Adding Basic authentication to HTTP enabled Pipes
Summary
This document will guide you through the steps to add HTTP basic authentication to a HTTP-enabled pipe.
System Requirements
- PhenixID Server 1.5 or later installed
- At least one HTTP-enabled pipe configured.
Instruction
Overview
Configure pipe
Open a browser and go to https:// _PhenixidServerIP_:8443/config/
Use e.g. the default administrator user called phenixid to login.
Go to the tab Configuration
Locate “Pipes” and click >.
Click on the pen to the right of the Pipe you would like to Edit.
Insert a HttpBasicAuthValve (it must be the first valve of the pipe).
{
"name" : "HttpBasicAuthValve",
"config" : { }
}
Depending on your configuration, add valves to verify username and password:
- LDAP, ex LDAPBindValve
- SQL, ex PreparedStatementExecutorValve
- InternalUserStoreValidatorValve
When done, press Stage changes and then Commit changes.
Verify HTTP Basic Authentication
- Inform the HTTP client to use basic authentication with username and password when calling the pipe.
- Check logs while the HTTP client calls the pipe to verify that username and password verification is performed successfully.
Configuration example snippets
Pipe configuration examples. Pls note that only the valves included in the http basic auth are present in the examples.
LDAP
{
"id" : "ReadAllUsers",
"http_enabled" : "true",
"http_path_pattern" : "GET:/pipes/users/ReadAll",
"valves" : [
{
"name" : "HttpBasicAuthValve",
"config" : { }
}, {
"name" : "LDAPSearchValve",
"config" : {
"connection_ref" : "local_ldap",
"base_dn" : "dc=bjorken,dc=local",
"scope" : "SUB",
"size_limit" : 0,
"filter_template" : "(&(objectclass=*)(uid={{attributes.username}}))"
}
}, {
"name" : "LDAPBindValve",
"config" : {
"connection_ref" : "local_ldap",
"password_param_name" : "{{attributes.password}}",
}
},
<MORE_VALVES_HERE>
}
Internal user store
{
"id" : "ReadAllUsers",
"http_enabled" : "true",
"http_path_pattern" : "GET:/pipes/users/ReadAll",
"valves" : [
{
"name" : "HttpBasicAuthValve",
"config" : { }
},{
"name" : "InternalUserStoreValidatorValve",
"config" : {
"username":"{{attributes.username}}",
"pwd":"{{attributes.password}}"
}
},
<MORE_VALVES_HERE>
}
SQL
{
"id" : "ReadAllUsers",
"http_enabled" : "true",
"http_path_pattern" : "GET:/pipes/users/ReadAll",
"valves" : [
{
"name" : "HttpBasicAuthValve",
"config" : { }
},{
"name" : "StatementExecutorValve",
"config" : {
"connection_ref" : "local_mysql",
"statement" : "select uid from USERS where uid='{{attributes.username}}' AND pwd='{{attributes.password}}' )"
}
},
<MORE_VALVES_HERE>
}