PhenixID

Step by Step – Adding Basic authentication to HTTP enabled Pipes

Summary

This document will guide you through the steps to add HTTP basic authentication to a HTTP-enabled pipe.

System Requirements

Instruction

Overview

Login to PhenixID Administration Portal

Open a browser and go to https://PhenixidServerIP:8443/config/.
Use e.g. the default administrator user called phenixid to login.

Configure pipe

Go to the tab Configuration (needs to be enabled in boot.json, see document http://document.phenixid.net/m/52601/l/513298-enable-configuration-tab-in-phenixid-configuration-manager).
Locate “Pipes” and click >.

Click on the pen to the right of the Pipe you would like to Edit.

Insert a HTTPBasicAuthValve (it must be the first valve of the pipe).

{
 "name" : "HttpBasicAuthValve",
 "config" : { }
 }

Depending on your configuration, add valves to verify username and password:

When done, press Stage changes and then Commit changes.

Verify HTTP Basic Authentication

  1. Inform the HTTP client to use basic authentication with username and password when calling the pipe.
  2. Check logs while the HTTP client calls the pipe to verify that username and password verification is performed successfully.

 

Configuration example snippets

Pipe configuration examples. Pls note that only the valves included in the http basic auth are present in the examples.

LDAP

{
 "id" : "ReadAllUsers",
 "http_enabled" : "true",
 "http_path_pattern" : "GET:/pipes/users/ReadAll",
 "valves" : [
 {
 "name" : "HttpBasicAuthValve",
 "config" : { }
 }, {
 "name" : "LDAPSearchValve",
 "config" : {
 "connection_ref" : "local_ldap",
 "base_dn" : "dc=bjorken,dc=local",
 "scope" : "SUB",
 "size_limit" : 0,
 "filter_template" : "(&(objectclass=*)(uid={{attributes.username}}))"
 }
 }, {
 "name" : "LDAPBindValve",
 "config" : {
 "connection_ref" : "local_ldap",
 "password_param_name" : "{{attributes.password}}",
 }
 },
<MORE_VALVES_HERE>
}

Internal user store

{
 "id" : "ReadAllUsers",
 "http_enabled" : "true",
 "http_path_pattern" : "GET:/pipes/users/ReadAll",
 "valves" : [
 {
 "name" : "HttpBasicAuthValve",
 "config" : { }
 },{
 "name" : "InternalUserStoreValidatorValve",
 "config" : {
 "username":"{{attributes.username}}",
 "pwd":"{{attributes.password}}"
 }
 },
<MORE_VALVES_HERE>
}

SQL

{
 "id" : "ReadAllUsers",
 "http_enabled" : "true",
 "http_path_pattern" : "GET:/pipes/users/ReadAll",
 "valves" : [
 {
 "name" : "HttpBasicAuthValve",
 "config" : { }
 },{
 "name" : "StatementExecutorValve",
 "config" : {
 "connection_ref" : "local_mysql",
 "statement" : "select uid from USERS where uid='{{attributes.username}}' AND pwd='{{attributes.password}}' )"
 }
 },
<MORE_VALVES_HERE>
}

 

DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se