Fetch Authentication Token

A token based authentication has been introduced for the Order Management Server order soap web service by using JSON Web Token (JWT). The operation FetchAuthenticationToken has been added to fetch the token based on the existing username and password. This token can be used to invoke other operations of the order service.

To use this form of authentication, the client can keep the password empty and send the fetched token as the username in the SOAP request.

The request message format is: 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ord="http://www.tibco.com/aff/orderservice" xmlns:aut="http://www.tibco.com/aff/authentication">
   <soapenv:Header/>
   <soapenv:Body>
      <ord:AuthenticateRequest>
         <aut:username>admin</aut:username>
         <aut:password>admin</aut:password>
      </ord:AuthenticateRequest>
   </soapenv:Body>
</soapenv:Envelope>
Fetch Authentication Token Request Data Model
Element Name Element Type Description
Username String Existing username.
Password String Existing password.

The response message format is: 

soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Body>
      <AuthenticateReply xmlns:ns8="http://www.tibco.com/aff/enrichedPlan" xmlns:ns7="http://www.tibco.com/aff/planfragments" xmlns:ns6="http://www.tibco.com/aff/plan" xmlns:ns5="http://www.tibco.com/aff/authentication" xmlns:ns4="http://www.tibco.com/aff/commontypes" xmlns:ns3="http://www.tibco.com/aff/order" xmlns:ns2="http://www.tibco.com/aff/orderservice/result" xmlns="http://www.tibco.com/aff/orderservice">
         <ns5:token>eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c3IiOiJhZG1pbiIsImlzcyI6Ik9NUyIsInJscyI6W3siYXV0aG9yaXR5IjoiUk9MRV9BRE1JTiJ9XSwidG50IjoiVElCQ08iLCJleHAiOjE0OTk3MTM5NzYsImlhdCI6MTQ5OTcxMzc5Nn0.NmLbv2yT5at1lE_DUyWfvjYdxvgv7TJk1utdv-YX-Fo</ns5:token>
      </AuthenticateReply>
   </soap:Body>
</soap:Envelope>
Sample for Security Header with JWT 
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>eyJ0eXAiOiJKV1QiLCJhbGclOiJIUzI1NiJ9.eyJ1c3IiOiJhZG1pbiIsInJscyI6WyJST0xFX0FETUlOIl0sInRudCI6IlRJQkNPIiwiZXhwIjoxNjExODE2Mjg3LCJpYXQiOjE2MTE4MTYxMDd9.EGhOdA3Qq4TxoVG5ayyJJ7uu5pLlOrtVE7bSG4lAIYw</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
</wsse:UsernameToken>
</wsse:Security>