At the moment the API client connector wizard is not validating forms properly, specifically in the security step.

For reference, here are the requirements for the security types for the SOAP connector.

SOAP security type relationships:

Authentication Type -
1. None - nothing else to display
  2. HTTP Basic Authentication -
    2.1 Username
    2.2 Password
3. WS-Security Username Token -
  3.1 Username
  3.2 Password Type -
    3.2.1 None - don't show Password field
    3.2.2 Text
    3.2.3 Digest
  3.2 Password - only if type is not none
  3.3 Timestamp
  3.4 Username Token Nonce
  3.5 Username Token Created

WS-Security (SOAP):

• We have to force the user to enter something in `username` for ws-security, but because of the other relationships in the security types, it's optional at the component level (in terms of the API).
• `password` is also the same way for ws-security, it becomes required if `passwordType` is not none
• when the `passwordType` is set to `PasswordDigest`, the user must enter a `password`, which the backend uses to compute a digest at integration run time