SALT depends on the Oracle Tuxedo security framework for Web Service client authentication. There is no special SALT configuration required to enable inbound HTTP Basic Authentication. If the Oracle Tuxedo system requires user credentials, HTTP Basic Authentication is an alternative for Web Service client programs to carry user credentials.

The GWWS gateway supports Oracle Tuxedo domain security configuration for the following two authentication patterns:

• Application password (APP_PW)
• User-level authentication (USER_AUTH)

The GWWS server passes the following string from the HTTP header of the client SOAP request for Oracle Tuxedo authentication.

Authorization: Basic <base64Binary of username:password>

The following is an example of a string from the HTTP header:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

In this example, the client sends the Oracle Tuxedo username “Aladdin” and the password “open sesame”, and uses this paired value for Oracle Tuxedo authentication.

• Using Application Password (APP_PW)

  If Oracle Tuxedo uses APP_PW, then the HTTP username value is ignored and the GWWS server only uses the password string as the Oracle Tuxedo application password to check the authentication.

• Using User-level Authentication (USER_AUTH)

  If Oracle Tuxedo uses USER_AUTH, then both the HTTP username and password value are used. In this case, the GWWS server does not check the Oracle Tuxedo application password.