Using Username/Password Security with WS-Security Policy
Learn how to authenticate a web service request with CA-SiteMinder Username/Password with a WS-Security Policy.Using Admin Console CA SiteMinder Use Cases Integrate CA SiteMinder with Policy Manager (Main Topic)
The WS-Security Username/Password Use Case client authentication is performed with a Username Token which appears at the SOAP layer as a signed supporting token that is always sent from the client to the service. The user is authenticated using username/password pass in the WS-Security header.
This use case is composed of the Authentication Policy, WS-Security Transport Binding Policy, and WS-Security Supporting Tokens Policy Authentication Policy.
Step 1: Create Policies
- Launch the Policy Manager Management Console. In the Policies folder, use Add Policy to create the following policy configurations.
Policy Name Configuration Requirements Authentication Policy
- Subject Category = End-User
- Domain (Realms) = CA-SiteMinder
WS-Security Transport Binding Policy Use default configuration. WS-Security Supporting Tokens Policy
Use default configuration with the following changes:
On Specify Supporting Token Options screen:
- Click Add Token Choice
- Select the Token Choice
- Click Add Token
On the Add Supporting Token screen:
- Token Type = Username
- Token Inclusion - Always to Recipient
- Subject Category - Consumer
On the Specify Username Token Options screen:
- Version = UsernameToken profile 1.0
Step 2: Attach Policies
- Attach the policies to a virtual service.
Step 3: Select UsernamePassword in Client
Step 4: Test Configuration
- Send requests to the virtual service and the usage data in the Services > Monitoring section.