Simple Authentication Policy is used to authenticate clients with username and password only.

For this policy, the username and password must be sent in clear-text.

The locations of username and password within the message is given by the variables. Received values are authenticated via the relevant identity provider which is selected during the policy configuration.

If the result of authentication is successful, the message flow is allowed to continue. Otherwise, the flow is interrupted and a response message containing an error message about the problem is returned to the client.

The image containing the Simple Authentication Policy settings is given below:

The Simple Authentication fields are shown in the table below.




An optional description of the policy that may be useful for usage and management activities.

Clear Authentication Information

It ensures that all existing authentication information, if any, is deleted in the message content. In this case, if there is an Authorization Information in the request from the client, this information is deleted and not sent to the Backend API.

Add Client Info to Header

If this option is checked, username of the authenticated user will be sent to the Backend API in a header when the authentication is successful. The default name of the header is X-Authenticated-UserId and can be changed if desired.

Authenticated User Header Name

If the Add Client Info to Header option is checked, it is the username or the name of the title to which the key will be added.

Variable for Username

It is the variable used to specify the location of the "username" within the message. Please visit the Variables page for more information. 

Variable for Password

It is the variable used to specify the location of the "password" within the message. Please visit the Variables page for more information.

Identity/Role/Group Service

The Identity Provider Service to authenticate the users. Please visit the Identity Providers page for more information.

Appears if "Security Manager" is selected as the identity provider service. If this option is enabled and the IP information was specified while defining the user, it is also checked whether the request comes from the IP(s) given for this user.

Authorization Configuration

This option is activated to configure the access control according to the roles of the users. Please visit the Authorization page for more information.

You can visit the Policies page for the details of the Conditions and Error Message Customization panels.