Basic Auth Request Authentication | Accepts a username and a password in HTTP Basic Auth header and verifies it using configured password repository (e.g. IAM database, MSAD, LDAP) |
Client Certificate (X.509) Request Authentication | Verifies the X.509 client certificate involved in the TLS handshake and extracts user information from it. |
Denying Request Authentication | Used to deny access to the REST API altogether. |
OAuth 2.0 Token Request Authentication | Validates OAuth 2.0 access tokens issued by an IAM authorization server. |
SSO Ticket Request Authentication | Extracts an arbitrary single sign-on (SSO) token from either an HTTP header or a cookie and uses it to authenticate the request. It supports various types of SSO tokens. |
Static Request Authentication | Uses the configured username and roles. May be used for testing or if authentication is implemented at the network level (network access guarantees that the REST client is entitled to access the APIs). |