Hi

We are developing a proxy A which would be exposed to client orgnaisations . Client organisation will call web services with wsse headers (username / password ). We need to address the following

1. Each organisation can go into the application through another proxy (unrelated) and create a system id and password (the web service username and password). These are stored in the backend

2. Then each organisation can call the proxy A and invoke a web service request . The proxy A needs to authenticate the service call (username/password in the wsse headers) and then pass it to backend.

Thus in step 1, when the org user creates the system id and password , that needs to be stored in apigee (flow back form backend to apigee and stored in apigee).

In step 2, the proxy needs to extract the username/password from the soap request and validate it with the ones which are stored in apigee.

What is the correct way of implementing this ? Can the username/passwords be stored within KVM ? How will the authentication happen ?

If there is any reference or any best design available , kindly suggest.

@Dino-at-Google