Versions Compared

Old Version 1

changes.mady.by.user Annegret Bernhardt

Saved on

compared with

New Version Current

changes.mady.by.user Annegret Bernhardt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space WAPIMGMNT232 and version 24.0

This policy enables HTTP Basic Authentication on an API. You can use this policy to require clients to provide HTTP BASIC authentication credentials when making requests to the managed API.

Configuration Options

Basic Configuration

OptionDescriptionPossible ValuesDefault
Authentication Realm

Defines the Basic Auth realm that will be used when responding with an auth challenge (when authentication is missing or fails). The input of a realm is mandatory.

a string-
Identity Source

Additionally, one of the complex properties must be included in the configuration, indicating whether API Management should use JDBC, LDAP or Static information as the source of identity used to validate provided user credentials.

Configuration details of the identity source are listed in the table below.

Static Source

Identity Source Configuration Options

Identity SourceContentDescriptionPossible ValuesDefault

Static Source 

Anchor
source_static
source_static

Note

Not recommended for production. Use KEYCLOAKOAUTH or JWT instead.

Username / PasswordAllows you to provide a static set of user names and passwords.--

Multiexcerpt include
SpaceWithExcerptINTERNAL
MultiExcerptNamepolicies_table_handling
PageWithExcerptINTERNAL:_api_excerpts

JDBC 

Anchor
source_jdbc
source_jdbc


Note

Only PostgreSQL, MariaDB and MySQL are supported.


URL

The URL to the JDBC server.

a string-
JDBC URLThe URL to the JDBC database.a string-
UsernameThe username to use when connecting to the JDBC database.a string-
PasswordThe password to use when connecting to the JDBC database.a string
SQL QueryIf Also extract user roles from the DB is true: SQL query to use when extracting role information. The first parameter passed to the query will be the username.a string-
Password Hash AlgorithmThe hashing algorithm used when the password was stored.
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512
SHA1
Also extract user roles from database

Enable this option if you also want to extract role information from the database.

  • enabled
  • disabled
disabled

Roles SQL Query

Anchor
source_ldap
source_ldap

If Also extract user roles from database is enabled:
SQL query to use when extracting role information. The first parameter passed to the query will be the username.

a string-
LDAP Deprecated since PAS 23.1.1
Info

Use Keycloak's LDAP User Federation in combination with the Keycloak OAuth Policy. Verify with the Scheer PAS support, that your LDAP server is configured as user federation inside Keycloak.

LDAP Server URLThe URL to the LDAP server.a string-
LDAP Bind DNThe pattern to use when binding to the LDAP server (use of ${username} is possible).a string-
Bind to LDAP as

Choose whether to bind directly to LDAP as the authenticating user (UserAccount), or instead to bind as a service account and then search LDAP for the user’s record (ServiceAccount).

Configuration details for service account see below.

  • inbound user
  • service account
inbound user
Also extract user roles from the directoryEnable this option if you want to extract role information from LDAP.
  • enabled
  • disabled
disabled
Group Membership AttributeIf Also extract user roles from the directory is enabled:
The attribute representing the user’s membership in a group. Each value should be a reference to another LDAP node.		a string-
Role Name AttributeIf Also extract user roles from the directory is enabled:
The attribute on a role LDAP node that represents the name of the role.		a string-

If "Bind to LDAP" is set to "Service Account" 

Anchor
ldap_service_account
ldap_service_account


UsernameThe username is used when initially binding to LDAP as a service account.--
PasswordThe password is used when initially binding to LDAP as a service account.

User Search Base DNUsed to search for the user’s LDAP record so that it can be used to re-bind to LDAP with the appropriate password.

User Search ExpressionUsed to search for the user’s LDAP record so that it can be used to re-bind to LDAP with the appropriate password.--

Advanced Configuration

OptionDescriptionPossible ValuesDefault
Forward Authenticated Username as HTTP HeaderIndicates the name of an HTTP header to send with the principal/identity of the authenticated user if authentication succeeds. Useful when the backend API needs to know the identity of the authenticated user.a string-
Panel
titleOn this Page:

Table of Contents

Panel
titleRelated Pages:

Otp
Floatingfalse

rp