Hi,

I am required to expose a service in webMethods i.e. webMethods is going to be the provider of the service. I am supposed to secure the webservice with a username token policy. Does anyone know how I can handle the username token parameters sent by the consumer?

I could only find information on adding handlers to consumer desriptors on this forum. Thanks for helping out!!

Hi Basheer,

please provide the version of your wM suite.

Please check the documentation for WS Aliases as well as ACLs and Client certificates.
This might help to sort things out.

Regards,
Holger

pls review the Web_Services_Developers_Guide, it should give you enough info to start with.
If you have specific issue/question, you can raise it to the forum.

HI. Basheer unnisa

shared to policy username policy

example : C:\SoftwareAG97\IntegrationServer\instances\default\config\wss\policies

Username_token_only < you want file name and show name to pocliy tab.

<wsp:Policy wsu:Id=“Username_token_only” Name=“Username_token_only”
xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”
xmlns:wsp=“Web Services Policy Framework (WS-Policy) and Web Services Policy Attachment (WS-PolicyAttachment)”>

<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>

</wsp:Policy>

good luck!

Basheer – Did you finish this task ? Can you share sample policy file over here which will be useful to others. In my environment I can see Username_Signature, Username_Over_Transport & Username_Encryption files.

Thanks,

I was able to add the policy by placing the policy file in this location:
…/IntegrationServer/instances/default/config/wss/policies/

I have attached the policy file to be placed in this location. After you have done this, you may need to restart your server for the policy to reflect in designer.

After this, open the provider WSD in designer, click on policies tab, right click and select the username token policy you have just added and save. Your webservice is now secure with a username token policy.

Thanks Basheer Unnisa, but didn’t find attachment, can you please.

Thanks,

attached policy file
Username_Token.zip (381 Bytes)

Thanks Basheer Unnisa.

Thanks,

Basheer Unnisa – which wM version you are on ?

I am having local wM8.2. I just tried the steps which you gave but didn’t find anything as part of WSD provider’s policies in designer.

Thanks,

I am using 9.8. See attached screen shot for the provider WSD policies tab from my designer.

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/f3234150abcb2c101189c807d93e0ba095b09ec2_2_1035x445.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files/f3234150abcb2c101189c807d93e0ba095b09ec2.png 2x" data-dominant-color="F5F6F8">

providerWSD.PNG1040×448 24.9 KB

Okay, thanks for your time.

Thanks,