Integration Server 10.5 | Web Services Developer’s Guide | Securing Web Services Using the WS-Security Facility | WS-Security Facility Policy Reference | UsernameToken Element
 
UsernameToken Element
For outbound messages, the <UsernameToken> element specifies whether or not to include a WS-Security UsernameToken in the message header.
Outbound Messages
Password Type
The “PasswordType” attribute specifies the password form to use. Specify one of the following settings:
Setting
Description
“Text”
Integration Server includes the password in plain or clear text.
“digest”
Integration Server creates a password digest where the password contains a hash of the timestamp.
“digestwithnonce”
Integration Server creates a password digest where the password contains a hash of the timestamp and nonce.
Note:Integration Server supports “digest” and “digestwithnonce” for consumer web service descriptor only. If you use it with a provider web service descriptor, Integration Server will process the incoming SOAP request, however, the authentication of the username will fail.
Note:
If your password contains a nonce, ensure that each message includes a new nonce value. Integration Server will reject a UsernameToken if it includes a nonce that is already used.
Example
<UsernameToken
PasswordType="Text"/>