Layer7 API Management

Expand all | Collapse all

Facing Issue with Require HTTP Basic Credentials

Jump to Best Answer
  • 1.  Facing Issue with Require HTTP Basic Credentials

    Posted 09-14-2016 11:26 AM

    Hi All,

     

    We are trying to implement authentication logic in our gateway as stated in below. If user not provide credentials in login pop up we want to throw customize error response. 

     

    At least one assertion must evaluate to true

         All assertions must evaluate to true

                  Require HTTP Basic Credentials 

        All assertions must evaluate to true

                Customize Error Response assertion with login credentials required

               Raise Error asssertion

     

     

    With above code I am not getting login pop up first and else part code executing always .Do we have any logic how to implement it.

     

     

     

    Regards,

    Suneel

     



  • 2.  Re: Facing Issue with Require HTTP Basic Credentials

    Posted 09-14-2016 11:41 AM

    Your browser is doing a GET call to the endpoint without HTTP Basic Credentials so that assertion is not satisfied which is why the else logic is getting executed. The credentials you entered, or did not enter, after the first request is probably also cached in your browser. Using Chrome you can go into incognito mode for the cache to be cleared, hit the endpoint again, and your browser should automatically pop up the credentials box.



  • 3.  Re: Facing Issue with Require HTTP Basic Credentials

    Posted 09-14-2016 11:46 AM

    Hi Suneel,

     

    What is your objective here?

     

    Why would you want to do this?  As the next line is more crucial as it will state if the individual is authenticated to your identity provider.

     

    Derek

     

    Derek Orr

    ca technologies

    Principal Consultant, CA API Management Presales

    m: 778-980-0029

    Email = Derek.Orr@ca.com<mailto:Derek.Orr@ca.com>

     

    CA API Management Community: https://communities.ca.com/community/ca-api-management-community



  • 4.  Re: Facing Issue with Require HTTP Basic Credentials

    Posted 09-14-2016 11:50 AM

    Suneel,

     

    You need to move the "Require HTTP Basic Credentials" up out to the at least one so it will prompt for credentials if authorization header is not passed. Then use a Authenticate against Identity provider assertion to validate the credentials collected and error if authentication fails. 

     

    This is a sample of how you can structure this

     



  • 5.  Re: Facing Issue with Require HTTP Basic Credentials

    Posted 09-15-2016 01:47 AM

    Hi Barry and Derek,

     

    Thanks for reply.

     

    My objective is:

                Gateway API has to search for any authorisation header presented as part of request. If not presented then only I will provide login by using Require HTTP Basic credentials Assertion.Here login pop up will be prompted lets assume user was not provided login details i.e. clicked on cancel button then API has to return custom error message as Login Credentials Required.

     

    I have attached API code for reference.

     

    facing Problem: Policy always returning 'Required Credentials' error but it should prompt login pop up because not sending authorisation header in the request.

     

     

    API Logic .

     

              Thanks,

             Suneel



  • 6.  Re: Facing Issue with Require HTTP Basic Credentials

    Posted 09-15-2016 10:04 AM

    This is a browser caching issue. In the API world, there is no such thing as prompting for credentials if no credentials are presented. You either do or do not present credentials with the request. You have sent either empty or incorrect credentials with your browser before, your browser has cached that call, thus you will never be prompt. Only on the first call from your browser to a new endpoint will it see that credentials are required and prompt you and ask to provided credentials. Empty your browser cache or use Chrome and go incognito. If you want a user to redirected to a login page if credentials are not presented then you need to throw back a 302 redirect to the login page, not throw back an error. 



  • 7.  Re: Facing Issue with Require HTTP Basic Credentials

    Posted 09-16-2016 08:47 AM

    Hi Bloan,

     

    Thanks for reply.

     

    If  user cancel button in login prompt without providing credentials then gateway throwing status code 401 with Unauthorised. But I am trying to send custom error as Credentials are not provided.Do we have any option to set custom error response in this case.

     

    Thanks,

    Suneel



  • 8.  Re: Facing Issue with Require HTTP Basic Credentials

    Posted 09-15-2016 11:33 AM

    the sample I provided earlier does exactly what you are looking to accomplish. just move the require http basic credentials up to the top of your policy.  your don't need to check for existence of Authorization header the assertion will do that and if it is not present it will cause the browser to prompt user for credentials.



  • 9.  Re: Facing Issue with Require HTTP Basic Credentials

    Posted 09-16-2016 08:50 AM

    Hi Barry,

     

    Your code is working fine as excepted. But I am trying to implement below one.

     

    If  user cancel button in login prompt without providing credentials then gateway throwing status code 401 with Unauthorised. But I am trying to send custom error as Credentials are not provided.Do we have any option to set custom error response in this case.

     

     

    Thanks,

    Suneel



  • 10.  Re: Facing Issue with Require HTTP Basic Credentials
    Best Answer

    Posted 09-16-2016 11:34 AM

    Suneel,

     

    I do not believe what you are looking to do is possible regarding the cancel. The Require HTTP Basic credentials assertion returns the 401 and the WWW-Authenticate and the L7-Policy-URL headers which the browser uses to prompt user for credentials, and send they back to the gateway when the user submits credentials. If the user pushes the cancel button the request ends and the  browser presents the Authentication Required response not the gateway.  



  • 11.  Re: Facing Issue with Require HTTP Basic Credentials

    Posted 09-17-2016 06:23 AM

    Hello Barry,

     

    Thank you very much for your response.