Authentication Profile Parameters
Enter these parameters to create an authentication profile or edit these parameters to update an existing authentication profile. See Authentication Profiles.
Opening the dialog
-
From the Manage menu, select Authentication Profiles.
-
Click the create button.
A basic authentication profile is appropriate for basic and digest authentication types.
To create an OAuth2 authentication profile, click the down arrow to the right of the create button and select from the options: client credentials grant, password credentials grant, and JWT bearer grant.
-
Fill in the properties.
Secure values, such as passwords, are masked as the data is entered.
To see the content while creating the profile, click the eye to the right of the field. This toggles the view between content and mask.
After the profile is created, the content is always masked. You cannot see the content. You can replace the content when the parameter values change.
Name
The display name of the authentication profile.
Notes
Displays with the display name in the list of authentication profiles.
Parameters for a Basic Authentication Profile
Fill in the Username and Password fields.
Parameters for Client Credentials Grant
Fill in the parameters as required.
-
Auth URL
-
Client ID
-
Client Secret
-
Custom Headers (key-value pairs)
-
Scope
Select to supply the parameters in the HTTP authorization header or the request body as appropriate for the authentication profile.
Test the authentication profile to ensure the details are valid. If the test fails, the display indicates which parameters need correction.
Parameters for Password Credentials Grant
Fill in the parameters as required.
-
Auth URL
-
Username
-
Password
-
Client ID
-
Client Secret
-
Custom Headers (key-value pairs)
-
Scope
Select to supply the parameters in the HTTP authorization header or the request body as appropriate for the authentication profile.
Test the authentication profile to ensure the details are valid. If the test fails, the display indicates which parameters need correction.
Parameters for JWT Bearer Grant
Fill in the JSON Web Token claims.
-
Issuer
-
Audience
-
Subject
-
Custom Headers (key-value pairs)
-
Key
-
Key Signature
-
Key Password
-
Additional Claims
Use Additional Claims if the authentication server receiving the request requires claims not listed above.
For more information on claims, see JSON Web Token Claims.
Test the authentication profile to ensure the details are valid. If the test fails, the display indicates which parameters need correction.
The access token returned by the authentication server might or might not be in a JWT format. For instance, Google's access token is a proprietary encrypted string (not JWT) that only Google can decode. In contrast, an ID token (with information on the logged in user) is always in JWT format and even though the payload can be read directly (using for example https://jwt.io/) the authenticity of the information is validated against the signature of JWT.
Advanced
| Parameter | Description |
|---|---|
| SSL Certificate |
Where applicable to the authentication method, add an SSL certificate and password to the profile.
|
|
SSL Key |
Where applicable to the authentication method, add an SSL key and password to the profile.
|
In addition to or instead of adding the SSL certificate or key to the authentication profile, you can add the SSL certificate or key to the integration node. The SSL certificate or key added to the integration node takes precedence over that added to the authentication profile.
Studio supports mutual TLS authentication where:
-
The public API service identifies itself with a certificate from a public certificate authority.
-
Studio identifies itself with a certificate provided by the customer and provisioned by Professional Services into the customers tenancy. This certificate can be issued by public or private certificate authorities.
Studio does not validate the certificate chain of the customer provided client certificate. The certificate expiry must be customer managed.