About Security Aspects when Using Web Services in SAP Interactive Forms by Adobe
Using the WSDL-based Data Connection
In Adobe LiveCycle Designer you can add multiple data connection which are based on WSDL files. WSDL-based data connections do not support any security means like authentication with a user name/password. This will change with Adobe LiveCycle Designer 8.2 (not covered in this blog).
My blog Using Web Services with SAP Interactive Forms by Adobe- Overview & Tips (Using Web Services with SAP Interactive Forms by Adobe- Overview & Tips) describes how to use WSDL-based data connections. Please note that the interactive PDF forms need usage rights to call web services when viewed with Adobe Reader (see the mentioned blog). Designer’s “PDF preview” does not add this usage rights so web service do not work.
The following “issue” is often observed with secured Web Services. The WSDL is downloaded with a web browser (where the user name/password is provided) and saved to the local disc. Then a WSDL-based data connection is created with a local file. Later this scenario does not work since during runtime authentication would be required. So the recommendation is to use an URL pointing to the WSDL directly to avoid finding out later that something is not working.
If the web service requires basic authentication Adobe Reader will open a dialog where you can provide a user name and a password. There is a check box where Reader asks if you want to save this information. If you do so the dialog no longer appears for this server! Remember this if you encounter strange situations where you wonder where the authentication came from. I saw this multiple times.
You can avoid this dialog if you are providing the user name and password programmatically. This is shown in Example 3 under the request method. An oAuthenticator structure is created and passed to the web service as parameter.