This tutorial explains configuration and usage of consumer identification actions in CentraSite and webMethods Mediator. These actions are also would perform by the Mediator on behalf of native service/server to reduce the performance overhead during the round trip.
wM Medaitor and CentraSite supports the following consumer identification policy assertions
- Evaluate API key
- Evaluate Basic Auth
- Evaluate Oauth Key
- Evaluate Wssec Username
- Evaluate X509 certificate
- Evaluate IP Address
- Evaluate Hostname
- Evaluate XPATH
- Evaluate Client certificate for SSL connectivity
2. Understanding of Relevant Enforcement Options Involved
- Evaluate - Evaluate step becomes most useful when the Native Service require authenticate tokens (IP-Address, BasicAuth, XPATH, Oauth).
Therefore Mediator would verify whether the incoming request header contains such token to reduce the performance overhead
between Client --> Mediator --> Native Service --> Mediator --> Client.
- Scope of Identify -
- Global Consumers - This step will try to identify the consumers list
- Registered Consumers - This step will try to identify the consumer in the register consumers list.
- Do not identify - This step will not identify the consumers.
Note: Do not identify – Does not identify the consumer, nevertheless it will evaluate the value presents in the header and the request will be sent to the native service.
This policy will fail if the expected value(s) is not present in the request header.
- Validate - This step will try to authenticate the consumers in the authenticate server (IS or oauth Server).
3. Evaluate Actions in runtime policy:
Policy Assertion Name
|1||Evaluate API key||By default this API Key action will try to identify the consumer in the global list|
|2||Evaluate IP Address||To evaluate the incoming request to identify and validate that the client request originated from a specific IP address or range. Learn more ...|
|3||Evaluate Hostname||The evaluate Hostname action will try to identify the consumer in the global list. Learn more ...|
|4||Evaluate XPATH||To ensure the incoming request header contains the XPATH expression and it matches the expression defined at action level. Learn more ...|
|5||Evaluate HTTP Basic Token||To ensure the incoming request header contains the HTTP basic authentication header (eg. Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==). Learn more ...|
|6||Evaluate WSS Username Token||The WSS User Name Token action will try to identify the consumer in the global list. Learn more...|
|7||Evaluate WSS X.509 Token||The WSS User Name Token action will try to identify the consumer in the global list using x.509 token. Learn more...|
|8||Evaluate OAuth Key||To ensure the incoming request header contains the oAuth authorization request header (eg. Authorization: Bearer mF_9.B5f-4.1JqM). Learn more..|
|9||Evaluate Client certificate||To ensure the incoming request header contains the client cerificate over the HTTPS transport. Learn more..|
4. Configurations & prerequisites:
Following steps should be done in CentraSite
- Create a Target in CentraSite Control with the deployment endpoint URI of a Mediator
- Invoke "Check the connection" in Target details page to ensure the CentraSite and Mediator communication.
- Complete the configuration of Certificates in Mediator/Integration Server and webMethods Mediator. Refer configuration steps here for "Overview of WS-Security policies in Mediator"
Apart from the above configurations steps there are few more steps needs to be done based on the assertion involved which we can see during the specific assertions topics.
List of tutorials
- Usage of Evaluate WSS Username Token Action
- Usage of Evaluate Hostname Action with wM Mediator
- Usage of Evaluate IPAddress Action with wM Mediator
- Usage of Evaluate XPATH Action
- Evaluate HTTP Basic Authentication Action
- Evaluate X509 Certificate Action
- Usage of "OAuth2" policy action in CentraSite and Mediator