Usage Cases for Identifying or Authenticating Consumers
When deciding which type of identifier to use to identify a consumer application, consider the following points:
Whatever identifier you select to identify a consumer application, it must be unique to the application. Identifiers that represent user names are often not suitable because the identified users might submit requests for multiple applications.
Identifying applications by IP address or host name is often a suitable choice, however, it does create a dependency on the network infrastructure. If a consumer application moves to a new machine, or its IP address changes, you must update the identifiers in the application asset.
Using X.509 certificates or a custom token that is extracted from the SOAP message itself (using an XPATH expression), is often the most trouble-free way to identify a consumer application.
Following are some common combinations of actions used to authenticate or identify consumers:
Scenario 1: Identify consumers by IP address or host name The simplest way to identify consumers is to use the Identify Consumer action and set its
Identify User Using parameter to specify either a host name or an IP address (or a range of IP addresses).
Scenario 2: Authenticate consumers by HTTP authentication token Use the following actions:
Identify Consumer action and set its
Identify User Using parameter to HTTP Authentication Token (to identify consumers using the token derived from the HTTP header).
Require HTTP Basic Authentication.
Additionally, you can use one or both of the following:
Authorize User action (to authorize a list of users and groups registered in the
Integration Server on which
Mediator is running).
Authorize Against Registered Consumers action (to authorize consumer applications against all Application assets registered as consumers for a service in
CentraSite).
Scenario 3: Authenticate consumers by WS-Security authentication token Use the following actions:
Identify Consumer action, and set its
Identify User Using parameter to WS-Security Authentication Token (to identify consumers using the token derived from the WSS Header).
Require WSS Username Token action.
Additionally, you can use one or both of the following:
Authorize User action (to authorize a list of users and groups registered in the
Integration Server on which
Mediator is running).
Authorize Against Registered Consumers action (to authorize consumer applications against all Application assets registered as consumers for a service in
CentraSite).
Scenario 4: Authenticate consumers by WSS X.509 token Identify Consumer action, and set its
Identify User Using parameter to Consumer Certificate (to identify consumers using the WSS X.509 token).
Require WSS X.509 Token action.
Require SSL action.