In the web service or the web client, set the SECURITYIN parameter. Use one of the following values:
-
REQUIRE — The web service or the web client verifies the WS-Security header element and issues an error if there is a mismatch or if this element is missing.
-
ALLOW — The web service or the web client verifies the WS-Security header element.
In both cases, the web service or the web client validates the <Timestamp>, <UsernameToken>, <BinarySecurityToken>, <Signature>, and <EncryptedKey> header elements. It also validates the WS-Security signature in the SAML assertion in the header, if any. The message is also decrypted, if appropriate.
If validation fails, an error is returned.
There are two additional possible values for SECURITYIN parameter, for use in testing and troubleshooting:
-
IGNORE — The web service or client ignores the WS-Security header elements except for <UsernameToken>, as described in CSP Authentication and WS-Security.
For backward compatibility, this value is the default.
-
IGNOREALL — The web service or client ignores all WS-Security header elements.
