Authentication of users

Clients must be authenticated as a user from the user registry when administrative security is enabled. If a client tries to access a secured application without being authenticated, an exception is generated.

Table 1 lists typical clients that would invoke IBM® Business Process Manager components, and the authentication options available for each type of client.
Table 1. Authentication options for various clients
Client Authentication options Notes
Web services clients You can use WS-Security for authentication  
Web or HTTP clients
  • HTTP Basic authentication - When the browser prompts the client for a user ID and password.
  • Form-based authentication - When you are presented with an application-specific HTML form to enter your user ID and password.
These clients reference JSPs, Servlets, and HTML documents.

When single sign-on is used, a client is asked to provide the user name and password information only once. The provided identity then propagates throughout the system. Single sign-on from Windows to IBM Business Process Manager (for example, to Process Portal) can be achieved using SPNEGO. For more information about single sign-on, refer to Creating a single sign-on for HTTP requests using SPNEGO Web authentication.

For more information about integrating with third-party authentication products, see Configuring third-party authentication products.

Java™ clients JAAS  
All clients SSL client authentication