Authentication of users

Edit online

Clients must be authenticated as a user from the user registry when administrative security is enabled. If a client tries to access a secured application without being authenticated, an exception is generated.

Table 1 lists typical clients that would invoke IBM Business Automation Workflow components, and the authentication options available for each type of client.

Table 1. Authentication options for various clients
Client	Authentication options	Notes
Web services clients	You can use WS-Security for authentication
Web or HTTP clients	HTTP Basic authentication - When the browser prompts the client for a user ID and password. Form-based authentication - When you are presented with an application-specific HTML form to enter your user ID and password.	These clients reference JSPs, Servlets, and HTML documents. When single sign-on is used, a client is asked to provide the user name and password information only once. The provided identity then propagates throughout the system. Single sign-on from Windows to IBM Business Automation Workflow (for example, to Process Portal) can be achieved using Simple and Protected GSS-API Negotiation Mechanism (SPNEGO). For more information about single sign-on, refer to Creating a single sign-on for HTTP requests using SPNEGO Web authentication. For more information about integrating with third-party authentication products, see Configuring third-party authentication products.
Java™ clients	JAAS
All clients	SSL client authentication