BPM, Workflow, and Case

Hi Laszlo,

a Policy Set cannot be used to require authentication. 
The HTTP binding you provide specifies credentials that your Web Service will send in asynchronous responses. This is unrelated to expected inbound authentication.
I would expect this configuration to have no effect and continue to work without authentication.

However, not in your screenshots, you probably have set some flag in Web Process Designer to protect your Web Service. This message is coming from BAW code, not the WAS policy set:
https://www.ibm.com/docs/en/baw/20.x?topic=cwllg-cwllg1510e

I know that enabling the "protected" flag does something completely unexpected: it expects credentials to be sent as part of the SOAP message - may even as part of the payload.
The old redbook has an example where username and password are added to your WSDL interface description: https://www.redbooks.ibm.com/redbooks/pdfs/sg248027.pdf p.154

I just gave it a try and the behavior is still the same: two elements are added to your operation's interface

Basic authentication for outbound asynchronous service responses.

Policy set


Policy set binding

Calling from soapUI

Response:

Hi Jens,

Thanks for your reply! As you see, this is new for me, and I don't found helpful descriptions and samples (or just for old BPM versions)...
Really, I turned on protected checkbox for the webservice definition and I supposed policy settings will set the required authentication data.


But now I have another problem: where can I specify the username and password required to call this webservice? Earlier versions did display fields for this as I remember, but now no option for setting this two data. Can you help me please?

Thanks,

Hi Laszlo,

a Policy Set cannot be used to require authentication. 
The HTTP binding you provide specifies credentials that your Web Service will send in asynchronous responses. This is unrelated to expected inbound authentication.
I would expect this configuration to have no effect and continue to work without authentication.

However, not in your screenshots, you probably have set some flag in Web Process Designer to protect your Web Service. This message is coming from BAW code, not the WAS policy set:
https://www.ibm.com/docs/en/baw/20.x?topic=cwllg-cwllg1510e

I know that enabling the "protected" flag does something completely unexpected: it expects credentials to be sent as part of the SOAP message - may even as part of the payload.
The old redbook has an example where username and password are added to your WSDL interface description: https://www.redbooks.ibm.com/redbooks/pdfs/sg248027.pdf p.154

I just gave it a try and the behavior is still the same: two elements are added to your operation's interface

Basic authentication for outbound asynchronous service responses.

Policy set


Policy set binding

Calling from soapUI

Response:

Hi Jens,

Thanks for your reply! As you see, this is new for me, and I don't found helpful descriptions and samples (or just for old BPM versions)...
Really, I turned on protected checkbox for the webservice definition and I supposed policy settings will set the required authentication data.


But now I have another problem: where can I specify the username and password required to call this webservice? Earlier versions did display fields for this as I remember, but now no option for setting this two data. Can you help me please?

Thanks,

Hi Laszlo,

a Policy Set cannot be used to require authentication. 
The HTTP binding you provide specifies credentials that your Web Service will send in asynchronous responses. This is unrelated to expected inbound authentication.
I would expect this configuration to have no effect and continue to work without authentication.

However, not in your screenshots, you probably have set some flag in Web Process Designer to protect your Web Service. This message is coming from BAW code, not the WAS policy set:
https://www.ibm.com/docs/en/baw/20.x?topic=cwllg-cwllg1510e

I know that enabling the "protected" flag does something completely unexpected: it expects credentials to be sent as part of the SOAP message - may even as part of the payload.
The old redbook has an example where username and password are added to your WSDL interface description: https://www.redbooks.ibm.com/redbooks/pdfs/sg248027.pdf p.154

I just gave it a try and the behavior is still the same: two elements are added to your operation's interface

Basic authentication for outbound asynchronous service responses.

Policy set


Policy set binding

Calling from soapUI

Response:

Hi Jens,

Thanks for your reply! As you see, this is new for me, and I don't found helpful descriptions and samples (or just for old BPM versions)...
Really, I turned on protected checkbox for the webservice definition and I supposed policy settings will set the required authentication data.


But now I have another problem: where can I specify the username and password required to call this webservice? Earlier versions did display fields for this as I remember, but now no option for setting this two data. Can you help me please?

Thanks,

Hi Laszlo,

a Policy Set cannot be used to require authentication. 
The HTTP binding you provide specifies credentials that your Web Service will send in asynchronous responses. This is unrelated to expected inbound authentication.
I would expect this configuration to have no effect and continue to work without authentication.

