validate-usernametoken
Use the Validate Username Token policy to validate a Web Services Security (WS-Security) UsernameToken in a SOAP payload before allowing access to the protected resource.
Gateway support
Gateway | Policy version |
---|---|
DataPower® Gateway (v5 compatible) | 1.0.0 1.1.0 |
This topic describes how to configure the policy in your OpenAPI source; for details on how to configure the policy in the assembly user interface, see Validate Username Token.
About
The validate-usernametoken policy has
the following
format:
- validate-usernametoken:
version: version
title: title
description: description
auth-type: Authentication URL_or_LDAP Registry (policy version 1.0.0 only)
auth-url: authentication_url_to_use (policy version 1.0.0 only)
tls-profile: tls_profile_to_use (policy version 1.0.0 only)
ldap-registry: name_of_the_ldap_user_registry (policy version 1.0.0 only)
registry: name_of_the_ldap_or_authurl_user_registry (policy version 1.1.0 and later)
ldap-search-attribute: name_of_the_ldap_user_password_attribute
Properties
The following table describes the policy properties:
Property | Required | Description | Data type |
---|---|---|---|
version | Yes | The policy version number | string |
title | Yes | The title of the policy. | string |
description | No | A description of the policy. | string |
auth-type (policy version 1.0.0 only) | Yes | The authentication type to use to validate the UsernameToken. Valid values:
Authentication URL . |
string |
auth-url (policy version 1.0.0 only) | Yes | The authentication URL to use to validate the UsernameToken user credentials against. Note: This property is required only if Authentication type is set to
Authentication URL . |
string |
tls-profile (policy version 1.0.0 only) | No | The TLS profile to use for the secure transmission of data to the authentication URL. Note: This property is available only if Authentication type is set to
Authentication URL . |
string |
ldap-registry (policy version 1.0.0 only) | Yes | The name of the LDAP user registry to validate the UsernameToken user credentials
against. Note: This property is required only if Authentication
type is set to
LDAP registry . |
string |
registry (policy version 1.1.0 and later) | Yes | The name of the LDAP or Authentication URL registry to use to validate the UsernameToken. | string |
ldap-search-attribute | Yes | The name of the LDAP user password attribute. Note: This property is required only for an LDAP
user registry.
|
string |
Examples
The following example shows an LDAP user registry authentication:
- validate-usernametoken:
version: 1.0.0
title: "validate-usernametoken"
auth-type: "LDAP Registry"
ldap-registry: "wstest"
ldap-search-attribute: "userPassword"
The following example shows an Authentication URL definition:
- validate-usernametoken:
version: 1.0.0
title: "validate-usernametoken"
auth-type: "Authentication URL"
auth-url: "https://www.google.com"
tls-profile: "default-ssl-profile"
For more information about how to use a validate-usernametoken security policy, see Validate Username Token in the built-in policies section.