Question
WS-Security in CMIS connect
Hi Enhancement team of Pega,
Our project has integration from Pega to IBM File Net P8 using CMIS Connector which has following challenge. We are using Pega version: Pega 7.1.8
Detailed description of the Issue:
Pega CMIS Connector invokes P8, CMIS request needs to have WS-Security header included as part of request to pass the LTPA Token in screenshot below.
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsst="http://www.ibm.com/websphere/appserver/tokentype/5.0.2"
ValueType="wsst:LTPA"
wsst:dummy="placeholder">TOKEN VALUE GOES HERE</wsse:BinarySecurityToken>
</wsse:Security>
</soapenv:Header>
We do not see a way to pass WS-Security header as part of CMIS-Connector in Pega 7.1.8 hence raised this SR-A87097 which was closed by SR team. This need to be taken care as an enhancement.
This feature is missing in the product which been communciated to our client account point of contact from Pega Product Support .
Can you check and let us know if there will an ID created for this enhancement?
Regards,
Parthipan
***Updated by moderator: Lochan to remove proprietary information***
As of November, 2015, Pega does not support SSO (or any token passing) for Connect-CMIS and does not plan to do so. However, the following snippets from that discussion may be helpful.
"The CMIS connector has a user id / password that is supported dynamically setting the userid / password ( using Global Resource Settings ), however not using real SSO where Pega is unaware of the users password."
"Pega does NOT have true SSO for Connect-CMIS - using global resource settings is currently the closest option."
"You can pass any token (SAML, LTPA, Siteminder) as part of a WS-Security policy for SOAP connectors. A custom solution like this would involve importing WSDLs to build Connect-SOAP and importing the needed CMIS schema to support these connectors."