However, not in your screenshots, you probably have set some flag in Web Process Designer to protect your Web Service. This message is coming from BAW code, not the WAS policy set:
https://www.ibm.com/docs/en/baw/20.x?topic=cwllg-cwllg1510e

I know that enabling the "protected" flag does something completely unexpected: it expects credentials to be sent as part of the SOAP message - may even as part of the payload.
The old redbook has an example where username and password are added to your WSDL interface description: https://www.redbooks.ibm.com/redbooks/pdfs/sg248027.pdf p.154

I just gave it a try and the behavior is still the same: two elements are added to your operation's interface

Basic authentication for outbound asynchronous service responses.

Policy set


Policy set binding

Calling from soapUI

Response:

Hi Jens,

Thanks for your reply! As you see, this is new for me, and I don't found helpful descriptions and samples (or just for old BPM versions)...
Really, I turned on protected checkbox for the webservice definition and I supposed policy settings will set the required authentication data.


But now I have another problem: where can I specify the username and password required to call this webservice? Earlier versions did display fields for this as I remember, but now no option for setting this two data. Can you help me please?

Thanks,

Hi Laszlo,

a Policy Set cannot be used to require authentication. 
The HTTP binding you provide specifies credentials that your Web Service will send in asynchronous responses. This is unrelated to expected inbound authentication.
I would expect this configuration to have no effect and continue to work without authentication.

However, not in your screenshots, you probably have set some flag in Web Process Designer to protect your Web Service. This message is coming from BAW code, not the WAS policy set:
https://www.ibm.com/docs/en/baw/20.x?topic=cwllg-cwllg1510e

I know that enabling the "protected" flag does something completely unexpected: it expects credentials to be sent as part of the SOAP message - may even as part of the payload.
The old redbook has an example where username and password are added to your WSDL interface description: https://www.redbooks.ibm.com/redbooks/pdfs/sg248027.pdf p.154

I just gave it a try and the behavior is still the same: two elements are added to your operation's interface

Basic authentication for outbound asynchronous service responses.

Policy set


Policy set binding

Calling from soapUI

Response:

Hi Jens,

Thanks for your reply! As you see, this is new for me, and I don't found helpful descriptions and samples (or just for old BPM versions)...
Really, I turned on protected checkbox for the webservice definition and I supposed policy settings will set the required authentication data.


But now I have another problem: where can I specify the username and password required to call this webservice? Earlier versions did display fields for this as I remember, but now no option for setting this two data. Can you help me please?

Thanks,

Hi Laszlo,

a Policy Set cannot be used to require authentication. 
The HTTP binding you provide specifies credentials that your Web Service will send in asynchronous responses. This is unrelated to expected inbound authentication.
I would expect this configuration to have no effect and continue to work without authentication.

However, not in your screenshots, you probably have set some flag in Web Process Designer to protect your Web Service. This message is coming from BAW code, not the WAS policy set:
https://www.ibm.com/docs/en/baw/20.x?topic=cwllg-cwllg1510e

I know that enabling the "protected" flag does something completely unexpected: it expects credentials to be sent as part of the SOAP message - may even as part of the payload.
The old redbook has an example where username and password are added to your WSDL interface description: https://www.redbooks.ibm.com/redbooks/pdfs/sg248027.pdf p.154

I just gave it a try and the behavior is still the same: two elements are added to your operation's interface

Basic authentication for outbound asynchronous service responses.

Policy set


Policy set binding

Calling from soapUI

Response:

Hi Jens,

Thanks for your reply! As you see, this is new for me, and I don't found helpful descriptions and samples (or just for old BPM versions)...
Really, I turned on protected checkbox for the webservice definition and I supposed policy settings will set the required authentication data.


But now I have another problem: where can I specify the username and password required to call this webservice? Earlier versions did display fields for this as I remember, but now no option for setting this two data. Can you help me please?

Thanks,

Hi Laszlo,

a Policy Set cannot be used to require authentication. 
The HTTP binding you provide specifies credentials that your Web Service will send in asynchronous responses. This is unrelated to expected inbound authentication.
I would expect this configuration to have no effect and continue to work without authentication.

However, not in your screenshots, you probably have set some flag in Web Process Designer to protect your Web Service. This message is coming from BAW code, not the WAS policy set:
https://www.ibm.com/docs/en/baw/20.x?topic=cwllg-cwllg1510e

I know that enabling the "protected" flag does something completely unexpected: it expects credentials to be sent as part of the SOAP message - may even as part of the payload.
The old redbook has an example where username and password are added to your WSDL interface description: https://www.redbooks.ibm.com/redbooks/pdfs/sg248027.pdf p.154

I just gave it a try and the behavior is still the same: two elements are added to your operation's interface

Basic authentication for outbound asynchronous service responses.

Policy set


Policy set binding

Calling from soapUI

Response: