CloudStreams 10.15 | webMethods CloudStreams Documentation | Administering webMethods CloudStreams | Policies | The Policy Actions | Usage Cases for Identifying/Authenticating Consumers
 
Usage Cases for Identifying/Authenticating Consumers
 
Multiple Security Elements in Requests/Responses
When deciding which type of identifier to use to identify a consumer application, consider the following points:
*Whatever identifier you choose to identify a consumer application, it must be unique to the application. Identifiers that represent user names are often not suitable because the identified users might submit requests for multiple applications.
*Identifying applications by IP address or host name is often a suitable choice, however, it does create a dependency on the network infrastructure. If a consumer application moves to a new machine, or its IP address changes, you must update the identifiers in the application asset.
*Using X.509 certificates or a custom token that is extracted from the SOAP message itself (using an XPATH expression), is often the most trouble-free way to identify a consumer application.
Following are some combinations of actions you can use to identify/authenticate consumers.
*Scenario 1: Identify consumers by IP address or host name
The simplest way to identify consumers is to use the Identify Consumer action and select either the IP Address or Host Name parameter.
*Scenario 2: Authenticate consumers by HTTP authentication token
Use the following actions:
*Identify Consumer action, and select the HTTP Authentication Token parameter (to identify consumers using the token derived from the HTTP header).
*Require HTTP Basic Authentication action.
*Authorize User action (to authorize a list of users and/or groups registered in the Integration Server on which CloudStreams is running).
*Scenario 3: Authenticate consumers by WS-Security authentication token
Use the following actions:
*Identify Consumer action, and select the WS-Security Authentication Token parameter (to identify consumers using the token derived from the WSS Header).
*Require WSS Username Token action.
*Authorize User action (to authorize a list of users and/or groups registered in the Integration Server on which CloudStreams is running).
*Scenario 4: Authenticate consumers by WSS X.509 token
Use the following actions:
*Identify Consumer action, and select the Consumer Certificate parameter (to identify consumers using the WSS X.509 token).
*Require X.509 Token action.
*Require SSL action.