Software AG Products 10.7 | Using API Gateway | Aliases | Creating an HTTP Transport Security Alias
 
Creating an HTTP Transport Security Alias
You must have the API Gateway's manage aliases functional privilege assigned to perform this task.
An HTTP Transport security alias contains transport level security information required while accessing the native API. Transport level security that are supported in API Gateway outbound are as follows:
*HTTP Basic authentication
*OAuth2 authentication
*NTLM authentication
*Kerberos authentication
*JWT authentication
*To create an HTTP transport secure alias
1. Expand the menu options icon , in the title bar, and select Aliases.
2. Click Create alias.
3. In the Basic information section, provide the following information:
Field
Description
Name
Name of the alias.
Type
Select HTTP transport security alias.
Description
Description of the alias.
4. Click Technical information and provide the following information:
Field
Description
Authentication scheme
Specify the type of authentication you want to use while communicating with the native API.
Select one of the following:
*Basic. Uses basic authentication (user name and password).
*Kerberos. Uses Kerberos authentication.
*NTLM. Uses NTLM authentication.
*OAuth2. Uses OAuth2 authentication.
*JWT. Uses JWT authentication.
For the Authentication type Basic, authenticate using the following:
Custom credentials
Specifies the values provided in the policy required to access the native API.
Provide the following information:
*Username. Specify a username to access the native API.
*Password. Specify a password to access the native API.
*Domain. Specify a domain to access the native API.
Incoming HTTP basic auth credentials
No properties required. Considers the incoming HTTP basic authentication credentials.
For Authentication type Kerberos, authenticate using any of the following:
Custom credentials
Specifies the values provided in the policy required to obtain the Kerberos token to access the native API.
Provide the following information:
*Client principal. A valid client LDAP user name.
*Client password. A valid password of the client LDAP user.
*Service principal. A valid Service Principal Name (SPN). The specified value is used by the client to obtain a service ticket from the KDC server.
*Service principal nameform. Specifies the format in which you want to specify the principal name of the service that is registered with the principal database. Select one of the following:
*Username. Represents the principal name as a named user defined in LDAP used for authentication to the KDC.
*Hostbased. Represents the principal name using the service name and the host name, where host name is the host computer.
Delegate incoming credentials
Specifies the values provided in the policy required by the API providers to select whether to delegate the incoming Kerberos token or act as a normal client.
Provide the following information:
*Client principal. A valid client LDAP user name.
*Client password. A valid password of the client LDAP user.
*Service principal. A valid Service Principal Name (SPN). The specified value is used by the client to obtain a service ticket from the KDC server.
*Service principal nameform. Specifies the format in which you want to specify the principal name of the service that is registered with the principal database. Select one of the following:
*Username. Represents the principal name as a named user defined in LDAP used for authentication to the KDC.
*Hostbased. Represents the principal name using the service name and the host name, where host name is the host computer.
Incoming HTTP basic auth credentials
Specifies the incoming HTTP basic authentication credentials in the transport header of the incoming request for client principal and client password.
Provide the following information:
*Service principal. A valid Service Principal Name (SPN). The specified value is used by the client to obtain a service ticket from the KDC server.
*Service principal nameform. Specifies the format in which you want to specify the principal name of the service that is registered with the principal database. Available values are:
*Username. Represents the principal name as a named user defined in LDAP used for authentication to the KDC.
*Hostbased. Represents the principal name using the service name and the host name, where host name is the host computer.
Incoming kerberos credentials
No properties required. Considers the incoming kerberos credentials.
For Authentication type NTLM, authenticate using any of the following:
Custom credentials
Specifies the credentials that are required for the NTLM handshake.
Provide the following information:
*Username. Name of a consumer who is available in the Integration Server on which API Gateway is running.
*Password. A valid password of the consumer.
*Domain. The domain used by the server to authenticate the consumer.
Incoming HTTP basic auth credentials
No properties required. Considers the incoming HTTP basic authentication credentials.
Transparent
No properties required.
For the Authentication type OAuth2, authenticate using any of the following:
Custom credentials
Specifies the OAuth2 token value that would be added as bearer token in the transport header while accessing the native API.
Incoming OAuth token
Considers the incoming OAuth token to access the native API.
For Authentication type JWT, authenticate using any of the following:
Incoming JWT
Considers the incoming JSON web token to access the native API.
5. Specify a stage, if you want the alias to be applicable to a specific stage.
6. Click Save.