Using Username/Password Security with WS-Security Policy

Learn how to authenticate a web service request with CA-SiteMinder Username/Password with a WS-Security Policy.

Using Admin Console CA SiteMinder Use Cases

Integrate CA SiteMinder with Policy Manager (Main Topic)


The WS-Security Username/Password Use Case client authentication is performed with a Username Token which appears at the SOAP layer as a signed supporting token that is always sent from the client to the service. The user is authenticated using username/password pass in the WS-Security header.

This use case is composed of the Authentication Policy, WS-Security Transport Binding Policy, and WS-Security Supporting Tokens Policy Authentication Policy.

Step 1: Create Policies

  1. Launch the Policy Manager Management Console. In the Policies folder, use Add Policy to create the following policy configurations.

    Policy Name Configuration Requirements
    Authentication Policy
    1. Subject Category = End-User
    2. Domain (Realms) = CA-SiteMinder
    WS-Security Transport Binding Policy Use default configuration.
    WS-Security Supporting Tokens Policy

    Use default configuration with the following changes:

    On Specify Supporting Token Options screen:

    1. Click Add Token Choice
    2. Select the Token Choice
    3. Click Add Token

    On the Add Supporting Token screen:

    1. Token Type = Username
    2. Token Inclusion - Always to Recipient
    3. Subject Category - Consumer

    On the Specify Username Token Options screen:

    1. Version = UsernameToken profile 1.0

Step 2: Attach Policies

  1. Attach the policies to a virtual service.

Step 3: Select UsernamePassword in Client

  1. Launch SOAPUI and select UsernamePassword for Outgoing WS-Security Configurations.

Step 4: Test Configuration

  1. Send requests to the virtual service and the usage data in the Services > Monitoring section.

back to top