Page History
Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
This policy enables HTTP BASIC Authentication on an API. You can use this policy to require clients to provide HTTP BASIC authentication credentials when making requests to the managed API.
Note |
---|
Do not use the BASIC Authentication policy together with the other authentication policies Keycloak OAuth and JWT. The chaining of these policies is currently not supported, but this may change in future versions. |
Configuration Options
Option | Type | Description | Possible Values | Default | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Authentication Realm | String | Defines the BASIC Auth realm that will be used when responding with an auth challenge (when authentication is missing or fails). | - | - | ||||||||
Transport security required | Boolean | Enabling this will require clients to use https.
| true / false | false | ||||||||
Forward Authenticated Username as HTTP Header | String | Indicates the name of an HTTP header to send with the principal/identity of the authenticated user if authentication succeeds. Useful when the backend API needs to know the identify of the authenticated user. | - | - | ||||||||
Basic Auth required | Boolean | Must be set to true so that BASIC authentication credentials are required.
| true / false | true | ||||||||
Identity Source | Object | Additionally, one of the complex properties must be included in the configuration, indicating whether API Management should use JDBC, LDAP or Static information as the source of identity used to validate provided user credentials. Configuration details of the identity source are listed in the table below. | Static | - |
Identity Source Configuration Options
Identity Source | Content | Type | Description | Possible Values | Default | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Static | Object | Allows you to provide a static set of user names and passwords. | - | - | ||||||||||||
Static Identities | Object | Contains a set of user names and passwords.
| - | - | ||||||||||||
JDBC
| Object | This object is included when you wish to use JDBC to connect to a database containing user and password information. | - | - | ||||||||||||
JDBC Type | Enum | Type of JDBC connection to use. Configuration details of Data Source and URL see below. | Data Source URL | Data Source | ||||||||||||
Also extract user roles from the DB | Boolean | Set to true if you also want to extract role information from the database. | true / false | false | ||||||||||||
Roles SQL Query | String | If Also extract user roles from the DB is true: SQL query to use when extracting role information. The first parameter passed to the query will be the username. | - | - | ||||||||||||
| ||||||||||||||||
When "JDBC Type" is Data Source | ||||||||||||||||
| JDBC Datasource | String | The JNDI path of the datasource to use (only when type is Data Source). | - | - | |||||||||||
When "JDBC Type" is URL | ||||||||||||||||
JDBC URL | String | The URL to the JDBC database. | - | - | ||||||||||||
JDBC Username | String | The username to use when connecting to the JDBC database. | - | - | ||||||||||||
JDBC Password | String | The password to use when connecting to the JDBC database. | - | - | ||||||||||||
JDBC Password (verify) | String | Password repetition to verify the password. | - | - | ||||||||||||
SQL Query | String | The SQL query to use when searching for a user record. The first parameter passed to the query will be the username, the second parameter will be the (optionally hashed) password. | - | - | ||||||||||||
Password Hash Algorithm | Enum | The hashing algorithm used when storing the password data in the database. | None SHA1 MD5 SHA256 SHA384 SHA512 | SHA1 | ||||||||||||
LDAP Deprecated since PAS 23.1.1 | Object | This object is included when you wish to connect to LDAP when validating user credentials. | - | - | ||||||||||||
| LDAP Server URL | String | The URL to the LDAP server. | - | - | |||||||||||
LDAP Bind DN | String | The pattern to use when binding to the LDAP server (use of ${username} is possible). | - | - | ||||||||||||
Bind to LDAP As | Enum | Choose whether to bind directly to LDAP as the authenticating user (UserAccount), or instead to bind as a service account and then search LDAP for the user’s record (ServiceAccount). Configuration details for Service Account see below. | The inbound user A Service account | The inbound user | ||||||||||||
Also extract user roles from the directory | Boolean | Set to true if you want to extract role information from LDAP. | true / false | false | ||||||||||||
Group Membership Attribute | String | If Also extract user roles from the directory is true: The attribute representing the user’s membership in a group. Each value should be a reference to another LDAP node. | - | - | ||||||||||||
Role Name Attribute | String | If Also extract user roles from the directory is true: The attribute on a role LDAP node that represents the name of the role. | - | - | ||||||||||||
Only when "Bind to LDAP" is Service Account | ||||||||||||||||
Service Account Username / Service Account Password | Object | The credentials are saved as an object with two properties: username and password . The credentials are used when initially binding to LDAP as a service account. | - | - | ||||||||||||
User Search Base DN / User Search Expression | Object | An object with two properties: baseDn and expression. Used to search for the user’s LDAP record so that it can be used to re-bind to LDAP with the appropriate password. | - | - |
Panel | ||
---|---|---|
| ||
|
Panel | ||
---|---|---|
|
Otp | ||||
---|---|---|---|---|
|