CentraSite Documentation : Runtime Governance with CentraSite : Run-Time Governance Reference : Built-In Run-Time Actions Reference for APIs : Usage Cases for Identifying/Authenticating Clients
Usage Cases for Identifying/Authenticating Clients
When deciding which type of identifier to use to identify a client, consider the following points:
*Whatever identifier you choose to identify a client, it must be unique to the application. Identifiers that represent user names are often not suitable because the identified users might submit requests for multiple APIs.
*Identifying applications by IP address or host name is often a suitable choice, however, it does create a dependency on the network infrastructure. If a client moves to a new machine, or its IP address changes, you must update the identifiers in the application asset.
*Using X.509 certificates or a custom token that is extracted from the SOAP message itself (using an XPATH expression), is often the most trouble-free way to identify a client.
Following are some common combinations of actions used to authenticate/identify clients:
*Scenario 1: Identify clients by IP address or host name
*The simplest way to identify clients is to use the Evaluate IP Address action.
*Scenario 2: Authenticate clients by HTTP authentication token
Use the following actions:
*Evaluate HTTP Basic Authentication to identify clients using the token derived from the HTTP Header.
*HTTP Basic Authentication.
*Scenario 3: Authenticate clients by WS-Security authentication token
Use the following action:
*Evaluate WSS Username Token action to identify clients using the token derived from the WSS Header.
*Scenario 4: Authenticate clients by WSS X.509 certificate
*Evaluate WSS X.509 Certificate action to identify clients using the WSS X.509 certificate.
*Require SSL action.
Copyright © 2005-2016 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback