CentraSite Documentation : Runtime Governance with CentraSite : Run-Time Governance Reference : Built-In Run-Time Actions Reference for APIs : Run-Time Actions Reference : OAuth2 Authentication
OAuth2 Authentication
This action uses the OAuth 2.0 authentication to validate incoming requests from clients. Mediator authorizes the OAuth 2.0 credentials (access token) against a list of all global consumers available in the Mediator.
This action uses the NTLM authentication to validate incoming requests from clients. Mediator authorizes the credentials against a list of all global consumers available in the Mediator.
If the access token value in the Authorization header cannot be authenticated as a valid Integration Server user (or if the Authorization header is not present in the request), a 500 SOAP fault is returned, and the client is presented with a security challenge. If the client successfully responds to the challenge, the user is authenticated. If the client does not successfully respond to the challenge, a "WWW-Authenticate: OAuth" response is returned and the invocation is not routed to the policy engine. As a result, no events are recorded for that invocation, and its key performance indicator (KPI) data are not included in the performance metrics.
If none of the authentication actions (HTTP Basic Authentication, NTLM Authentication or OAuth2 Authentication) is configured for a proxy API, Mediator forwards the request to the native API, without attempting to authenticate the request.
Input Parameters
Authenticate Using
String. Specifies the OAuth2 access token for authenticating client requests to the native API.
Value
Description
Existing Token
Default. Mediator uses the OAuth2 access token specified in the HTTP "Authorization" header to validate client requests for a native API.
Custom Token
Mediator uses the access token you specify in the OAuth2 Token, field to validate client requests for a native API.
Field
Description
OAuth2 Token
String. Mandatory. Specifies an OAuth2 access token to be deployed by Mediator. The consumer need not pass the OAuth2 token during service invocation.
Copyright © 2005-2015 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback