Example 1 - Single Sign-on Using a Virtualization Binding

In this example, a client application supplies a user’s credentials (username and password) when it calls the Mediation application.

The Mediation application::

  • authenticates these credentials using a policy that is used by the BPM runtime.
  • propagates these credentials to the service exposed by the BPM process across a virtualization binding.

To ensure that the supplied credentials are valid for both the Mediation application and the BPM process, you must force the Mediation application to authenticate using a specific policy that is used by the BPM runtime.

Procedure

  1. Find the WRMPolicySetsResource.policysets file in the location where you installed TIBCO Business Studio (for example, STUDIO_HOME\studio\3.n\samples).
  2. Import the WRMPolicySetsResource.policysets file to the project containing your Mediation application.
  3. On the Mediation application, select the promoted service that external clients will use to access the Mediation application.
  4. On the Policies tab of the Properties view:
    1. Add the WRMPolicySetsResource_authentication.usernameToken policy set to the service.
    2. Add the Username Token Client Authentication intent to the service.

Result

Note: A SOA application can only use a virtualization binding to invoke the service exposed by the BPM process if both applications are running on the same runtime node. (This is because the WRMPolicySetsResource_authentication.usernameToken policy set has a dependency on the BPM product application.)

If the SOA application is on a different node it must use a SOAP binding to invoke the service exposed by the BPM process - see the following examples.