Security consideration is the most critical aspects when you are integration applications. Service end point should be protected from un-authorized access. Source, destination, middleware integration application or ESB support several authentication protocols. We should select the most suitable one on the basis of the scenario. Like cloud to cloud integration needs more security, so we may use Two-way SSL. By Two-way SSL we are authenticating users by their certificates. This is more secure than basic authentication. Similarly we can use SAML for federated SSO. Basic authentication can be used to connect intranet application. We can use NTLM for connecting to SQL Server.
Apart from authentication and authorization, access control to the server, auditing, compliance requirement is critical for security.
I have come up with some guidelines where to use which authentication protocol on the basis of application capabilities. Please check below.
| Source | Destination | Scenario | Recommended Authentication Protocol |
| Cloud Application | Middleware Integration Application | Partner platforms are already integrated with Same IDP for federated SSO | SAML |
| Cloud Application | Middleware Integration Application | There is no common Identity Provider and Both support Two way SSL | Two Way SSL |
| Cloud Application | Middleware Integration Application | Middleware exposing third party resources | Oauth/Openid Connect |
| On-Premise Application | Middleware Integration Application | Application paltforms are already integrated with Same IDP for federated SSO | SAML |
| On Premise Application | Middleware Integration Application | Applications are in same windows domain and Microsoft Windows active directory used as identity provider | Kerberos |
| Middleware Integration Application | Cloud application | ESB is invoking external Application | TwoWay SSL |
| Middleware Integration Application | Cloud application | ESB is accessing third party resources | Oauth/Openid Connect |
| Middleware Integration Application | On-Premise Application | ESB is invoking On-Premise Application and LDAP server is used for technical account | LDAP based Basic authentication |
| Middleware Integration Application | Database | ESB is making database call using JDBC | Basic authentication |
| Middleware Integration Application | SQL Server Database | Integration application and database are in same windows Domain | NTLM |
| Middleware Integration Application | Fileserver | Connect with SFTP protocol | Basic authentication |
| Middleware Integration Application | External Application | This is mostly accessing cloud application where it is required to sign the rest request | Signing the request |