Hi
We are developing a proxy A which would be exposed to client orgnaisations . Client organisation will call web services with wsse headers (username / password ). We need to address the following
1. Each organisation can go into the application through another proxy (unrelated) and create a system id and password (the web service username and password). These are stored in the backend
2. Then each organisation can call the proxy A and invoke a web service request . The proxy A needs to authenticate the service call (username/password in the wsse headers) and then pass it to backend.
Thus in step 1, when the org user creates the system id and password , that needs to be stored in apigee (flow back form backend to apigee and stored in apigee).
In step 2, the proxy needs to extract the username/password from the soap request and validate it with the ones which are stored in apigee.
What is the correct way of implementing this ? Can the username/passwords be stored within KVM ? How will the authentication happen ?
If there is any reference or any best design available , kindly suggest.
This post is open. Kindly reply to this post. 2 duplicate posts have been created erroneously. Kindly ignore those.
@Dino-at-Google Looking forward to some input on this please.