Direct Authentication

Direct authentication requires the calling application to provide valid TIBCO ActiveMatrix BPM login credentials when calling a TIBCO ActiveMatrix BPM service. This is the default authentication method used by TIBCO ActiveMatrix BPM.

The type of direct authentication to use depends on the type of interface you are using:

Web Service API or Java Service Connector
An API call to the web service API (SOAP) or Java Service Connector must include a UsernameToken in the SOAP header, which specifies the username and password of the user on whose behalf the call is being made. This uses Web Services Security UsernameToken Profile 1.0.
A TIBCO ActiveMatrix BPM LDAP authentication provider resource instance (for example, amx.bpm.auth.easyAs) is also required, which validates:
- the supplied username against the BPM organization model.
- the supplied password against the LDAP entity represented by that BPM user.
Note: Use of HTTPS is not mandatory when using direct authentication with a UsernameToken. However, if HTTPS is not used, every service invocation will include an unencrypted user name and password within the SOAP header. It is therefore essential for a secure system to use HTTPS.

The sample client applications provided with ActiveMatrix BPM implement direct authentication using a UsernameToken.
REST API
A call to the REST API must supply a valid username and password in an HTTP Basic Authentication header.

If you are accessing BPM services using:

the BPM public web service API (SOAP), see Authenticating the Calling User - Web Service API.
the Java Service Connector, see Authenticating the Calling User - Java Service Connector.
the REST API, see Authenticating the Calling User - REST API.

Contents

Index

Search Results

Direct Authentication