- Products & services Products & services
- Resources ResourcesCustomer resources
- Customer resources
- Customer support Find more information about engaging support and get help
- Services guide Find more information about working with Services teams
- Free resources Leverage our free tools and trainings
- Modernize to Identity Security Cloud Transition to the cloud for advanced capabilities and a future-ready security posture
Learning- Learning
- Identity University Get technical training to ensure a successful implementation
- SailPoint professional certifications & credentials Advance your career or validate your identity security knowledge
- SailPoint recertification program Get recertified by demonstrating ongoing learning
- Training onboarding guide Make of the most of training with our step-by-step guide
- Training FAQs Find answers to common training questions
- Community Community
- Compass
- :
- Discuss
- :
- Community Wiki
- :
- IdentityIQ Wiki
- :
- Configuring WS-Security for Epic
- Article History
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Content to Moderator
Configuring WS-Security for Epic
Configuring WS-Security for Epic
When configuring the Epic application, it's a best practice to secure the Epic Interconnect Personnel Management/Security Web Service endpoint using WS-Security, at the moment (as of 7.2 GA) IdentityIQ doesn't support WS-Security for the Core endpoint. Below are the steps to enable WS-Security in the Epic application in IdentityIQ:
- Copy the sailpoint_epic_connector_axis2.xml and epic_security_policy.xml files to the \WEB-INF\classes\ directory
- Add the following entries the Epic application xml through debug (sample data that should be replaced with instance specific information):
- <entry key="engageWSSecurity" value="true"/>
- <entry key="authUserID" value="local:epicsailpoint"/>
- <entry key="authUserPassword" value="2:yqq3acVTnn2HpKdfTJr0gA=="/>
The authUserID and authUserPassword entries differ from the username/password entered into the application when configuring through the UI. This is the account that should be configured for the Interconnect Web Service when enabling WS-Security and doesn't need to exist within the Epic application (EMP Record).
In the above sample data, the Epic team created a local account (doesn't exist in Active Directory just in the Epic Interconnect configuration) which is why the authUserID is prefixed with local:
For Active Directory accounts, the authUserID will need to be prefixed with windows: (i.e. windows:epicsailpoint)
