How does the Gen 8.6 CALL EXTERNAL feature used for calling a SOAP web service support runtime authentication?

Release : 8.6

Component : Gen Workstation Toolset

If the SOAP/WSDL has the option to capture the username and password then it could be passed in as a request body but most of the time username and password is abstracted from the WSDL and hence supported through the SOAP header.
For the 'C' language, CALL EXTERNAL supports that SOAP header authentication via user exit function ABRT_xcall_ws_soapheader_exit inside the file abrtexit.c:
Action Block Runtime User Exits > Windows Action Block Runtime User Exits > ABRT_xcall_ws_soapheader_exit

Here is a sample SOAP header example:
+++
void  ABRT_xcall_ws_soapheader_exit(const char *uri, char* customsoapheader, size_t MaxLen)
{
    /* below is one example of adding custom soap header */
    //strncpy(customsoapheader, "<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:UsernameToken><wsse:Username>USER</wsse:Username><wsse:Password>PASSWORD</wsse:Password></wsse:UsernameToken></wsse:Security>\0", MaxLen);
    return;
}
+++

The callexternal.ini file parameter SOAPHEADER_BUFFERSIZE should be updated before using this exit to let the runtime allocate enough buffer for the custom header. The default value is 3000. Please see: Add a Call External Statement > Call External File

NOTE:
This feature is only available for the CALL EXTERNAL 'C' runtime i.e. when CALL EXTERNAL is used in Gen 'C' language applications. The feature is not available when CALL EXTERNAL is used in Gen 'Java' and 'C#' language applications.
For other languages please see the later CALL REST statement authentication features (CALL REST i.e. the consumption of RESTful web services, is now the focus of future Gen functionality in this area). Also please see: Gen 8.6 Consuming REST Web Service APIs