Securing the last mile --> OEG and OSB Part 2

Now let’s get rid of the hard coding of user/pwd in OEG.

Open the "Secure" policy



Add 2 Retrieve from HTTP Header filters
userName --> authentication.subject.id
password --> authentication.subject.password







Now set the InsertWSS UsernameToken Filter we amended earlier, back to the following –


Deploy and Test

Add the following headers to the request in Service Explorer