PAPI Web Service Security Authentication

You can independently enable or disable any of these authentication mechanisms.

When PAPI Web Service starts running, it activates the authentication providers that correspond to the enabled authentication mechanisms.

Every time a client makes a request to PAPI Web Service, this request goes through an authentication phase before reaching the service endpoint. During this phase the activated authentication providers will be called in the order they appear in the preceding list. When one of these providers successfully authenticates the request, the application grants access to the web service. If all the activated providers reject access, the request is rejected.

• Developing a Custom Sign On Implementation
  Papi Web Service can use a custom Single Sign On (SSO) implementation to authenticate the client. The following procedures show you how to develop a custom SSO implementation for PAPI Web Service.
• Configuring Custom Single Sign-On Authentication
  The following procedure shows you how to configure your web application to use a Custom Single Sign-On implementation.
• Configuring Username Token Profile
  PAPI Web Service can use Web Services Security Username Token Profile to authenticate the client. The following procedures show you how to configure Username Token Profile for PAPI Web Service.
• Configuring HTTP Basic Authentication
  PAPI Web Service can use HTTP Basic authentication to authenticate the client. The following procedures show you how to configure HTTP Basic authentication for PAPI Web Service.
• Configuring PRESET Authentication
  A PRESET is a set of properties that you can define in a directory.xml file for different purposes. This mechanism of authentication is only available for Enterprise installations. The following procedures shows you how to configure PRESET authentication for PAPI Web Service.