Product/components used and version/fix level:
Detailed explanation of the problem:
Users may define multiple claims under the Home > Applications > “webMethods Test Application” > Identifiers, such as below:
How does the API Gateway manage claim matching?
Does the request need to match ALL the claims from every claim set, using the AND operator? Or are the claim sets independent, and the request only needs to match claims from ONE of the claim sets, using the OR operator?
For instance, can a user create a claim for each department (developer, test, admin, etc.)?
Multiple claims can be configured, and each claim can consist of multiple claim sets. For instance, let’s consider Claims 1, which includes 2 claim sets (Dept: Developer, usrname: sjones), and Claims 2, which comprises another 2 claim sets (Dept: QA, usrname: lchang). In order for the incoming token to be considered a match, it should match either of the defined claims (as shown in the screenshot): { Dept: Developer && usrname: sjones } || { Dept: QA && usrname: lchang }.
Within a specific claim, the operator used is AND (&&). This means that all claim sets within the claim must match in order for it to be considered a match.
On the other hand, between multiple claims, the operator used is OR (||). This implies that at least one of the defined claims must match for the overall matching process.