CentraSite Documentation : Runtime Governance with CentraSite : Run-Time Governance Reference : Built-In Run-Time Actions Reference for APIs : Run-Time Actions Reference : Evaluate WSS Username Token
Evaluate WSS Username Token
If you have a native API that requires to authenticate a client to the Integration Server using the WS-Security authentication, you can use the Evaluate WSS Username Token action to extract the client's credentials (username token and password) from the WS-Security SOAP message header, and verify the client's identity.
This action extracts the username token and password supplied in the message header of the request and locates the client defined by that username token and password. For example, when you have configured this action for an API, the PEP extracts the username token and password from the SOAP header at run time and searches its list of consumers for the client that is defined by the credentials.
To use this action, the following prerequisites must be met:
*In Integration Server, create a keystore and truststore. For detailed information about securing communications with the server, see the webMethods Integration Server Administrator’s Guide.
*In Integration Server, create an HTTPS port. For detailed information about configuring ports, see the webMethods Integration Server Administrator’s Guide.
*Configure Mediator by setting the HTTPS Ports Configuration parameter. For detailed information about configuring Mediator, see Administering webMethods Mediator.
Mediator rejects requests that do not include the username token and password of an Integration Server user. Mediator only supports clear text passwords with this kind of authentication.
In the case where a client sends a request with transport credentials (HTTP Basic Authentication) and message credentials (WSS Username Token or WSS X.509 Certificate), the message credentials take precedence over the transport credentials when Integration Server determines which credentials it should use for the session. For more information, see Evaluate HTTP Basic Authentication and Evaluate WSS X.509 Certificate.
If Mediator cannot identify the client, Mediator fails the request and generates a Policy Violation event.
Input Parameters
Identify Consumer
String. The list of consumers against which the username token and password should be validated for identifying requests from a particular client.
Value
Description
Registered Consumers
Mediator will try to verify the client's WSS username token against the list of consumer applications who are registered as consumers for the specified API.
Global Consumers
Default. Mediator will try to verify the client's WSS username token against a list of all global consumers available in the Mediator.
Do Not Identify
Mediator forwards the request to the native API, without attempting to verify the client's username token in incoming request.
Copyright © 2005-2016 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback