Question & Answer
Question
How do you turn off login authentication for Sterling exposed web services in IBM Sterling Selling and Fulfillment Suite?
Cause
You dont want to authenticate all client systems every time it invokes sterling exposed web services.
Answer
Without authentication, Application Programming Interface (API) invocation of the web service call is not recommended. Its a security violation.
In case this is still required as per the implementation the below changes would serve the use case:
- Set the sandbox.cfg variable SUPPRESS_JAXWS_HANDLERS=true
Login call on webservice invocation is happening form the DefaultLogicalHandler.
By setting SUPPRESS_JAXWS_HANDLERS=true handler chain will not get called.
- Set yfs property api.security.token.enabled=N to disable API token validation.
However. this does not disable security across all the channels. You will still have to validate through login page/api to access the application. This will only suppress the extra validation check for every API invocation(impacting API calls made through API tester and direct API access).
Disabling the login validation specifically for web services call is not possible as API framework does not know that API is being executed within a web service call.
[{"Product":{"code":"SS6PEW","label":"IBM Sterling Order Management"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Extensions","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"9.2;9.2.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Was this topic helpful?
Document Information
Modified date:
10 May 2022
UID
swg21667688