Combined server authentication and basic authentication security scheme

With combined server authentication and basic authentication, the client (SOAP Gateway) that requests the web service is required to establish HTTPS security before it sends the basic authentication credentials to be authenticated.

In this scheme, the client, SOAP Gateway, initiates an HTTPS call, the sever sends back a certificate, and the client verifies the authenticity of the certificate.

After it secures the transmission, the client sends the basic authentication credentials to be authenticated by the server.

The following diagram shows the process flow when server authentication is used with the basic authentication security scheme:
Figure 1. Server authentication and basic authentication for the IMS applications as web service consumers scenario
This image shows the process flow when server authentication and basic authentication are used together.
  1. The client (SOAP Gateway) initiates an HTTPS call.
  2. The server sends back a certificate.
  3. The client verifies the certificate with the server certificate that is stored in the truststore.
  4. The client sends the basic authentication credentials (user name and password) to the server.
  5. After securing the transmission, the client is allowed to access protected services.