Which authentication mechanisms are supported by the Mendix platform for consuming external web services and for web services exposed by the platform for consumption by external applications? These options may include: user names/passwords, digital certificates, security tokens, etc. I would also like to understand how this could be extended if the platform doesn’t support an option that is required for a particular type of application.
In short, we support anything which involves manipulation of the SOAP header (user names/ passwords, certain tokens), and we support nothing out of the box which involves manipulation of the HTTP header (NTLM/ Kerberos tokens). An exception is HTTP basic authentication.
If you want to manipulate the HTTP headers, at the cost of performance, you could (but shouldn't!) fetch the outgoing data stream in Java and insert the necessary headers.