UsernameToken Credential Mapping

When applying UsernameToken Credential Mapping, remember the following points:

  • There is no authentication needed.
  • The client sends request to the facade operation.
  • When the service invoked by the client request calls the target operation, UsernameToken credential mapping policy is applied. A UsernameToken is then added to the outgoing request using the credentials extracted from the policy or the shared resource specified in the policy.

Example Policy

CredentialMappingByUsernameToken Policy

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wssp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:tpa="http://xsd.tns.tibco.com/governance/policy/action/2009">
    <wsp:All>
        <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
            <ns:CredentialMapping xmlns:ns="http://xsd.tns.tibco.com/governance/policy/action/2009">
                <tpa:Fixed>
                    <!-- Replace the username/password in the following UsernameToken -->
                    <wssp:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-secext-1.0.xsd">
                        <wsse:Username>schalla</wsse:Username>
                        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssusername-
token-profile-1.0#PasswordText">password</wsse:Password>
                    </wssp:UsernameToken>
                </tpa:Fixed>
                <wssp:SupportingTokens xmlns:wssp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/
200702">
                    <wssp:UsernameToken>
                        <!-- Uncomment to generate digested password
<wssp:HashPassword />
-->
                    </wssp:UsernameToken>
                </wssp:SupportingTokens>
            </ns:CredentialMapping>
        </wsp:Policy>
    </wsp:All>
</wsp:Policy>