E-IB: Can PeopleSoft Provided Web Services be Restricted Access to Valid User in WS-Security UsernameToken Only? (Doc ID 1308072.1)

Last updated on OCTOBER 31, 2014

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.48 and later
Information in this document applies to any platform.
***Checked for relevance on 24-May-2013***
***Checked for relevance on 31-Oct-2014***

Goal


Can Oracle Peoplesoft provided web services access be restricted to calls with a valid username in the WS-Security UsernameToken element only?

For example, consider using the following SOAP request message.

<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="');" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd%22>" target=_blank name=contextTextUrl_1298664415970 _djrealurl="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd%22>">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>WSTEST</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>


The outcome, depending on Username validity is:

a. If the Username is valid and exists in the system, Service operation security works as expected.
        OR
b. If the Username is invalid, message is processed bypassing the service operation security, see that as an issue.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms