WSO2 SOA Enablement Server interoperability has been tested for HTTP Basic, HTTP Digest, and SSL authentication mechanisms. These methods were tested with the following web servers that provide the same authentication mechanisms: Microsoft .NET (a Web service server), Apache Tomcat 4.0, and WebLogic 6.1.
Some notes on interoperability are listed below:
SSL
Without client authentication, this method is compatible with other web servers, including those that host Web services. The standalone WSO2 SOA Enablement Server uses Sun Microsystems' JSSE implementation of SSL. Also, our own implementation of the KeyStore interface maintains the KeyStore itself, working together with client authentication to check client identities.
HTTP Basic Authentication
This simple authentication method is compatible with all tested web servers.
HTTP Digest Authentication
Using this mechanism, WSO2 SOA Enablement Server for Java is compatible with Apache Tomcat 4.0 and Microsoft IIS 6.0. The authentication method also works for a WSO2 SOA Enablement Server embedded in WebLogic 6.1.
GSSAPI/Kerberos
The current implementation of the Kerberos providers uses the Sun implementation of GSSAPI/Kerberos. It is compatible with The Kerberos Version 5 GSS-API Mechanism,and works with Windows and UNIX KDC.
WS-Security
WSO2 SOA Enablement Server includes an implementation of the OASIS WS-Security Specification, working draft 13 (see http://www.oasis-open.org/home/index.php). WSO2 SOA Enablement Server WS-Security is interoperable with Microsoft WSE 1.0 SP1. (WSE 1.0 includes an implementation of WS-Security specification 1.0 by IBM, Microsoft, and VeriSign.)