WS-Security Validate signed web services requests with WS-security. ServiceNow supports WS-Security 1.1 to validate signed web services requests. Enable WS-Security to: Verify SOAP messages originate from a known sender Verify SOAP messages have not been altered in transit Note: ServiceNow does not use WS-Security as an encryption mechanism. ServiceNow relies on the HTTPS protocol to encrypt all communications. WS-Security is intended to work in conjunction with basic authentication. When ServiceNow receives a SOAP message, it reviews the basic authentication header to determine if the SOAP user has rights to the instance. It reviews the WS-Security header to determine the validity of the incoming message. Requests affected by attacks such as a man-in-the-middle attack have an invalid WS-Security header and are blocked. Enable WS-Security verificationAdministrators can enable Web Services Security (WSS) verification from the Web Services system properties.WS-Security profilesA WS-security profile determines how ServiceNow authenticates a web services message when WS-security is enabled.SOAP security policiesThe Enhanced Web Service Provider - Common plugin adds the SOAP Security Policies module to the System Web Services application. WS-Security error loggingThe glide.processor.debug.SOAPProcessor system property allows error messages about WS-security to be displayed in the transaction log. WS-Security propertiesThese properties control the behavior of WS-Security X.509 tokens.