In cases where user credentials are passed to the Enterprise Gateway in a
non-standard way, these credentials can be copied into Enterprise Gateway
message attributes, and then authenticated against a specified
authentication repository, such as the Enterprise Gateway User Store, an
LDAP directory, or a database.
For example, assume that username and password credentials are
passed to the Enterprise Gateway in the following XML message:
| | |
|
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<ns:User xmlns:ns="http://www.user.com">
<ns:Username>1</ns:Username>
<ns:Password>2</ns:Password>
</ns:User>
</s:Body>
</s:Envelope>
| |
| | |
|
In this example, the standard methods of passing credentials, such as
HTTP Basic/Digest authentication, SAML assertions, WS-Security Username
tokens, are bypassed, and the client sends the username and password as
parameters in a simple SOAP message.
When the Enterprise Gateway receives this message, it can extract the value of the
<Username> and <Password>
elements using an XPath expression configured in the Retrieve Attributes
from Message filter. This filter uses an XPath expression to retrieve
the value of an element or attribute, and can then store this value in the
specified message attribute.
In this example, you can configure an instance of this filter to retrieve the
value of the <Username> attribute, and store it in
the authentication.subject.id message attribute.
Similarly, you can configure another filter to retrieve the value of the
<Password> , and store it in the
authentication.subject.password message attribute.
The Attribute Authentication filter can then use the
username and password values stored in these message attributes to
authenticate the user against the specified authentication repository.
|