Using Transaction Authentication

Overview

The Header element of the cXML document contains addressing and authentication information. The Header is the same regardless of the specific Request or Response cXML message. The main elements of the Header are From, To, and Sender. Each of the elements contains the Credential element that allows you to specify identification and authentication values.

The Credential element has the following attributes:

  • domain. Specifies the type of credential. This attribute allows documents to contain multiple types of credentials for multiple authentication domains. For example, the domain of the messages sent on Ariba Supplier Network can be the Ariba SN User Id to indicate an email address, DUNS for a D-U-N-S number, or NetworkId for a pre-assigned ID.
  • type. (Optional) Requests to or from a marketplace identify both the marketplace and the member company in From or To Credential elements. In this case, the credential for the marketplace uses the type attribute, which is set to the value "marketplace."

Credential contains an Identity element and optionally a Shared Secret, Digital Signature, Signature Type and Signature Encoding. For the details about these elements, see the cXML User's Guide Version 1.2.

Configuring Digital Signature Validation

About this task

Ariba Supplier OnRamp Adapter allows suppliers to specify a digital signature and stores the signature in the database. For each cXML document, the wm.b2b.cxml:receiveCXML service checks for the authenticity of the document by verifying the digital signature specified in the Sender Credentials of the document. The Test Module of Ariba Supplier OnRamp Adapter provides fields where the digital signature can be specified for a specific cXML message to be tested.

To enable digital signature validation

Procedure

  1. In Integration Server Administrator, click IBM webMethods Adapter for Ariba Supplier OnRamp under Adapters.
  2. Click cXML. The cXML Message Fields page appears showing the Supplier Digital Signature configuration.
  3. In the Digital Signaturesection and provide values for the following fields. All fields are case sensitive.
    Field Value
    Digital Signature Supplier's digital signature. The cXML.org recommends using a self-contained PK7 format and the current timestamp. For example, Ariba ORMS 5.1P4.
    Signature Type The type of digital signature. For example, PK7 self-contained.
    Signature Encoding The signature encoding in the XML stream. For example, Base64.
  4. Click Update.
    Note: If the Digital Signature is configured, a status message will be shown indicating the Digital Signature is configured.

Disabling Digital Signature Validation

About this task

To disable digital signature validation

Procedure

  1. In Integration Server Administrator, click IBM webMethods Adapter for Ariba Supplier OnRamp under Adapters.
  2. Click cXML. The cXML Message Fields page appears showing the Supplier Digital Signature configuration.
  3. Ensure that the Digital Signature, Signature Type, and Signature Encoding text boxes are empty and click Update.
  4. When you update the Digital Signature without entering any value in the text box, it will disable Digital Signature validation.

Configuring Shared Secret Validation

About this task

Ariba Supplier OnRamp Adapter allows suppliers to specify a shared secret based on the identity and stores the shared secret in the database. For each cXML document, the wm.b2b.cxml:receiveCXML service checks for the authenticity of the document by verifying the shared secret specified in the Sender Credentials of the document. The Test Module of Ariba Supplier OnRamp Adapter provides fields where the shared secret can be specified for a specific cXML message to be tested.

  • You can configure multiple shared secrets based on different identities.
  • The previously configured shared secret is mapped to the Shared Secret for the DEFAULT identity.
  • The Shared Secret that is configured for the DEFAULT identity is applicable to all the identities unless specified explicitly.
  • The DEFAULT identity cannot be removed.

To configure shared secret validation

Procedure

  1. Start Integration Server Administrator.
  2. In the IBM webMethods Adapter for Ariba Supplier OnRamp menu, select cXML.
  3. In the cXML Message Fields page, perform the following:
    • Select the DEFAULT identity and update the following fields:
      Fields Description
      Identity * String. The field is non-editable. Value is DEFAULT.
      Description String. The field is non-editable. Describes whether the shared secret for the DEFAULT identity is configured or not. Possible values are:
      • Default shared secret (Configured).
      • Default shared secret (Not configured).
      Shared Secret * String. Optional. Shared secret to validate the identities not listed in the Supplier Credentials list.
      • If the senders identity is not configured in the Supplier Credentials list, then the senders shared secret is validated with the shared secret configured for the DEFAULT identity.
      • If the senders identity is not configured in the Supplier Credentials list and if the shared secret is not configured for the DEFAULT identity, then the validation process is disabled.
    • In the Supplier Credentials section, select Add Shared Secret and update the following fields:
      Fields Description
      Identity * String. Required. Name of the Ariba Supplier OnRamp Adapter identity.
      Description String. Optional. Description of the Ariba Supplier OnRamp Adapter identity.
      Shared Secret * String. Required. Shared secret to validate the identity.
  4. Click Add.

Results

In the cXML Message Fields page, the identity is added to the list in the Supplier Credentials section.

Removing the Identity for Shared Secret Validation

About this task

If you do not want to validate the senders' identity explicitly, you can remove the identity for shared secret validation.

Note: The DEFAULT identity cannot be removed.

To remove an identity for shared secret validation

Procedure

  1. Start Integration Server Administrator.
  2. In the IBM webMethods Adapter for Ariba Supplier OnRamp menu, select cXML.
  3. In the cXML Message Fields page, select the for the identity you want to delete in the Supplier Credentials section.

Results

The identity and the corresponding details are removed.

Disabling Default Shared Secret Validation

About this task

If you want to perform the tests without validating the senders' identity, you can disable the validation feature.

To disable the DEFAULT shared secret validation

Procedure

  1. Start Integration Server Administrator.
  2. In the IBM webMethods Adapter for Ariba Supplier OnRamp menu, select cXML.
  3. In the cXML Message Fields page, select DEFAULT identity in Supplier Credentials section.
  4. Verify that the Shared Secret text box is empty and click Update.
    Note: If the senders' identity is not available in the Supplier Credentials list, and if the Shared Secret for the DEFAULT identity is updated without entering any value in the text box, then the validation process is disabled.