CentraSite 10.7 | CentraSite User’s Guide | Runtime Governance | Run-Time Policy Management | Built-In Run-Time Actions Reference (CentraSite Business UI) | Built-in Actions for Run-Time Policies (CentraSite Business UI) | HTTP Basic Authentication
 
HTTP Basic Authentication
This action uses the HTTP authentication mechanism to validate incoming requests from clients. Mediator authorizes the basic credentials (username and password) against a list of all global consumers available in the Mediator.
If the username or password value in the Authorization header cannot be authenticated as a valid Integration Server user (or if the Authorization header is not present in the request), a 500 SOAP fault is returned, and the client is presented with a security challenge. If the client successfully responds to the challenge, the user is authenticated. If the client does not successfully respond to the challenge, a 401 WWW-Authenticate: Basic response is returned and the invocation is not routed to the policy engine. As a result, no events are recorded for that invocation, and its key performance indicator (KPI) data are not included in the performance metrics.
If none of the authentication actions ( HTTP Basic Authentication, NTLM Authentication or OAuth2 Authentication) is configured for a proxy API, Mediator forwards the request to the native API, without attempting to authenticate the request.
Input Parameters
Authenticate Using
(String). The user credentials for authenticating client requests to the native API.
Value
Description
Existing Credentials
(Default). Mediator authenticates requests based on the credentials specified in the HTTP header. It passes the Authorization header present in the original client request to the native API.
Custom Credentials
Mediator authenticates requests according to the values you specify in the User, Password and Domain fields.
Field
Description
Username
(String). Account name of a consumer who is available in the Integration Server on which Mediator is running.
Password
(String). A valid password of the consumer.
Domain
(String). (Optional). Domain used by the server to authenticate the consumer.