Authentication
All access to TIBCO ActiveMatrix BPM requires the use of an authenticated user, whether that access is through run-time user interfaces, web service APIs, deployment or other supported access mechanisms.
Users must be registered with TIBCO ActiveMatrix BPM via the Organization Browser - see Organization Model and Resource Management.
TIBCO ActiveMatrix BPM supports the following methods of authenticating users:
- Direct authentication - Direct authentication requires the calling application to provide valid TIBCO ActiveMatrix BPM login credentials when calling a TIBCO ActiveMatrix BPM service. This is the default authentication method used by TIBCO ActiveMatrix BPM.
The type of direct authentication to use depends on the type of interface you are using:
- Web Service API or Java Service Connector
An API call to the web service API (SOAP) or Java Service Connector must include a UsernameToken in the SOAP header, which specifies the username and password of the user on whose behalf the call is being made. This uses Web Services Security UsernameToken Profile 1.0.
A TIBCO ActiveMatrix BPM LDAP authentication provider resource instance (for example, amx.bpm.auth.easyAs) is also required, which validates:The sample client applications provided with ActiveMatrix BPM implement direct authentication using a UsernameToken.
- REST API
A call to the REST API must supply a valid username and password in an HTTP Basic Authentication header.
For additional information, see Direct Authentication.
- Web Service API or Java Service Connector
- Single sign-on (SSO) authentication - With SSO authentication, a user who already has a login session with the client application does not need to provide login credentials again when calling a TIBCO ActiveMatrix BPM service (provided that their credentials are also valid for logging in to TIBCO ActiveMatrix BPM).
Different types of SSO authentication can be used, depending on the API or client you are using:
For additional information, as well as the APIs and clients that support each of these SSO types, see Introduction to Single Sign-On Authentication.
For additional information about dual authentication, see Dual Authentication.