Parameter | Description |
Authentication scheme | Select one of the following schemes for outbound authentication at the message level: WSS username. Uses WSS credentials authenticate the client. SAML. Uses SAML issuer configuration details for authentication. Kerberos. Uses Kerberos credentials for authentication. None. Authenticates the client without any authentication schemes. Alias. Uses the configured alias name for authentication. Remove WSS headers. Uses the WSS headers for authentication. |
Authenticate using | Select one of the following modes to authenticate the client: Custom credentials. Uses the values specified in the policy to obtain the required token to access the native service. Incoming HTTP Basic Auth credentials. Uses the incoming user credentials to retrieve the authentication token to access the native API Delegate incoming credentials. Uses the values specified in the policy by the API providers to select whether to delegate the incoming token or act as a normal client. |
WSS username | Uses the WSS credentials to authenticate the client. Provide the following credentials: User Name. Specifies the user name. Password. Specifies the password of the user. |
Kerberos | Uses the Kerberos credentials to authenticate the client. Provide the following information: Client principal. Provide a valid client LDAP user name. Client password. Provide a valid password of the client LDAP user. Service principal. Provide a valid SPN. The specified value is used by the client to obtain a service ticket from the KDC server. Service Principal Name Form. The SPN type to use while authenticating an incoming client principal name. Select any of the following: User name. Specifies the username form. Hostbased. Specifies the host form. |
SAML | Provide the SAML issuer that is configured. |
Signing and Encryption Configurations | Uses the signing and encryption configuration details to authenticate the client. Provide the following information: Keystore Alias. Specifies a user-specified text identifier for an API Gateway keystore. The alias points to a repository of private keys and their associated certificates. Key Alias. Specifies the alias for the private key, which must be stored in the keystore specified by the keystore alias. Truststore alias. Specifies the alias for the truststore. The truststore contains the trusted root certificate for the CA that signed the API Gateway certificate associated with the key alias. Certificate alias. Provide a text identifier for the certificate associated with the truststore alias. API Gateway populates the certificate alias list with the certificate aliases from the selected truststore alias. |
Alias | Uses the Kerberos credentials to authenticate the client. Provide the name of the configured alias. |