In this post we will see how to setup UsernameToken in webMethods webservice consumer connector. We will be covering only username/password based WS-Security. There are other ways also to secure consumer like signature, encryption using certificates. Username Token is a standard WS-Security feature which is not associated in webservice consumer by default until and unless dictated by WSDL. Below is one example of soapHeaders with UsernameToken.
In cases where WSDL doesn’t mention anything about WS-Security then there are two ways to generate UsernameToken at soapheader level. In this post we will look at one of the methods. This method uses webMethod’s Pre 8.2 compatibility feature of webservice connectors. WebServices developer guide is not very clear on how to generate UsernameToken tags. It just says set values for auth/message/user and auth/message/pass fields and the UsernameToken will be generated. However, they forget to add the steps / procedures to be followed to generate the UsernameToken. Let’s get to work…enough of blabbering.
- Open web service consumer connector for which you want to generate UsernameToken.
- Lock For Edit and go to properties window of consumer.
- Check if Pre-8.2 compatibility mode is set to “true”. If not then change it to true. Screen shot below.
- Save consumer and Now go to Handler Tab.
- Right Click in Handler Tab. Select “Add Handler” Option.
- A dialogue box as shown below will appear. Select WS Security Handler and click OK.
- Select the Handler added in previous section. Once highlighted property window will have option like shown below.
- Select policy “Consumer policy for Username” and save consumer.
- Next part is to use connector in Flow service.
- Invoke connector in flow service and set auth/message/user and auth/message/pass variables for username and password respectively.
Once you have completed the above mentioned steps, soapHeaders will have UsernameToken tag. You can use TCPIp monitor or some other kind of tool to capture soapHeaders. It is pretty simple and easy to implement. Please do let me know your feedback in comments section.
Thanks Mangat, this was very helpful. We are using Designer 9.5. We are trying to establish security between 2 IS of same version, 9.5
Still we could not get this working, how ever, by setting Pre82 Comaptibility as you have suggested, it worked.
I am glad, it was helpful for you. Let me know if you still face any issues.
Hi Mangat, we have a problem passing soapHeaders from 7.1.3 consumer and service provider is on 8.2. Could you please suggest on how to pass soapHeaders in this case because we want to pass usernametoken values using web service alias.
i don’t have any 7.1.3 installation so can’t comment for sure. but i would assume that in 7.1.3 you don’t have to select pre 8.2 compatibility. what that mean is you should be able to Add handler and then select policy
Hi Mangat,thanks for info,it helped us.we able acheive our result using handler and webservice alias approach in 7.1.3
Great… thank you for the feedback.
Very good Information, Yes it resolved my issue, i am recommending your post to follow.
Thank you Bhanu.
Thanx a lot this helped a lot.
Thank you boyMane.
Hi Mangat,
I followed the above steps that you mentioned but still I don’t see the UsernameToken tag added in the Soap Header. My WM version in 9.0. Do you have any other advice ?
can you send me screenshot of your WS connector properties and your flow service pipeline where you are invoking WS connector.
In different post i have explained alternative way to add header. Please check it
http://www.quest4apps.com/webmethods-add-custom-soapheader-in-soaprequest/
Thanks a lot for this blog….really helpful…appreciate it…
Can you please tell how to use custom policies
which custom policies? sometime i miss comments… if you need further assistance, send me email at mangat@quest4apps.com