Designer 10.11 | Cloudstreams Development Help | CloudStreams Governance Project | Policies | Action: Require HTTP Basic Authentication
 
Action: Require HTTP Basic Authentication
This action uses HTTP Basic authentication to verify the consumer's authentication credentials contained in the request's Authorization header. CloudStreams authorizes the credentials against the list of users registered in the Integration Server on which CloudStreams is running. This type of consumer authentication is referred to as preemptive authentication. If you want to perform preemptive authentication, a policy that includes this action must also include the Identify Consumer action. This action supports WS-SecurityPolicy 1.2.
If the user/password value in the Authorization header cannot be authenticated as a valid Integration Server user (or if the Authorization header is not present in the request), a 500 SOAP fault is returned, and the client is presented with a security challenge. If the client successfully responds to the challenge, the user is authenticated. This type of consumer authentication is referred to as non-preemptive authentication. If the client does not successfully respond to the challenge, a 401 WWW-Authenticate: Basic response is returned and the invocation is not routed to the policy engine. As a result, no events are recorded for that invocation, and its key performance indicator (KPI) data are not included in the performance metrics
If you choose to omit the Require HTTP Basic Authentication action (regardless of whether an Authorization header is present in the request or not), then:
*CloudStreams forwards the request to the native service, without attempting to authenticate the request.
*The native service returns a 401 WWW-Authenticate: Basic response, which CloudStreams will forward to the client; the client is presented with a security challenge. If the client successfully responds to the challenge, the user is authenticated.
In the case where a consumer is sending a request with both transport credentials (HTTP basic authentication) and message credentials (WSS username or X.509 token), the message credentials take precedence over the transport credentials when Integration Server is determining which credentials it should use for the session. For more information, see Action: Require WSS Username, and Action: Require X.509 Token. In addition, you must ensure that the service consumer that connects to the virtual service has an Integration Server user account.
To set the Require HTTP Basic Authentication action parameter
1. In the CloudStreams Governance view, click the policy name.
2. In the policy editor on the right side of the page, double-click Require HTTP Basic Authentication in the Applied Actions list, and set the following action parameter.
Authenticate Credentials
Authorizes consumers against the list of users registered in the Integration Server on which CloudStreams is running. If you select this option, you must also include the Identify Consumer action in the policy.
Related Topics
Create a New Policy Wizard
General Properties View (Policy)
Action: Identify Consumer
Action: Require WSS Username
Action: Require X.509 Token