What takes precedence for Partner Identification in TIBCO API Exchange Gateway: APIKey or SSL certificate information?
Article ID: KB0073668
Updated On:
| Products | Versions |
|---|---|
| TIBCO API Exchange | 2.x and above |
| Not Applicable | - |
Description
This article provides information on APIX-G behavior if a client request carries APIKey as well as certificate information(mutual ssl).
Environment
All Supported Platforms
Resolution
APIKey always takes precedence over SSLCredentials while identifying a partner.
#Sample Configuration
- A Partner can be defined based on SSL-credentials/Client Certificate information as per information in Article#000028259
- An APIKey can also be defined and associated with such a Partner. This way client will have to present proper certificates as well as APIKey when hitting APIX-G.
- However if a client comes-in with a different certificate(issued by the same CA/root), but a correct APIKey, the request is still processed successfully; irrespective of whether a partner is defined or not for this certificate.
Such a configuration has to be thoroughly tested.
#Sample Configuration
- A Partner can be defined based on SSL-credentials/Client Certificate information as per information in Article#000028259
- An APIKey can also be defined and associated with such a Partner. This way client will have to present proper certificates as well as APIKey when hitting APIX-G.
- However if a client comes-in with a different certificate(issued by the same CA/root), but a correct APIKey, the request is still processed successfully; irrespective of whether a partner is defined or not for this certificate.
Such a configuration has to be thoroughly tested.
Issue/Introduction
What takes precedence for Partner Identification in APIX-G: APIKey or SSL certificate information?
Feedback
Yes
No
Powered by
