webMethods and Intelligent Business Operations 10.2 | API Gateway User's Guide | Policies | System-defined Stages and Policies | Identify and Access
 
Identify and Access
 
Inbound Authentication - Transport
Inbound Authentication - Message
Authorize User
Identify and Authorize Application
The policies in this stage provide different ways of identifying and authorizing the application, and provide the required access rights for the application. The policies included in this stage are:
*Inbound Authentication - Transport
*Inbound Authentication - Message
*Authorize User
*Identify and Authorize Application
The Inbound authentication policies at transport and message level are used to authenticate the application by specifying user-based SPN or host-based SPN for a Kerberos token, using the basic credentials for the HTTP basic authentication or through various token assertions or through the XML security actions.
The Authorize User policy authorizes the application against a list of users and a list of groups registered in API Gateway.
The Identify and Authorize policy is used to identify the application and authorize it against all application registered in API Gateway.

Copyright © 2015- 2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release