CA API Gateway 9.1

9.4 9.1

Creating an Internal User

You need to define two types of Internal Identity Provider (IIP) users: users who need to connect to the  from the Policy Manager (also known as administrative users), and those who will only appear in messaging traffic, to be used in the  or Authenticate Against Identity Provider Assertion.
gateway91
You need to define two types of Internal Identity Provider (IIP) users: users who need to connect to the
API Gateway
 from the Policy Manager (also known as administrative users), and those who will only appear in messaging traffic, to be used in the Authenticate User or Group Assertion or Authenticate Against Identity Provider Assertion.
To prevent potential unexpected results, do not replicate users from any other identity provider (for example, LDAP) in the Internal Identity Provider. The information for internal users in the Policy Manager must be unique.
To add a new internal user to the Internal Identity Provider (IIP
):  
  1. Do one of the following:
    • Click Create Internal User on the Home Page.
    • Click [
      Tasks
      ] >
      Users and Authentication > Create Internal User
       from the Main Menu.
    • Right-click the IIP name in the [
      Identity Providers
      ] tab and then select
      Create User
      .
    The Create Internal User dialog appears.
  2. Configure the dialog as follows:
    Setting
    Description
    User Name
    Enter the username for the user. The username cannot be changed once defined.
    If this is a new administrative user who will be connecting to the
    API Gateway
     via a client certificate, ensure that the 'CN' value in the certificate matches the username entered here. The Internal Identity Provider requires matching values in order to authenticate the user. This does not apply to users who will only appear in messaging traffic or who will log in via username and password. 
    Password
    Enter a password. The password can be changed later using the My Account dialog.
    Confirm
    Retype the password for confirmation.
    Define Additional Properties
    Select this check box if you want to enter additional information about the user. All additional information is optional.
    Password Rules
    Displays a reminder of the password rules. For more information on how these rules are set, see Manage Password Policy.
    Using Non-English characters: It is possible to add users with non-English single byte characters, or multi-byte characters in the User Name and Password fields. However these users will not authenticate successfully if HTTP Basic is used in a policy. This is a limitation of the HTTP Basic standard, which limits characters to the ISO-8859-1 standard. The workaround is to use WSS Basic instead (see the Require WS-Security UsernameToken Profile Credentials assertion).
  3. Click [
    Create
    ].
  4. If you are not defining additional properties, the dialog closes and the user is added to the Internal Identity Provider.
  5. If you are defining additional properties, the Properties dialog for the user is displayed. For more detailed information about this dialog, see Internal User Properties.

Content feedback and comments