XML & Web services: Passing user Authentication Data to Secured Webservice
- Posted by: shiva prasad
- Posted on: March 18 2010 10:16 EDT
I have a secured webservice deployed in one websphere server . My client j2ee web application running on another websphere server needs to invoke the webservice by passing the user credential of the logged in user.
How do I transfer the user credential to the webservice?? Please help me in this regard.
I have tried hardcoding the user id and pwd in the service stub and this works perfectly fine.
- Passing user Authentication Data to Secured Webservice by Pitt Czapczyk on July 08 2010 16:39 EDT
- Passing user Authentication Data to Secured Webservice by Carlos Rodriguez on July 21 2010 17:18 EDT
I think, saml is not the right way for this scenario. The app cannot share the saml token which come from the browser redirection with an third party app. The token is generated only for a session with the authorized app, and is managed exclusively by the User Agent.
I think, you can simply send signed soap messages with persistent id of users. Such persistent opaque-ids you can get using technologies as SAML.