Basic Authentication
  • Dark
    Light
  • PDF

Basic Authentication

  • Dark
    Light
  • PDF

Basic Authentication is generally an easy standard way of authenticating to systems. It is not always the most secure mechanism as there could be issues with credentials being exposed. Attributes of standard Basic Authentication are:

  • A username and password are provided in every request.
  • The username and password are then concatenated with a ”:” in the middle to form a credential string - "username:password"
  • The credential string will then be base 64 encode so that the credentials are not sent in the clear.
  • The resulting encoded string is then prefixed with ”Basic ”.
  • Finally, the string is placed into the Authorization header in the request.

How to set up Basic Authentication in Adapters

Basic Authentication is handled entirely within the IAP Service Instance Configuration for the adapter. You can find this within IAP Admin Essentials, and the properties we are talking about are in the authentication section. The authentication section includes other properties that are described in detail in the IAP Service Instance Configuration articles.

  • The "auth_method" should be set to ”basic user_password”.
  • The actual username and password should be provided in their respective properties.
    • These password field can be encoded using IAP's encryption.
  • The "auth_field" should be set to where the authentication information should be in the request.
    • Headers are the most common placement and are referenced with header.headers. Therefore, the Authorization header should be header.headers.Authorization
  • The "auth_field_format" is the format of the data that will be sent in the request. The adapter library will replace the variables it knows about:
    • {username}
    • {password}
    • {b64}….{/b64} to b64 encode everything between the tags

Basic Authentication Properties Example

"authentication": {
  "auth_method": "basic user_password",
  "username": "systemuser",
  "password": "systempassword", 
  "auth_field": "header.headers.Authorization",
  "auth_field_format": "Basic {b64}{username}:{password}{/b64}"
},

Other Options for Basic Authentication

Some systems utilize variations of Basic Authentication. The IAP Service Instance Configurations for the adapter are flexible enough to handle many variations including:

Option Description
Credentials in a different header field Change the value of "auth_field" to "header.headers.MyAuthField".
Credentials in a different location To locate in the url path (before ? and any query parameters), set "auth_field" to "urlpath".

To locate in the url query (after the ?), set "auth_field" to "url".

To locate in the body, set "auth_field" to "body.field”.
Different format of auth data Want to just send the credentials as a string separated by a comma ”{username},{password}”.

Other Options Examples

Sample Properties

"authentication": {
  "auth_method": "basic user_password",
  "username": "systemuser",
  "password": "systempassword", 
  "auth_field": "header.headers.MyAuthField",
  "auth_field_format": "{username},{password}"
},

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.