Tuesday, October 2, 2007

How To - 10.1.3 OWSM: Extracting user credentials in gateway

OWSM Gateway supports multiple protocols including HTTP, JMS, MQ, Form and custom for both inbound and outbound messages.
Client user credentials can be sent as part of transport headers or SOAP message.
Following describes a short list of how credentials can be extracted. For complete list, refer to OWSM documentation.

  • HTTP transport - Username/password can be passed in the Authorization header (this mechanism is also commonly known as HTTP Basic). "Extract Credentials" step in policy pipeline can be used to read this value.
  • JMS transport - Username can be passed in JMS request message property JMS_TIBCO_USER by the client. This value can be accessed inside an OWSM custom policy step using the following API

    String userName = ctx.getHeader("JMS_TIBCO_USER");

    Additionally, any of the JMS message properties passed with the request message can be retrieved in the custom step by using the API

    String value = ctx.getHeader(propertyName);

  • SOAP message - Username/password can be passed as a standard WS-Security Username token or passed in a non-standard fashion as elements of the message (header or body). "Extract Credentials" step in policy pipeline can be used to read the username/password. For other types of credentials such as SAML, OAM token, X.509 "Extract credentials step is not required, and corresponding steps that processes such tokens can be used.