We are trying to implement authentication for below cases.
1. If API services gets authorisation header with Token .* then token will be routed to one target system for authentication validation.
2. If service does not get authorisation header with Token .* then included Require HTTP BASIC Credentials Assertion and LDAP for authentication validation.
During the testing we are not passing authorisation header with Token .* hence service is not prompting for login credentials. Above logic is written is as follows.
At least one Assertion condition All Assertion compare statement for authorisation header with Token Route via assertion to route token for authentication All Assertion Require HTTP BASIC Credentials Assertion LDAP for basic authentication validation All Assertion Error throwing logic
Is the above logic not working as you expect? Can you provide a sample of the policy you have put together?
A small sample of what I believe you are looking for. This policy assumes you are passing a bearer token in the authorization header and looks specifically for it.
If it exists it will route to google, if not it will prompt for UID/PW and authenticate against the internal IDP (can easily be modified for LDAP), else it fails with a custom message.
Please let me know if the policy provided has proven useful.
I'm able to handle what I'have looked by changing logic in policy.
Thank you for your help.