Enable WS-Security verification

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Administrators can enable Web Services Security (WSS) verification from the Web Services system properties.

    Before you begin

    Role required: web_service_admin or admin

    Procedure

    1. Navigate to All > System Web Services > Properties.
    2. For Require WS-Security header verification for all incoming SOAP requests, select Yes.
      Note:
      Selecting this option enables WS-Security for all inbound SOAP requests. It is not possible to enable WS-Security for only some requests.
    3. Click Save.
    4. Create a WS-security profile.
    5. Update the user record for the Mid Server and ODBC driver to mark these users as internal integration users.
    6. Download and install the latest MID Server and ODBC driver.
    7. To validate SOAP request signatures, upload the remote web service's certificate as a JKS and create the web service's WSS Username Token Profile.
      Note:
      Because ServiceNow WSS implementation does not verify the CA certificate, you do not need to upload the web service's CA certificate.