Validation rules: Web Services tab

Use the Web Services tab of the Configure message validation rules page to control how the community handles inbound Web Services and AS4 message authentication.

Authentication is an optional part of trading via Web Services and AS4.

In the Web Services tab, select a validation rule option:

• Reject messages without user name and password within UsernameToken in SOAP header
• When you select this option, Activator checks whether the UsernameToken element in the SOAP header of an Web Services or AS4 inbound message has a user name and password. The following is an example of a user name and password within a UsernameToken element.

• <S:Envelope xmlns:S="http://www.w3.org/2001/12/soap-envelope"        xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">     <S:Header>          ...        <wsse:Security>            <wsse:UsernameToken>               <wsse:Username>Joe</wsse:Username>               <wsse:Password>ILoveJava</wsse:Password>            </wsse:UsernameToken>        </wsse:Security>     </S:Header> </S:Envelope>

• Reject messages when password is in plain text (not digest)
• You can only select this option if you first select the "Reject messages" option above. When you select this option, the partner must send the password in digest form, as in the following example:

• <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">   <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-19053538">     <wsse:Username>wsbpLaptopCom</wsse:Username>     <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">5UcyqD5Djf5BZu0ZrZSF/5RSv3k=</wsse:Password>     <wsse:Nonce>XIa3LzWkrNvL41RL9JOcMg==</wsse:Nonce>     <wsu:Created>2010-09-28T13:37:08.473Z</wsu:Created>    </wsse:UsernameToken>   </wsse:Security>

• Accept messages without UsernameToken in SOAP header (default) – Enables the community to consume Web Services or AS4 messages that do not include UserName tokens.
• Reject messages that are not authorized using X509 digital signature defined within SOAP header – When you select this option, Activator checks for an X509 token in the signature SOAP Header of an AS4 or Web Services inbound message. X509 tokens are also available for encryption security headers, but they are not subject to this validation. If the X509 token is absent or refers to an invalid certificate, the message is rejected.
• Accept messages that are not authorized using X509 digital signature defined within SOAP header – Enables the community to consume AS4 and Web Services messages that do not include X509 tokens.
• Treat SOAP Faults as negative acknowledgements – SOAP faults are SOAP response messages that contain a single instance of the Fault element inside the SOAP body, with no other data content. These responses are not automatically flagged by Activator as negative acknowledgements. Select this option force Activator to handle WS fault responses as negative acknowledgments.

Whether you choose to reject or accept authenticated Web Services or AS4 messages, the choice applies to all Web Services or AS4 messages received for the community, unless you define exceptions.

You can specify exceptions for the two main categories of Web Services/AS4 authentication:

• Web Services UsernameTokens
• X509 Digital Signature Authentication

To apply exceptions, locate one of the above categories on the validation rules page and:

• Click Add an exception for a partner to create a partner-specific exception.
• Click Add an exception for a category to create an exception for a partner collaboration category. A collaboration category is a group of partners who have common collaboration settings.
• Click Add an exception for a trading pickup to create an exception for messages received by the community through a specific community trading pickup.

You can add multiple partners, categories or trading pickups to the exceptions lists. Activator applies the opposite of the selected behavior to any partners, collaboration categories, or trading pickups that display in the exceptions lists.

Related topics

• Validation rules: Duplicate messages tab
• Validation rules: Signing tab
• Validation rules: Encryption tab
• Validation rules: CSOS duplicate orders tab
• Validation rules: AS4 tab
• Validation rules: cXML tab