Authenticating Access to an Exposed Service
At runtime, security policies are automatically enforced on the endpoint of an exposed service to ensure that access is restricted to authenticated users. Every call to the service must be made using the identity of a user who is registered in the BPM organization model. A call that does not meet this requirement will be rejected.
The following table summarizes the authentication requirements, according to the type of client that is attempting to access the service.
| Service is called by... | Authentication Requirements | 
|---|---|
| External client application | Every API call to the service must be authenticated. The following authentication methods are available: 
 | 
| Another BPM application in the BPM runtime | None. The login credentials used to access the calling process are propagated automatically to the endpoint of the exposed service. | 
| SOA application (for example, Mediation) | An appropriate security policy set and intent must be added to the calling SOA application, to ensure that the correct security context can be propagated to the endpoint of the exposed service. See Calling the Service from a SOA Application. | 
Copyright © Cloud Software Group, Inc. All rights reserved.
