I concur with the username and password (authentication headers basically) always being required unless as Fred said if it was set up for anonymous login in the mid-tier..
Does anyone know security wise what might be better? I'm assuming that setting an annonymous account might be better security wise as then you do not have to pass the username and password in the xml especially if your web services are not https enabled. When stored in the mid-tier configuration, where exactly does the username and password get stored? And are these values encrypted wherevery they may reside in the mid-configuration? Cheers Joe -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Grooms, Frederick W Sent: Thursday, August 29, 2013 1:57 PM To: arslist@ARSLIST.ORG Subject: Re: SOAP Authentication while consuming web service Username and password have always been required when consuming a Remedy hosted web service. 8.1 does not change this. The Integration Guide describes authenticating to a web service published by AR System. Basically if the AuthenticationInfo header data is not provided in the XML the Mid-Tier uses the Anonymous User and Password settings in the Mid-Tier configuration Web Service Settings section. Fred -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Sachin Sent: Thursday, August 29, 2013 11:20 AM To: arslist@ARSLIST.ORG Subject: SOAP Authentication while consuming web service Hi Experts, I have query regarding SOAP authentication headers for consuming Remedy 8.1 web service by external application. As of AR 8.1 , the consuming application need to provide authentication in SOAP header. ( User Name, Password, Authentication etc). I have a requirement where customer do not intend to provide authentication parameters in SOAP headers while consuming Remedy web service. Is there any way that consuming application can by pass authentication is SOAP payloads? I know one way is to create wrapper API for bypassing SOAP authentication.But, i am seeking better solution to resolve this issue. Please advice. Regards, Sachin _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
