In cases where user credentials are passed to the Enterprise Gateway in a
non-standard way, these credentials can be copied into Oracle
message attributes and then authenticated against a specified
authentication repository, such as the Enterprise Gateway User Store, an
LDAP directory, or a database.
For example, let's assume that username and password credentials are
passed to the Enterprise Gateway in the following XML message:
| | |
|
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<ns:User xmlns:ns="http://www.user.com">
<ns:Username>1</ns:Username>
<ns:Password>2</ns:Password>
</ns:User>
</s:Body>
</s:Envelope>
| |
| | |
|
In this example, the standard methods of passing credentials, such as
HTTP basic/ digest authentication, SAML assertions, WS-Security Username
tokens, have been bypassed and the client has elected to send the
username and password as parameters in a simple SOAP message.
When the Enterprise Gateway receives this message, it can extract the value of
the <Username> and
<Password> elements using an XPath expression
configured in the Retrieve Attributes from Message
filter. This filter uses an XPath expression to retrieve the value
of an element or attribute and can then store this value in a
Oracle message attribute.
In the example above, an instance of this filter could be configured to
retrieve the value of the <Username>
attribute and store it in the
authentication.subject.id message attribute.
Similarly, another filter could be configured to retrieve the value
of the <Password> and then store it in the
authentication.subject.password message attribute.
The Attribute Authentication filter can then use the
username and password values stored in these message attributes to
authenticate the user against the specified authentication repository.
|