password encryption soap webservice

[fmattos]

Hi all

Is it possible to encrypt the user password when calling the otrs soap api ? Currently it is being sent via plain text..
If yes, is there any documentation explaining how to do that?

<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns="http://www.otrs.org/TicketConnector/actions">
<env:Header/>
<env:Body>
<TicketSearch>
<UserLogin>mysoapuser</UserLogin>
<Password>mysoappassword</Password>
<Queues>myqueue</Queues>
</TicketSearch>
</env:Body>
</env:Envelope>


Thanks
Flavio

[crythias]

Why not connect via SSL?

[fmattos]

Hi Crythias, thanks for answering me...

It is a company policy.. Is there any manual on how to connect via SSL ?

Thanks

[crythias]

I'm not sure how to answer your question.

[crythias]

let me revisit ...

What are you concerned about?

How would you be sending a soap call?

To whom would you be sending the soap call?

Is there any manual on how to connect via SSL

There's the standard random internet search

And some search regarding adding ssl to apache

There's a link to what xmlns is.

The question you ask is not necessarily an OTRS question. It is in some respects because of listening, but on the other hand, the SOAP request itself needs to communicate securely with OTRS completely, which would adjust the parameters from "encrypt the password" to "encrypt the session that sends the password"

[fmattos]

Hi Crythias..

My concern is that there is a company policy that requires me to encrypt all passwords that are send through the internet.
I would send the soap call from a java application to otrs. Currently I am sending the request via http not https..

If I understood, there is no way to send an encrypted password in the soap call, the solution would be sending the soap request via standard SSL. Am I right?

When I said

Is there any manual on how to connect via SSL

I meant if there is any configuration that needs to be done in OTRS. I know that there are configurations to be changed in Apache, but I do not know OTRS that well, I was wondering if there is any config to be changed in OTRS as well.. that is why I asked that...

Thanks

[crythias]

I meant if there is any configuration that needs to be done in OTRS.

I don't think there's anything OTRS-specific about enabling SSL. (There's a SysConfig item that can be changed for "knowing" that the system is https, for link generation, but it doesn't make it happen). This would be more a configuration with the webserver that provides OTRS.