webMethods Microgateway Help 10.3 | webMethods Microgateway Help | Policies | Identify and Access | Identify and Authorize Application
 
Identify and Authorize Application
 
User Identification to Support Identity and Access Management Policy
Application Synchronization to support Identity and Access Management Policy
This policy authorizes and allows access to the applications that are trying to access the APIs, for example, through IP address or hostname, and validate the clients credentials.
The table lists the properties that you can specify for this policy:
Parameter
Description
Condition
Specifies the condition operator for the identification and authentication types.
You can specify any of the following condition operators:
*AND. Applies all the identification and authentication types.
*OR. Applies one of the selected identification and authentication types.
Note: Even though this policy provides the option of choosing an AND or OR operation between the different identification and authentication types, the operation across the different policies in the IAM stage is always AND. For example, configuring the Identify and Authorize Application policy with API Key and the Inbound Authentication - Transport policy with HTTP Basic Authentication using an OR operation is not supported.
Allow anonymous
Specifies whether to allow all users to access the API without restriction.
When you add a security policy and configure Allow anonymous, all requests are allowed to pass through to the native API, but the successfully identified requests are grouped under the respective identified application, and all unidentified requests are grouped under a common application named unknown. While you allow all requests to pass through you can perform all application-specific actions, such as, viewing the runtime events for a particular application, monitor the service level agreement for a few applications and send an alert email based on some criteria like request count or availability, and throttle the requests from a particular application and not allow the request from that application if the number of requests reach the configured hard limit within configured period of time.
Identification Type. Specifies the identification type. You can select any of the following identification types.
API Key
Specifies using the API key to identify and validate the client's API key to verify the client's identity in the registered list of applications for the specified API.
HTTP Basic Authentication
Specifies using Authorization Header in the request to identify and authorize the client application against the list of applications with the identifier username in Microgateway.
Provide one of the following Application Lookup condition:
*Registered applications. Tries to verify the client's credentials against the list of registered applications for the specified API.
*Global applications. Tries to verify the client's credentials against a list of all global applications available in Microgateway.
*Do not identify. Checks for the existence of the criterion but does not validate if the specified value is a valid application and forwards the request to the native API. For example, HTTP Basic Authentication is checked by the HTTP transport level property Authorization: Basic Base64encodesusernamepassword
Copyright © 2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.