Security features in MashupHub
MashupHub includes security features that protect the contents of the catalog. These features also limit who can use an object from the catalog based on the permissions that a user has for the object.
Assigning the administrator role for MashupHub
More than one user can perform administration tasks. An existing administrator specifies which other users are also administrators. Before the administrator role is granted to a user, the user must have successfully logged into MashupHub at least one time.
Editing feed policies
An administrator can create feed filtering policies, configure IP address access, disable feed replay attacks, and limit feed access rates.
Using the Global Policy feed
You can create a feed from the policy statistics of a catalog object. The feed includes the number of requests that have been processed, the number of times one of the requests has been rejected because of a filter, and the percentage of requests that have failed.
Configuring a security token service
When you create a feed from a web service that requires authentication with a SAML token, a username token, or an STSUniversalUser token to invoke the feed, you exchange the LTPA token used for logging in to Mashup Center for the different token format.
SSL configuration parameters
Three configuration parameters determine if MashupHub accepts self-signed SSL or unverified X509 certificates. By default in version 3.x, these parameters are set to true
, which prevents MashupHub from accepting self-signed SSL or unverified X509 certificates. These parameters can be set in the server.config.ini