Field | Description |
Name | Name of the alias. |
Type | Select SOAP message secure alias. |
Description | Description of the alias. |
Field | Description |
Authentication scheme | Specify the type of authentication scheme you want to use to authenticate the client. Available values are: None. Does not use any authentication types to authenticate the client. WSS Username. Generates a WSS username token and sends it in the soap header to the native API. Kerberos. Fetches a Kerberos token and sends it to the native API. SAML. Fetches a SAML token and sends it to the native API. |
For Authentication scheme None. Does not require any properties. | |
For Authentication type WSS Username, authenticate using any of the following: | |
Custom credentials | Specifies the values provided in the policy to be used to obtain the WSS username token to access the native API. Provide the following information: Username. Specifies a username used to generate the WSS username token. Password. Specifies the password used to generate the WSS username token. |
For Authentication type Kerberos, authenticate using any of the following: | |
Custom Credentials | Uses the Basic authentication credentials coming in the transport header of the incoming request for client principal and client password. Provide the following information: Client principal. A valid client LDAP user name. Client password. A valid password of the client LDAP user. Service principal. A valid Service Principal Name (SPN). The specified value is used by the client to obtain a service ticket from the KDC server. Service principal nameform. Specifies the format in which you want to specify the principal name of the service that is registered with the principal database. Select one of the following: Username. Represents the principal name as a named user defined in LDAP used for authentication to the KDC. Hostbased. Represents the principal name using the service name and the host name, where host name is the host computer. |
Delegate incoming credentials | Specifies the values provided in the policy to be used by the API providers to select whether to delegate the incoming Kerberos token or act as a normal client. Provide the following information: Client principal. A valid client LDAP user name. Client password. A valid password of the client LDAP user. Service principal. A valid Service Principal Name (SPN). The specified value is used by the client to obtain a service ticket from the KDC server. Service principal nameform. Specifies the format in which you want to specify the principal name of the service that is registered with the principal database. Available values are: Username. Represents the principal name as a named user defined in LDAP used for authentication to the KDC. Hostbased. Represents the principal name using the service name and the host name, where host name is the host computer. |
Incoming HTTP basic auth credentials | Specifies the incoming HTTP basic authentication credentials to access the native API. Provide the following information: Service principal nameform. Specifies the format in which you want to specify the principal name of the service that is registered with the principal database. Select one of the following: Username. Represents the principal name as a named user defined in LDAP used for authentication to the KDC. Hostbased. Represents the principal name using the service name and the host name, where host name is the host computer. |
For Authentication type SAML | |
SAML issuer configuration | Specifies the SAML issuer configuration that is used by the API Gateway to fetch the SAML token which is then added in the SOAP header and sent to the native API. This field is visible and required only if you have configured a SAML issuer in Administration > Security > SAML issuer section. |
Signing configurations | |
Keystore alias | Specify the keystore that needs to be used by API Gateway while sending the request to the native API. A keystore is a repository of private key and its corresponding public certificate. |
Key alias | The key alias is the private key that is used sign the request sent to the native API. |
Encryption configurations | |
Truststore alias | Select the truststore to be used by API Gateway when sending the request to the native API. Truststore is a repository that holds all the trusted public certificates. |
Certificate alias | Select the certificate from the truststore that is used to encrypt the request that is sent to the native API. |
Stage | Specify a stage, if you want the alias to be applicable to a specific stage. |