Running Business Processes and Composite Applications 10.4 | Running Business Processes and Composite Applications | webMethods Integration Server Administrator’s Guide | Authenticating Clients | Basic Authentication
 
Basic Authentication
When the server uses basic authentication, it prompts the client for a user name and password. If a user account is found for the supplied user name, the server authenticates the user name by comparing the supplied password to the password in the user account. If the password is correct, the server proceeds with the request. If the password is not correct, the server rejects the request.
If the client does not supply a user name or password, the server uses the Default user account for the client.
Client supplied a user name/password?
User Name found?
Password correct?
Request...
YES
YES
YES
proceeds
YES
YES
NO
is rejected
YES
NO
n/a
is rejected
NO
n/a
n/a
proceeds using the Default user account
Integration Server stores user names and passwords in the authentication cache. The authentication cache is a caching layer in Integration Server that stores the user names and passwords in hash format.
After the first successful authentication of a user name and password (whether for a local user or central user/LDAP), Integration Server stores the credentials in the authentication cache for future reference. On subsequent authentication requests, Integration Server checks to see if the credentials already exist in the authentication cache. If the credentials already exist in the authentication cache, Integration Server does not perform any additional validation of the credentials.
Note: Once a user has changed the password and logged in successfully with the new password, Integration Server removes the old password from the authentication cache.
You control the authentication cache through the following server configuration parameters:
*watt.server.auth.cache.enabled. Enables and disables the authentication cache.
*watt.server.auth.cache.timeout. Specifies the number of milliseconds that each cache entry can remain idle before Integration Server removes it from the authentication cache.
*watt.server.auth.cache.capacity. Specifies the number of user name and password combinations Integration Server stores in the authentication cache.
For more information about the server configuration parameters that control the authentication cache, see Server Configuration Parameters. For more information on setting up user accounts, see Defining a User Account. You can also use externally defined user accounts. For more information on how to use external directories and how basic authentication works when using external user accounts, see Configuring a Central User Directory or LDAP.

Copyright © 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release