Process Platform Identity is the most simple form of authentication in Process Platform. The Process Platform identity can be used if the ability to work with other authentication or authorization systems is not required. As message integrity is important, it is advisable to use message-level or transport-level security. Process Platform Identity should preferably be used only on protected networks behind the Process Platform Web gateway, because SOAP headers can easily be forged. The Process Platform Web gateway verifies credentials before setting the Process Platform Identity SOAP header and for an external client it is not possible to manually set the Process Platform Identity header.

The client encapsulates the user credentials in Process Platform Identity format in the SOAP request header. The service container verifies the given credentials before the SOAP request is executed. The request is then executed on behalf of the user and organization.

The SOAP request is executed only if:

• The user name and password are valid.
• The user name and password can be mapped to a valid Cordys user.
• The user has authorization to execute the SOAP request.

Example of a Process Platform Identity SOAP Header

The following is a sample SOAP request header to identify a user on Process Platform. ReplaceUSERandORGANIZATIONwith the actual values of the user and organization on behalf of which this SOAP request is to be executed.

<SOAP:Header>
    <header>
        <sender>
            <user>USER@ORGANIZATION</user>
        </sender>
    </header>
</SOAP:Header>