SOAP API

If you wish to integrate your services with EngageOne Server you need to be aware of the optional transientSession flag. This flag is present in the UsernameToken section of each SOAP request and should be set according to the needs of the environment integrating with EngageOne Server.

If you do not provide the transientSession flag explicitly, the default behavior depends on property security.soap.transient.session.default. This optional property is set in your deploy.properties file, and it can take one of two values:

• ACTIVE_WHEN_NOT_SPECIFIED
• INACTIVE_WHEN_NOT_SPECIFIED

If the property is not provided, the system behaves as if ACTIVE_WHEN_NOT_SPECIFIED was set.

OpenAM sessions related to SOAP web service calls are not created if:

• transientSession flag is set to TRUE in the incoming SOAP request;
• transientSession flag is not provided in the SOAP request and property security.soap.transient.session.default is set to ACTIVE_WHEN_NOT_SPECIFIED.
• transientSession flag is not provided in the SOAP request and property security.soap.transient.session.default is commented.

Each SOAP request will create a new OpenAM session if:

• transientSession flag is set to FALSE in the incoming SOAP request;
• transientSession flag is not provided in the SOAP request and property security.soap.transient.session.default is set to INACTIVE_WHEN_NOT_SPECIFIED.

Consequently, there’s no need to set transientSession flag explicitly unless it is absolutely necessary, as the same can be achieved through the default setting available in deploy.properties file.

The only scenario where transientSession needs to be provided (and set to FALSE) is when there is a need to reuse the session token returned in the SOAP response. In all other cases, we recommend setting transientSession flag to TRUE or not providing it at all, as it results in a significant reduction of the data processed and replicated between security nodes.