I have a back end server I need to proxy to and to include generic basic authentication credentials in addition to a user id header. The basic authentication is to prevent from accessing the back end server directly from intranet by spoofing user id header. Is it something I need to develop myself in a custom filter to push Authorization header?
By "basic authentication credentials" do you mean the header ?
Authorization: Basic QAWEDsdrSdseesdsdeedscsaddewdsadsad==
This is the credentials that basic authentication set in the header
and as I recall, this header might be sent to the backend server.
In rereading your request - this isn't exactly what you are after - but I will leave it hear since it is related and may be useful to others looking at similar topic.
Generally for backend WWW Authentication :
The setting you want on the proxyrules.xml file is :
This will then propagate the normal HTML authenticate headers straight through as normal proxied request.
Description of what happens:
The reason you need the extra setting is because of the way NTLM authentication works. When NTLM is used then NTLM autheticates the "connection" as belonging to the user. So any other requests going down that socket to the backend are considered as also being from the same (authenticated) user.
Obviously that is a real problem for a proxy if you are trying to run a pool of connections to the backend and want to pass different requests from different users along the same pool of connections. Adding connection-auth="yes" means it will not use the normal backend pool of connections, but will use the connection oriented pool, which maintains individual sockets per authenticated user :
<connection-pool name="connection oriented authentication">
Cheers - Mark
I expect your right the best way to add the Authenticate: line to the header will be via an SPS filter.
The following article (and sample code) should give you enough details to be able to implement that sort of filter :
Adding X-Forwarded-For header to CA Access Gateway (CA Secure Proxy Server)