We are trying to implement authentication for below cases.
1. If API services gets authorisation header with Token .* then token will be routed to one target system for authentication validation.
2. If service does not get authorisation header with Token .* then included Require HTTP BASIC Credentials Assertion and LDAP for authentication validation.
During the testing we are not passing authorisation header with Token .* hence service is not prompting for login credentials. Above logic is written is as follows.
At least one Assertion condition
compare statement for authorisation header with Token
Route via assertion to route token for authentication
Require HTTP BASIC Credentials Assertion
LDAP for basic authentication validation
Error throwing logic