Usage Cases for Identifying/Authenticating Consumers
When deciding which type of identifier to use to identify a consumer application, consider the following points:
![*](bullet.gif)
Whatever identifier you choose to identify a consumer application, it must be unique to the application. Identifiers that represent user names are often not suitable because the identified users might submit requests for multiple applications.
![*](bullet.gif)
Identifying applications by IP address or host name is often a suitable choice, however, it does create a dependency on the network infrastructure. If a consumer application moves to a new machine, or its IP address changes, you must update the identifiers in the application asset.
![*](bullet.gif)
Using X.509 certificates or a custom token that is extracted from the SOAP message itself (using an XPATH expression), is often the most trouble-free way to identify a consumer application.
Following are some common combinations of actions used to authenticate/identify consumers:
Scenario 1: Identify consumers by IP address or host name![*](bullet.gif)
The simplest way to identify consumers is to use the Identify Consumer action and set its
Identify User Using parameter to specify either a host name or an IP address (or a range of IP addresses).
Scenario 2: Authenticate consumers by HTTP authentication tokenUse the following actions:
![*](bullet.gif)
Identify Consumer action and set its
Identify User Using parameter to HTTP Authentication Token (to identify consumers using the token derived from the HTTP header).
![*](bullet.gif)
Require HTTP Basic Authentication.
![*](bullet.gif)
Additionally, you can use one or both of the following:
![*](bullet.gif)
Authorize User action (to authorize a list of users and/or groups registered in the
Integration Server on which
Mediator is running).
![*](bullet.gif)
Authorize Against Registered Consumers action (to authorize consumer applications against all Application assets registered as consumers for a service in
CentraSite).
Scenario 3: Authenticate consumers by WS-Security authentication tokenUse the following actions:
![*](bullet.gif)
Identify Consumer action, and set its
Identify User Using parameter to WS-Security Authentication Token (to identify consumers using the token derived from the WSS Header).
![*](bullet.gif)
Require WSS Username Token action.
![*](bullet.gif)
Additionally, you can use one or both of the following:
![*](bullet.gif)
Authorize User action (to authorize a list of users and/or groups registered in the
Integration Server on which
Mediator is running).
![*](bullet.gif)
Authorize Against Registered Consumers action (to authorize consumer applications against all Application assets registered as consumers for a service in
CentraSite).
Scenario 4: Authenticate consumers by WSS X.509 token![*](bullet.gif)
Identify Consumer action, and set its
Identify User Using parameter to Consumer Certificate (to identify consumers using the WSS X.509 token).
![*](bullet.gif)
Require WSS X.509 Token action
![*](bullet.gif)
Require SSL action.