Key Capabilities
- Full SOAP web service client with WSDL import for automatic configuration
- WS-Security support with message signing, encryption, and certificate management
- Multiple authentication methods including HTTP, Token, and TLS client authentication
- SOAP template generation through WSDL integration with the XML Map connector
- Support for SOAP versions 1.1 and 1.2 with configurable security token formats
Overview
The input to a SOAP connector should be the full SOAP message to send to the web service. You can generate a template for the SOAP message by importing a WSDL for the target web service. Read the SOAP Templates section for details. The SOAP connector supports HTTP Authentication, Token Authentication, and TLS Client Authentication, and can add digital encryption and signatures to the outgoing SOAP message for web service security. After sending the SOAP request, the connector stores the response or passes it along to the next connector in the flow.Connector Configuration
This section contains all of the configurable connector properties.Settings Tab
Partner Info
Settings for identifying the target web service.| Setting | Description |
|---|---|
| Connector Id | The static, unique identifier for the connector. |
| Connector Type | Displays the connector name and a description of what it does. |
| Connector Description | An optional field to provide a free-form description of the connector and its role in the flow. |
| Service Endpoint | The URL to which SOAP requests should be sent. |
| SOAP Action | The web service action to be triggered on the remote server. |
| SOAP Version | The version of SOAP you are using. |
| Import from WSDL | WSDLs can be imported from a URL or from a local file, and then automatically populate configuration fields in the connector. Importing a WSDL also allows for generating an XML template for SOAP requests when connected to an XML Map connector. See SOAP Templates for details. |
WS-Security
Settings related to securing the web service transmissions.| Setting | Description |
|---|---|
| Send Message Security | Whether to sign and/or encrypt outgoing SOAP requests. |
| Receive Message Security | Whether to require that signatures and encryption are present for incoming SOAP responses. An error is thrown if a received message does not have a required security parameter. |
| Time To Live | The length of time the connector waits for a connection response before throwing a timeout error. |
Client Certificate
Settings related to the private local certificates.| Setting | Description |
|---|---|
| Private Certificate | The private certificate used for signing outgoing requests and decrypting incoming responses. |
| Certificate Password | The password for accessing the private certificate. |
Server Certificates
Settings related to the server’s public certificates.| Setting | Description |
|---|---|
| Encryption Certificate | The public certificate used for encryption when sending messages and signature verification when receiving responses. |
| TLS Server Certificate | The public certificate used to verify the identity of an SSL/TLS server. Only required if you are sending requests over HTTPS (instead of HTTP). In the absence of a specific server certificate, you can leave this blank to allow the underlying OS/JVM to perform certificate validation, or you can set it to Any Certificate to trust the target server’s identity. Use Any Certificate with caution: the certificate verifies that you are connecting to the intended server. |
Advanced Tab
Token Authentication
Settings related to token client authentication.| Setting | Description |
|---|---|
| Token Authentication | Check this to enable token authentication for outgoing messages. If enabled, outgoing messages include the user credentials set below. |
| Username | The username required to access the token. |
| Password | The password required to access the token. |
| Password Type | Use the radio buttons to specify whether the password is in plain text (Text) or is encrypted (Digest). |
TLS Client Authentication
HTTP Authentication
Settings related to HTTP client authentication.| Setting | Description |
|---|---|
| Use HTTP Authentication | Check this to enable client HTTP Authentication. |
| HTTP Authentication Type | Whether to provide HTTP authentication credentials in an encrypted format (Digest) or in plain text (Basic). Basic authentication should only be used if the connection is an HTTPS connection (rather than HTTP). |
| User | The User credential for HTTP client authentication. |
| Password | The Password credential for HTTP client authentication. |
Custom Headers
A set of custom headers to include as part of the outgoing message.Proxy Settings
Advanced Settings
Settings not included in the previous categories.| Setting | Description | |
|---|---|---|
| Connection Timeout | The length of time the connector waits for a connection response before throwing a timeout error. | |
| Encryption Algorithm | The algorithm to use when encrypting outgoing messages. | |
| Normalize Issuer Subject | Whether certificate issuer data should be normalized into a simple string for validation by the web service. | |
| Allow Script in URL | Allows for the evaluation of Script expressions in the URL before the query is issued. For example, `[_ | now(‘yyyy-MM-dd’)]` evaluates the current date. |
| Processing Delay | The amount of time (in seconds) by which the processing of files placed in the Transactions tab is delayed. This is a legacy setting. Best practice is to use a File connector to manage local file systems instead of this setting. | |
| Signature Algorithm | The algorithm to use when signing outgoing messages. The same algorithm is requested for the corresponding MDN receipts. | |
| Sign Header Payload | By default, the connector only signs the body of the SOAP message. Check this to have the connector also sign the headers. | |
| Security Token Format | Determines the format used for security tokens in SOAP payloads. X509 references contain the certificate subject in DN (distinguished name) format. Binary tokens use the Base64 encoded contents of the entire public key. KeyIdentifier references contain the X509 Subject-Key-Identifier format. | |
| Local File Scheme | A scheme for assigning filenames to messages that are output by the connector. You can use macros in your filenames dynamically to include information such as identifiers and timestamps. For more information, see Macros. | |
| TLS Enabled Protocols | The list of SSL/TLS protocols supported when establishing outgoing connections. Best practice is to only use TLS protocols. Keep in mind that SSLv2 and SSLv3 are considered vulnerable and should only be used if your partner does not support higher versions. Keep in mind that TLS v1.3 is not universally adopted, and might be refused if the destination server does not support them. | |
| Verification Certificate | The public certificate used to verify incoming SOAP responses. This field is only necessary if a different certificate should be used to verify signatures than the public certificate set in Encryption Certificate. |
Logging
Miscellaneous
Automation Tab
Automation Settings
Settings related to the automatic processing of files by the connector.| Setting | Description |
|---|---|
| Send | Whether files arriving at the connector are automatically sent as SOAP requests. |
| Retry Interval | The amount of time before a failed send is retried. A retry is triggered when the server does not respond to a send attempt, or responds negatively to communicate that the file was not received. |
| Max Attempts | The maximum number of times the connector sends outgoing requests. Success is measured based on a successful server acknowledgement. If you set this to 0, the connector retries the request indefinitely. |
Performance
Alerts Tab
SLAs Tab
Establishing a Connection
The Service Endpoint and Service Action for the target web service are required to establish a connection. Some web services might require one or more security features for SOAP requests:- Encryption/Signing (WS-Security)
- Client SSL Authentication
- HTTP Authentication