Usage Cases for Identifying or Authenticating Consumers
When deciding which type of identifier to use to identify a consumer application, consider the following points:
![*](chapterTOC_bullet.png)
Whatever identifier you select to identify a consumer application, it must be unique to the application. Identifiers that represent user names are often not suitable because the identified users might submit requests for multiple applications.
![*](chapterTOC_bullet.png)
Identifying applications by IP address or host name is often a suitable choice, however, it does create a dependency on the network infrastructure. If a consumer application moves to a new machine, or its IP address changes, you must update the identifiers in the application asset.
![*](chapterTOC_bullet.png)
Using X.509 certificates or a custom token that is extracted from the SOAP message itself (using an XPATH expression), is often the most trouble-free way to identify a consumer application.
Following are some common combinations of actions used to authenticate or identify consumers:
Scenario 1: Identify consumers by IP address or host name![*](chapterTOC_bullet.png)
The simplest way to identify consumers is to use the Identify Consumer action and set its
Identify User Using parameter to specify either a host name or an IP address (or a range of IP addresses).
Scenario 2: Authenticate consumers by HTTP authentication tokenUse the following actions:
![*](chapterTOC_bullet.png)
Identify Consumer action and set its
Identify User Using parameter to HTTP Authentication Token (to identify consumers using the token derived from the HTTP header).
![*](chapterTOC_bullet.png)
Require HTTP Basic Authentication.
![*](chapterTOC_bullet.png)
Additionally, you can use one or both of the following:
![*](chapterTOC_bullet.png)
Authorize User action (to authorize a list of users and groups registered in the
Integration Server on which
Mediator is running).
![*](chapterTOC_bullet.png)
Authorize Against Registered Consumers action (to authorize consumer applications against all Application assets registered as consumers for a service in
CentraSite).
Scenario 3: Authenticate consumers by WS-Security authentication tokenUse the following actions:
![*](chapterTOC_bullet.png)
Identify Consumer action, and set its
Identify User Using parameter to WS-Security Authentication Token (to identify consumers using the token derived from the WSS Header).
![*](chapterTOC_bullet.png)
Require WSS Username Token action.
![*](chapterTOC_bullet.png)
Additionally, you can use one or both of the following:
![*](chapterTOC_bullet.png)
Authorize User action (to authorize a list of users and groups registered in the
Integration Server on which
Mediator is running).
![*](chapterTOC_bullet.png)
Authorize Against Registered Consumers action (to authorize consumer applications against all Application assets registered as consumers for a service in
CentraSite).
Scenario 4: Authenticate consumers by WSS X.509 token![*](chapterTOC_bullet.png)
Identify Consumer action, and set its
Identify User Using parameter to Consumer Certificate (to identify consumers using the WSS X.509 token).
![*](chapterTOC_bullet.png)
Require WSS X.509 Token action.
![*](chapterTOC_bullet.png)
Require SSL action.