SOPERA User Authentication

To enable authentication for Integration Server Administrator, incoming, and outgoing SOPERA calls, you must configure the Integration Server Login Module (IS Login Module).

To enable authentication for My webMethods Server, you need to configure the My webMethods Server Login Module (MWS Login Module).

For more information about JAAS login modules, see the webMethods Integration Server Administrator’s Guide for your release.

For both the IS Login Module and the MWS Login Module, the functionality depends on central user management being properly configured beforehand. For information about how to configure these login modules, see Configure the IS Login Module and Configure the MWS Login Module.

After you configure the IS Login Module and the MWS Login Module, they authenticate SOPERA users against the SOPERA infrastructure and place them in a group called SOPUsers. You assign access control lists (ACLs) to the SOPUsers group as required to access the functionality that you want to use.

For outgoing SOPERA calls, the adapter propagates the session information containing the SOPERA SAML token to the SOPERA infrastructure. In this way if the provider or consumer policy has been configured for authentication and authorization, the infrastructure validates the token before the service is invoked. The SOPERA call is performed by the same user that invokes the adapter service on Integration Server.

For incoming SOPERA calls, authentication happens on two levels. First, the infrastructure authenticates and authorizes the user based on the SAML token that has been sent if the provider and consumer have the required security configuration. Then the user is authenticated in Integration Server when incoming call authentication has been configured. The adapter validates the SAML token it receives and creates a session for the respective user on Integration Server. The IS service configured as a provider is invoked with the user credentials.