IBM BPM, V8.0.1, All platforms > Securing IBM BPM and applications > Get started with security > Understanding elements of application security

Authentication of users

Clients must be authenticated by providing a user name and password from the user registry when administrative security is enabled. If a client tries to access a secured application without being authenticated, an exception is generated.

Table 1 lists typical clients that would invoke IBM BPM components, and the authentication options available for each type of client.

Authentication options for various clients
Client Authentication options If s
Web services clients You can use WS-Security/SOAP authentication  
Web or HTTP clients HTTP Basic authentication (the browser prompts the client for a user name and password) These clients reference JSPs, Servlets, and HTML documents
Java™ clients JAAS  
All clients SSL client authentication  

Some of the components of the IBM BPM infrastructure have authentication aliases used to authenticate the runtime code for access to databases and the messaging engine. The IBM BPM installer collects the user name and passwords to create these aliases.

Some runtime components have message-driven beans (MDBs) that are configured with a runAs role. The IBM BPM installer collects the user name and password for the runAs role.

Several components of IBM BPM use predefined aliases for authenticating with messaging engines and databases. During profile creation, these authentication aliases are given a default value of the main administrator user identity and password. You should configure these aliases to correspond to other users in your user account repository.The user names and passwords in the applicable response file are associated with these aliases.

Understanding elements of application security


Related information:

Web Services Security support