How does BW perform Basic Authentication using HTTP activities?.
Article ID: KB0090220
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | - |
| Not Applicable | - |
Description
Resolution:
when we enable basic authentication on the http sender side, the request that goes out contains http headers like
-----------------
POST / HTTP/1.1
accept-encoding: gzip
host: localhost:8484
accept-charset: iso-8859-1,*,utf-8
content-type: text/html;charset=UTF-8
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Authorization: Basic dGVzdDp0ZXN0
User-Agent: BW-HTTPClient/5.2
Content-Length: 5
---------------------------------
where the "Authroization" header denotes the kind of http authentication that can be performed. In bw's case only basic authentication is supported and the value for for the token is dervied by taking a base64 encoding of "<username>:<password>" string as per the HTTP spec. For example a base64 encoding of token "test:test" would yield "dGVzdDp0ZXN0"
The above token gets authenticated against Administrator realm when the http request comes through. If you would like to do you own custom authentication, then you could use the "expose security context" checkbox, then you will see the username and you will then have to write custom java code to authenticate the user against LDAP or any other directory service
when we enable basic authentication on the http sender side, the request that goes out contains http headers like
-----------------
POST / HTTP/1.1
accept-encoding: gzip
host: localhost:8484
accept-charset: iso-8859-1,*,utf-8
content-type: text/html;charset=UTF-8
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Authorization: Basic dGVzdDp0ZXN0
User-Agent: BW-HTTPClient/5.2
Content-Length: 5
---------------------------------
where the "Authroization" header denotes the kind of http authentication that can be performed. In bw's case only basic authentication is supported and the value for for the token is dervied by taking a base64 encoding of "<username>:<password>" string as per the HTTP spec. For example a base64 encoding of token "test:test" would yield "dGVzdDp0ZXN0"
The above token gets authenticated against Administrator realm when the http request comes through. If you would like to do you own custom authentication, then you could use the "expose security context" checkbox, then you will see the username and you will then have to write custom java code to authenticate the user against LDAP or any other directory service
Issue/Introduction
How does BW perform Basic Authentication using HTTP activities?.
Feedback
Yes
No
Powered by
