To have authentication for your Web service, you need to implement an authentication mechanism. You can use several authentication mechanisms in your application. Each authentication mechanism is implemented as a provider. Each provider takes on a particular authentication mechanism. This architecture allows you to add new authentication mechanisms without rewriting the application implementation.

All provider implementations are listed in the WSO2 SOA Enablement Server configuration file (see the Security Preferences section in Server Preferences Management, specifically the sub-section on Providers). Applications refer to these implementations using short names. A unique name must be assigned to a particular implementation.

This WSO2 SOA Enablement Server distribution comes with the following authentication providers configured:

	Note
	Some authentication mechanisms, such as WS-Security, can do more than just authentication.

There are two types of authentication providers.

Provider implementation on the server side should implement both provider interfaces, especially because services can also be clients of other services. The same applies on the client side in the case of asynchronous messaging.

	Note
	The properties of Kerberos may be configured for each call using org.idoox.wasp.WaspSecurity.setProviderProperties(ServiceClient serviceClient, Configurable config, String providerName) or WaspSecurity.setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName).