Direct Authentication

Direct authentication requires the calling application to provide valid TIBCO ActiveMatrix BPM login credentials when calling a TIBCO ActiveMatrix BPM service. This is the default authentication method used by TIBCO ActiveMatrix BPM.

The type of direct authentication to use depends on the type of interface you are using:

  • Web Service API or Java Service Connector

    An API call to the web service API (SOAP) or Java Service Connector must include a UsernameToken in the SOAP header, which specifies the username and password of the user on whose behalf the call is being made. This uses Web Services Security UsernameToken Profile 1.0.

    A TIBCO ActiveMatrix BPM LDAP authentication provider resource instance (for example, amx.bpm.auth.easyAs) is also required, which validates:
    • the supplied username against the BPM organization model.
    • the supplied password against the LDAP entity represented by that BPM user.
    Note: Use of HTTPS is not mandatory when using direct authentication with a UsernameToken. However, if HTTPS is not used, every service invocation will include an unencrypted user name and password within the SOAP header. It is therefore essential for a secure system to use HTTPS.
  • REST API

    A call to the REST API must supply a valid username and password in an HTTP Basic Authentication header. See Authenticating the Calling User - REST API.