You can use the HTTP Header filter in cases where
the Enterprise Gateway receives end-user authentication credentials in an HTTP
header. A typical scenario would see the end-user (or message originator)
authenticating to an intermediary. The intermediary authenticates the
end-user, and to propagate the end-user credentials to the destination
Web Service, the intermediary inserts the credentials into an HTTP header
and forwards them onwards.
When the Enterprise Gateway receives the message, it performs the following
tasks:
-
Authenticate the sender of the message (the intermediary)
-
Extract the end-user identity from the
token in the HTTP header for use in subsequent Authorization
filters
Important Note:
In the case outlined above, the Enterprise Gateway does not
attempt to re-authenticate the end-user. It trusts that the intermediary
has already authenticated the end-user, and so the Enterprise Gateway does not
authenticate the user again. However, it is good practice to authenticate
the message sender (the intermediary). Any subsequent Authorization
filters use the end-user credentials that were passed in the HTTP header.
|