Some Web services may require clients to authenticate themselves before allowing access to the service. The authentication process uses credentials. There are two types of credentials supported by SOAPam:
- a userid and password used for HTTP authentication
- a pass phrase associated with a PKCS12 certificate used for SSL client authentication
The type of authentication required, if any, is dependent on the Web service. If authentication is required, you must supply your credentials to the SOAPam Client Process to use on your behalf .
SOAPam provides a mechanism for storing your credentials in an encrypted format. Rather then specifying your credentials in clear text as a command line parameter whenever starting SOAPAMCP, you can specify the name of an encrypted credentials file. The encrypted credential information can then be used by the SOAP/CM Client Process for authentication to servers when necessary.
SOAPam credentials files are created using the MAKECF utility. Refer to Using the MAKECF Utility for more information. You can create as many SOAPam credentials files as necessary, since different Web services may require different credentials.
This example stores the userid 'myuserid' and password 'mypassword' in the encrypted credentials file "mylogin", then supplies the credentials filename with the -httpauth command line parameter when starting SOAPAMCP.
tacl> run MAKECF mylogin myuserid:mypassword
tacl> run SOAPAMCP / name $WSCP / -httpauth mylogin @otheropts
The second example stores the pass phrase in the encrypted credentials file "certpass". (Since the pass phrase was not supplied on the command line, MAKECF prompts for the information, but does not echo it.)
tacl> run MAKECF certpass
tacl> run SOAPAMCP / name $WSCP / -sslclientcert mypkcs certpass @otheropts
Note that the credentials file is location dependent, i.e., if the file is moved or renamed, the credentials cannot be decrypted. This feature is designed to disable the credentials in case the file is stolen or otherwise used inappropriately. Even though credentials become invalid when moved, system administrators should still use Guardian security to prevent unauthorized access to the contents of the file.
This example verifies the contents of the credentials file and that it is located in the correct subvolume
tacl> run MAKECF certpass -verify