CentraSite 10.3 | CentraSite User’s Guide | Runtime Governance | Run-Time Policy Management | Built-In Run-Time Actions Reference (CentraSite Business UI) | Built-in Actions for Run-Time Policies (CentraSite Business UI) | Evaluate HTTP Basic Authentication
 
Evaluate HTTP Basic Authentication
If you have a native API that requires to authenticate a client to the Integration Server using the HTTP Basic Authentication, you can use the Evaluate HTTP Basic Authentication action to extract the client's credentials (user ID and password) from the Authorization request header, and verify the client's identity.
This action uses HTTP Basic authentication to verify the client's authentication credentials contained in the request's Authorization header. When this action is configured for an API, Mediator validates the credentials against the list of consumers available in the Integration Server on which Mediator is running. If you have selected the checkbox Authenticate User using the HTTP Basic Authentication, this type of client authentication is referred to as preemptive authentication.
If the user or password value in the Authorization header cannot be authenticated as a valid Integration Server user (or if the Authorization header is not present in the request), a 500 SOAP fault is returned, and the client is presented with a security challenge. If the client successfully responds to the challenge, the user is authenticated. This type of client authentication is referred to as non-preemptive authentication. If the client does not successfully respond to the challenge, a 401 WWW-Authenticate: Basic response is returned and the invocation is not routed to the policy engine.
If you select to omit the Authenticate User parameter (and regardless of whether an Authorization header is present in the request or not), then Mediator forwards the request to the native API, without attempting to authenticate the request.
In the case where a client sends a request with transport credentials (HTTP Basic Authentication) and message credentials (WSS Username Token or WSS X.509 Token), the message credentials take precedence over the transport credentials when Integration Server determines which credentials it should use for the session. For more information, see and .
If Mediator cannot identify the client, Mediator fails the request and generates a Policy Violation event.
Input Parameters
Identify Consumer
(String). The list of consumers against which authentication credentials (user ID and password) should be validated for identifying requests from a particular client.
Value
Description
Do Not Identify
Mediator forwards the request to the native API, without attempting to verify client's credentials in incoming request.
Global Consumers
(Default). Mediator tries to verify the client's credentials against a list of all global consumers available in the Mediator.
Registered Consumers
Mediator tries to verify the client's credentials against the list of consumer applications who are registered as consumers for the specified API.
Authenticate User
Use this checkbox to specify the users who can access the APIs. If you select the checkbox, Mediator allows only the users specified in the Identify Consumer parameter to access the APIs. If you do not select the checkbox, Mediator allows all users to access the API. In this case, do not configure the Identify Consumer parameter.
Note:
If you have selected the Authenticate User option, the client that connects to the API must have an Integration Server user account.