Web Services is one of the illusive part of siebel CRM. A lot has already been written about web services but for this category more is always less. This post is not about how to create inbound web service but to help you decide how to use them based on different scenarios.
Siebel makes use of UserName token mechanism for authentication and security. Based on the requirement following options are supported while implementing an inbound web service:
1 - The basic implemenation allows the userid and password to be included in the url of webservice. This can be opted when security is not of much importance.Following is an example of passing the user name and password by way of a URL:
http:///eai_enu/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&Username=SADMIN&Password=SADMIN
If you look at the "WebService" named subsystem it will have following parameters:
AllowAnonymous = False
Impersonate = FALSE
Along with this, make sure the operations have the Authentication Type set to None.
2 - We can also use the UserName tokens where security comes into picture. In this case the URL does not reveal the user credentials. In this instance url looks like as below:
http:///eai_anon_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute
It makes use of "SecureWebService" subsystem. If you look at the "SecureWebService" named subsystem it will have following parameters:
AllowAnonymous = False
Impersonate = True
The operations have the Authentication Type set to "Username/Password - clear text". This type requires the SOAP client to send security header information along with the request. This header information contains the userid and password.
3 - There are times when you don't want exteral system to send the userid and passwords. siebel provides us a way to create totally anonymous web service so that no credentials are required to invoke service. A sample web service url looks like:
http:///eai_anon_enu/start.swe?SWEExtSource=AnonWebService&SweExtCmd=Execute
We need to have a new NamedSubsytem "AnonWebService" with following parameters:
AllowAnonymous = TRUE
Impersonate = FALSE
Along with this, make sure the operations have the Authentication Type set to None.
Details of how to create anonymouse web service are given under support Id: 601681.1
If security is of the utmost importance, and if it is critical that the password not be provided in clear text, web services over HTTPS should be used. We will discuss more of Outbound scenarios in the upcoming posts till then keep discovering unlimited possibilities of web services.
1 comment:
eai.cfg is missing when you set up a anonymous web server.
Post a Comment