My Oracle Support Banner

How to Enable Password Digest for Web Service Authentication (Doc ID 2802215.1)

Last updated on AUGUST 30, 2021

Applies to:

Oracle Communications Unified Inventory Management - Version 7.4.0.0.0 and later
Information in this document applies to any platform.

Goal

UIM Web Service (WS) comes configured to use message-level security behavior of authentication using username/password token with password in plain text.
However using plain text password in WS request can be a security risk & overcome it one might opt for using password digest.

This document explains in detail how to configure password digest instead of plain-text password for WS authentication.
Enabling UIM WS support password digest for authentication, changes are required at 2 level:
    Level 1: Configuration changes at WLS to create WS security configuration and enabling password digest for authentication and identity assertion.
    Level 2: Associating a Custom policy with WS allowing password digest for authentication.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Step 1: Creating a simple / empty WS Security Configuration (default_wss).
  Step 2: Update WS Security Configuration to enable password digest.
 Step 3: Update Default Authenticator to enable password digest.
 Step 4: Update Default Identity Asserter to enable password digest.
 Step 5: Create a custom Web Service (WS) Policy file supporting password digest.
 Step 6: Packaging Custom WS Policy with Web Service.
 Step 7: Enabling Custom WS policy for Web Service.
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.