ConfigureAuthenticationAuthentication methods

Basic authentication

Basic authentication is a widely supported standard for authenticating to external systems. It is not always the most secure method, as credentials can be exposed if the connection is not properly secured.

In standard basic authentication:

  1. The username and password are concatenated with a colon to form a credential string: username:password.
  2. The credential string is base64-encoded so credentials are not transmitted in the clear.
  3. The resulting string is prefixed with Basic .
  4. The final string is placed in the Authorization header of every request.

Configure basic authentication

Basic authentication is configured entirely in the authentication section of the Itential Platform service instance configuration for the adapter, accessible through Itential Platform Admin Essentials. For a full description of all authentication properties, see Service instance configuration.

Set the following properties:

  • Set auth_method to "basic_user_password".
  • Set username and password to the credentials for the external system. The password field can be encrypted using Itential Platform’s encryption.
  • Set auth_field to the location in the request where the credentials should be placed. Headers are the most common placement, referenced as header.headers.<field-name>. For the standard Authorization header, use header.headers.Authorization.
  • Set auth_field_format to the format of the credential string. The adapter library substitutes the following variables at runtime:
    • {username}
    • {password}
    • {b64}…{/b64} — base64-encodes everything between the tags

Example

1"authentication": {
2  "auth_method": "basic_user_password",
3  "username": "systemuser",
4  "password": "systempassword",
5  "auth_field": "header.headers.Authorization",
6  "auth_field_format": "Basic {b64}{username}:{password}{/b64}"
7}

Variations

Some systems use variations of basic authentication. The following table describes common options and how to configure them.

VariationConfiguration
Credentials in a different header fieldSet auth_field to "header.headers.MyAuthField".
Credentials in the URL path (before the ?)Set auth_field to "urlpath".
Credentials in the URL query (after the ?)Set auth_field to "url".
Credentials in the request bodySet auth_field to "body.field".
Different credential formatSet auth_field_format to the required format, for example "{username},{password}".

Example: credentials in a custom header with a different format

1"authentication": {
2  "auth_method": "basic_user_password",
3  "username": "systemuser",
4  "password": "systempassword",
5  "auth_field": "header.headers.MyAuthField",
6  "auth_field_format": "{username},{password}"
7}