cancel
Showing results for 
Search instead for 
Did you mean: 

Sender Certificate Based Authentication Externalization: Standard Integration Flows vs. Custom Flows

floriangu
Participant
0 Kudos

Dear experts,

I have realized that for prepackaged standard integration flows "Authorization" is available as option in the the "Sender System" of an Integration Flow.

This is configurable and even the client certificate can be selected when configuring the Integration Flow thus the certificate can be changed without touching the Integration Flow itself:

However when creating a custom flow authorization needs to be configured in the sender channel (thus the connection between sender system and the first flow step), and no option is available for the sender system:

The difference seems to be now that the authentication method (basic vs. certificate) can be externalized, but not the certificate itself.

Does anyone know why there seems to be a different design and functionality? Is there any possibility to make certificates itself configurable in custom flows? I know it can be achieved with certificate-to-user mappings but I would rather prefer to have the same configuration option as in standard flows.

Thank you for your advice!

Accepted Solutions (1)

Accepted Solutions (1)

Sriprasadsbhat
Active Contributor
0 Kudos

Hello Florian,

You can do this by externalizing the Subject DN and Issuer DN of the Certificate Import option like below ( I have taken SOAP Sender Channel as example ).You have to manually fill below highlighted fields like {{SubjectDN}} and {{IssuerDN}}

While configuring you will get below option.

But only one catch is Add option will not be externalized and if you multiple rows under Client Certificates every row needs to be manually externalized like above.

Hope this helps.

Regards,

Sriprasad Shivaram Bhat

floriangu
Participant

Thank you very much for this helpful response. I have not realized the Issuer DN and Subject DN can be externalized too. This solved my problem - great support!

Answers (1)

Answers (1)

Sriprasadsbhat
Active Contributor
0 Kudos

Hello Florian,

These iflows must be developed very earlier and now this option moved to Adapter Level.If you can notice after the below release it was planned to introduce Certificate or Role Based authentication to Adapter level.

Release :19 November 2016

Regards,

Sriprasad Shivaram Bhat

floriangu
Participant
0 Kudos

Hello,

thank you very much for your clarification.

The issue is that the certificate itself can be configured for those "older" flows with authentication in sender and receiver components can be configured, whereas for authentication on adapter level just the authentication methods can be externalized, but I have found no option to externalize selection of certificates.

Do you have any idea how to accomplish this for authentication on adapter level too?

Thank you!