Enable WS-Security verification

Administrators can enable Web Services Security (WSS) verification from the Web Services system properties.

Before you begin

Role required: web_service_admin or admin

Procedure

  1. Navigate to System Web Services > Properties.
  2. For Require WS-Security header verification for all incoming SOAP requests, select Yes.
    Require WS-Security header verification
    Note: Selecting this option enables WS-Security for all inbound SOAP requests. It is not possible to enable WS-Security for only some requests.
  3. Click Save.
  4. Create a WS-security profile.
  5. Update the user record for the MID Server and ODBC driver to mark these users as internal integration users.
  6. Download and install the latest MID Server and ODBC driver.
  7. To validate SOAP request signatures, upload the remote web service's certificate as a JKS and create the web service's WSS Username Token Profile.
    Note: Because ServiceNow's WSS implementation does not verify the CA certificate, you do not need to upload the web service's CA certificate.