Client Authentication Intents

Designers can specify a client authentication intent to require that services must authenticate the consumer's identity before processing a request.

In actual practice, authentication and authorization requirements often apply in tandem. Policies that satisfy client authentication intents often provide authorization information as a side effect.

Client authentication intents usually apply at services. If you apply them to composites, services of the composite inherit them, as appropriate.

Category
Security
Qualifier Description
none Services must authenticate the consumer's identity.
Basic Promoted services must authenticate the consumer's identity using HTTP basic authentication.
Username Token

(default qualifier)

Promoted services must authenticate the consumer's identity using a username token in the SOAP WS Security header.
Single Sign-On SAML Token Component services and promoted references must authenticate the consumer's identity using a single sign-on SAML token.

Authentication policies generate the SAML token; Single Sign-On SAML Credential Mapping policies propagate the token at promoted references.

Single Sign-On SAML Token is the only qualifier that can be specified for a Virtualization binding.

WS Security SAML Token Profile Promoted services with SOAP bindings must authenticate the consumer's identity using a SAML 1.1 or SAML 2.0 assertion in the SOAP WS Security header.
X509 Promoted services with SOAP bindings must authenticate the consumer's identity using the consumer's X509 signature.