Client Authentication Intents
Designers can specify a client authentication intent to require that services must authenticate the consumer's identity before processing a request.
In actual practice, authentication and authorization requirements often apply in tandem. Policies that satisfy client authentication intents often provide authorization information as a side effect.
Client authentication intents usually apply at services. If you apply them to composites, services of the composite inherit them, as appropriate.
Qualifier | Description |
---|---|
none | Services must authenticate the consumer's identity. |
Basic | Promoted services must authenticate the consumer's identity using HTTP basic authentication. |
Username Token
(default qualifier) |
Promoted services must authenticate the consumer's identity using a username token in the SOAP WS Security header. |
Single Sign-On SAML Token | Component services and promoted references
must authenticate the consumer's identity using a single sign-on SAML token.
Authentication policies generate the SAML token; Single Sign-On SAML Credential Mapping policies propagate the token at promoted references. Single Sign-On SAML Token is the only qualifier that can be specified for a Virtualization binding. |
WS Security SAML Token Profile | Promoted services with SOAP bindings must authenticate the consumer's identity using a SAML 1.1 or SAML 2.0 assertion in the SOAP WS Security header. |
X509 | Promoted services with SOAP bindings must authenticate the consumer's identity using the consumer's X509 signature. |