How does the Gen Call External feature used for calling a SOAP web service support runtime authentication?

Release : 8.6

Component : Gen Workstation Toolset

If the SOAP/WSDL has the option to capture the username and password then it could be passed in as a request body but most of the time username and password is abstracted from the WSDL and hence supported through the SOAP header.
So Call External supports authentication via the SOAP header user exit function ABRT_xcall_ws_soapheader_exit inside the file abrtexit.c (currently this is for C only):
CA Gen 8.6 > Reference > User Exits > Action Block Runtime User Exits > Windows Action Block Runtime User Exits > ABRT_xcall_ws_soapheader_exit

Here is a sample SOAP header example:
+++
void  ABRT_xcall_ws_soapheader_exit(const char *uri, char* customsoapheader, size_t MaxLen)
{
    /* below is one example of adding custom soap header */
    //strncpy(customsoapheader, "<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:UsernameToken><wsse:Username>USER</wsse:Username><wsse:Password>PASSWORD</wsse:Password></wsse:UsernameToken></wsse:Security>\0", MaxLen);
    return;
}
+++

The callexternal.ini file parameter SOAPHEADER_BUFFERSIZE should be updated before using this exit to let the runtime allocate enough buffer for the custom header. The default value is 3000.
CA Gen 8.6 > Developing > Designing > Using the Toolset > Working with Toolset > Use Action Diagram > Assignment Action Statements > Add a Call External Statement > Call External File