CentraSite Documentation : Runtime Governance with CentraSite : Run-Time Governance Reference : Built-In Run-Time Actions Reference for APIs : Run-Time Actions Reference : Evaluate HTTP Basic Authentication
Evaluate HTTP Basic Authentication
If you have a native API that requires to authenticate a client to the Integration Server using the HTTP Basic Authentication, you can use the Evaluate HTTP Basic Authentication action to extract the client's credentials (user ID and password) from the Authorization request header, and verify the client's identity.
This action uses HTTP Basic authentication to verify the client's authentication credentials contained in the request's Authorization header. When this action is configured for an API, Mediator validates the credentials against the list of consumers available in the Integration Server on which Mediator is running. If you have chosen the checkbox Authenticate User using the HTTP Basic Authentication, this type of client authentication is referred to as “preemptive authentication”.
If the user/password value in the Authorization header cannot be authenticated as a valid Integration Server user (or if the Authorization header is not present in the request), a 500 SOAP fault is returned, and the client is presented with a security challenge. If the client successfully responds to the challenge, the user is authenticated. This type of client authentication is referred to as “non-preemptive authentication”. If the client does not successfully respond to the challenge, a 401 “WWW-Authenticate: Basic” response is returned and the invocation is not routed to the policy engine.
If you choose to omit the Authenticate User parameter (and regardless of whether an Authorization header is present in the request or not), then Mediator forwards the request to the native API, without attempting to authenticate the request.
In the case where a client sends a request with transport credentials (HTTP Basic Authentication) and message credentials (WSS Username Token or WSS X.509 Token), the message credentials take precedence over the transport credentials when Integration Server determines which credentials it should use for the session. For more information, see Evaluate WSS Username Token and Evaluate WSS X.509 Certificate.
If Mediator cannot identify the client, Mediator fails the request and generates a Policy Violation event.
Input Parameters
Identify Consumer
String. The list of consumers against which authentication credentials (user ID and password) should be validated for identifying requests from a particular client.
Value
Description
Registered Consumers
Mediator will try to verify the client's credentials against the list of consumer applications who are registered as consumers for the specified API.
Global Consumers
Default. Mediator will try to verify the client's credentials against a list of all global consumers available in the Mediator.
Do Not Identify
Mediator forwards the request to the native API, without attempting to verify client's credentials in incoming request.
Authenticate User
Use this checkbox to specify the users who can access the APIs. If you select the checkbox, Mediator allows only the users specified in the Identify Consumer parameter to access the APIs. If you do not select the checkbox, Mediator allows all users to access the API. In this case, do not configure the Identify Consumer parameter.
Note:  
If you have selected the Authenticate User option, the client that connects to the API must have an Integration Server user account.
Copyright © Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback