Configuration Guides › Policy Server Configuration Guide › Authentication Schemes › WS‑Security Authentication › Choose a WS‑Security Token Type › Username and Password Token (Clear Text)

Username and Password Token (Clear Text)

The Username and Password token provides the token subject’s username and clear-text password.

Note: The password storage schemes used by the Username and Password token-generating site must be consistent with the password storage scheme used by the Username token-consuming site. For instance, if the generating site uses SHA-1 password hashes in its user directory, then the consuming site must do the same.

Important! CA recommends that you always use Username and Password tokens with digital signatures or XML encryption to prevent malicious parties from intercepting the message and obtaining the username and password from it.

More information:

Variable for Specifying the Generated WS-Security Token Type