BackGround: We have "Provided few PeopleSoft WSDLs" to a third party that uses these WSDLs to fetch data from PeopleSoft. (Perfect!)
Problem: Anyone else other than the third party, who knows the WSDL URL and Request Parameters can get the data from PeopleSoft. (Not Good!)
Question: What is the simplest way to implement WSDL / WS Security so that only a particluar external system/target system (Fusion/Salesforce/etc..) can only invoke them to fetch data from PSFT? (or) In other words, Can we configure the PeopleSoft IB with a 'white list' of requesting domains that are allowed to invoke the services, say (google.com,salesforce.com,oracle.com)
Any Simple suggestions to make these WSDL URLs safe will be greatly appreciated! Thank You!
1) You can use the Service Operation security link ( on service operation General tab) to give access to particular group by a permission list.
2) Using the routings for the service opeartion, exposed as Web service select the specified nodes only. At place of Any to local specify the required integration node.