Hi,
Does apigee support WS-Security for SOAP requests ? I have created a pass thru SOAP request and need to authenticate the request using WS-Security standards.
Can anyone help on this ?
Apigee Edge will authenticate the request based on the SOAP Security header
<soapenv:Header> <wsse:Security soapenv:mustUnderstand="111" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-459"> <wsse:Username>username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header>
Username and password are passed in the header. Is there an out of the box approach to validate the soap security header without extracting the credentials ?
Or an out of the box approach to process the security header ?
Thanks