with the
UsernameToken
, add a
<abp:HashPassword/>
child element to the PDD file in the PDD editor after finishing the wizard. A Nonce is used to increase the authentication security by disallowing a string to be repeated. See the example below.
A
wsse:UsernameToken
header can be sent unencrypted and unsigned, provided that it is the only security policy in effect for the invoke. Otherwise, the
UsernameToken
header is signed and encrypted, which requires that you have a certificate keystore configured.
Use Cleartext Password
Select this option to store the authorized user's password in clear text in the PDD. The password is visible and readable in the PDD file.
Inbound Authentication Policy
Require
UsernameToken
when receiving messages
Select this to require authentication on messages received by a My Role or Partner Role service
Example:
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ns5="http://www.example.org/Hello/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <wsa:Address>http://localhost:8081/active-bpel/services/Hello</wsa:Address> <wsa:Metadata> <wsa:ServiceName PortName="HelloSOAP">ns5:Hello</wsa:ServiceName> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:abp="http://schemas.active-endpoints.com/ws/2005/12/policy"> <abp:Authentication direction="out"> <abp:User>aeadmin</abp:User> <abp:Password>yH6CJei+D+s=</abp:Password> <abp:HashPassword/> </abp:Authentication> </wsp:Policy> </wsa:Metadata> </wsa:EndpointReference>

0 COMMENTS

We’d like to hear from you!