Authentication of users
Clients must be authenticated by providing a user name and password from the user registry when administrative security is enabled. If a client tries to access a secured application without being authenticated, an exception is generated.
Table 1 lists typical
clients that would invoke IBM® Business Process Manager components,
and the authentication options available for each type of client.
| Client | Authentication options | Notes |
|---|---|---|
| Web services clients | You can use WS-Security/SOAP authentication | |
| Web or HTTP clients | HTTP Basic authentication (the browser prompts the client for a user name and password) | These clients reference JSPs, Servlets, and HTML documents |
| Java™ clients | JAAS | |
| All clients | SSL client authentication |
Parent topic: Understanding elements of application security
Related information:
