CA API Gateway 9.1

9.4 9.1

Creating an Internal User

You need to define two types of Internal Identity Provider (IIP) users: users who need to connect to the  from the Policy Manager (also known as administrative users) and those who only appear in messaging traffic. For the latter, these users are referenced in the  or .
gateway83
You need to define two types of Internal Identity Provider (IIP) users: users who need to connect to the 
API Gateway
 from the Policy Manager (also known as administrative users) and those who only appear in messaging traffic. For the latter, these users are referenced in the Authenticate User or Group Assertion or Authenticate Against Identity Provider Assertion.
To prevent potential unexpected results, do not replicate users from any other identity provider (for example, LDAP) in the Internal Identity Provider. The information for internal users in the Policy Manager must be unique.
To add a new internal user to the Internal Identity Provider (IIP
):  
  1. Do one of the following:
    • Click Create Internal User on the Home Page.
    • Click [
      Tasks
      ] >
      Create Internal User
       from the Main Menu.
    • Right-click the IIP name in the [
      Identity Providers
      ] tab and then select Create User.
    The Create Internal User dialog appears.
  2. Configure the dialog as follows:
    Setting
    Description
    User Name
    Enter the username for the user. The username cannot be changed once defined.
    If this is a new administrative user who is connecting to the 
    API Gateway
     using a client certificate, ensure that the 'CN' value in the certificate matches the username entered here. The Internal Identity Provider requires matching values to authenticate the user. This does not apply to users who appear only in messaging traffic or who log in using a username and password. 
    Password
    Enter a password. The password can be changed later using the My Account dialog.
    Confirm
    Retype the password for confirmation.
    Define Additional Properties
    Select this check box if you want to enter additional information about the user. All additional information is optional.
    Password Rules
    Displays a reminder of the password rules. For more information about how these rules are set, see Manage Password Policy.
    Using Non-English characters:
     It is possible to add users with non-English single-byte characters, or multi-byte characters in the User Name and Password fields. However these users do not authenticate successfully if HTTP Basic is used in a policy. This is a limitation of the HTTP Basic standard, which limits characters to the ISO-8859-1 standard. The workaround is to use WSS Basic instead (see the Require WS-Security UsernameToken Profile Credentials Assertion).
  3. Click [
    Create
    ].
  4. If you are not defining additional properties, the dialog closes and the user is added to the Internal Identity Provider.
  5. If you are defining additional properties, the Properties dialog for the user is displayed. For more detailed information about this dialog, see Internal User Properties.
 

Content feedback and comments