validate-usernametoken

Use the Validate Username Token policy to validate a Web Services Security (WS-Security) UsernameToken in a SOAP payload before allowing access to the protected resource.

Gateway support

Table 1. Table showing which gateways support this policy, and the corresponding policy version
Gateway Policy version
DataPower® Gateway (v5 compatible) 1.0.0

1.1.0

This topic describes how to configure the policy in your OpenAPI source; for details on how to configure the policy in the assembly user interface, see Validate Username Token.

About

The validate-usernametoken policy has the following format:
- validate-usernametoken:
    version: version
    title: title
    description: description
    auth-type: Authentication URL_or_LDAP Registry (policy version 1.0.0 only)
    auth-url: authentication_url_to_use (policy version 1.0.0 only)
    tls-profile: tls_profile_to_use (policy version 1.0.0 only)
    ldap-registry: name_of_the_ldap_user_registry (policy version 1.0.0 only)
    registry: name_of_the_ldap_or_authurl_user_registry (policy version 1.1.0 and later)
    ldap-search-attribute: name_of_the_ldap_user_password_attribute

Properties

The following table describes the policy properties:

Table 2. Validate Username Token policy properties
Property Required Description Data type
version Yes The policy version number string
title Yes The title of the policy. string
description No A description of the policy. string
auth-type (policy version 1.0.0 only) Yes The authentication type to use to validate the UsernameToken.
Valid values:
  • Authentication URL: Specify this value to validate the user credentials against an authentication URL.
  • LDAP registry: Specify this value to validate the user credentials against an LDAP user registry.
The default value is: Authentication URL.
string
auth-url (policy version 1.0.0 only) Yes The authentication URL to use to validate the UsernameToken user credentials against.
Note: This property is required only if Authentication type is set to Authentication URL.
string
tls-profile (policy version 1.0.0 only) No The TLS profile to use for the secure transmission of data to the authentication URL.
Note: This property is available only if Authentication type is set to Authentication URL.
string
ldap-registry (policy version 1.0.0 only) Yes The name of the LDAP user registry to validate the UsernameToken user credentials against.
Note: This property is required only if Authentication type is set to LDAP registry.
string
registry (policy version 1.1.0 and later) Yes The name of the LDAP or Authentication URL registry to use to validate the UsernameToken. string
ldap-search-attribute Yes The name of the LDAP user password attribute.
Note: This property is required only for an LDAP user registry.
string

Examples

The following example shows an LDAP user registry authentication:
- validate-usernametoken:
    version: 1.0.0
    title: "validate-usernametoken"
    auth-type: "LDAP Registry"
    ldap-registry: "wstest"
    ldap-search-attribute: "userPassword"
The following example shows an Authentication URL definition:
- validate-usernametoken:
    version: 1.0.0
    title: "validate-usernametoken"
    auth-type: "Authentication URL"
    auth-url: "https://www.google.com"
    tls-profile: "default-ssl-profile"

For more information about how to use a validate-usernametoken security policy, see Validate Username Token in the built-in policies section.