.png?sv=2022-11-02&spr=https&st=2024-11-21T09%3A23%3A58Z&se=2024-11-21T09%3A33%3A58Z&sr=c&sp=r&sig=kCUCnX0TYvh9q%2BpGpwjTgx3mqI%2Fa17pHCjB%2BChW3Fy0%3D){kind=logo}
Basic Authentication
- 14 Nov 2022
-
DarkLight
-
PDF
Basic Authentication
- Updated on 14 Nov 2022
-
DarkLight
-
PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Basic Authentication is generally an easy standard way of authenticating to systems. It is not always the most secure mechanism as there could be issues with credentials being exposed. Attributes of standard Basic Authentication are:
- A username and password are provided in every request.
- The username and password are then concatenated with a ”:” in the middle to form a credential string - "username:password"
- The credential string will then be base 64 encode so that the credentials are not sent in the clear.
- The resulting encoded string is then prefixed with ”Basic ”.
- Finally, the string is placed into the Authorization header in the request.
How to set up Basic Authentication in Adapters
Basic Authentication is handled entirely within the IAP Service Instance Configuration for the adapter. You can find this within IAP Admin Essentials, and the properties we are talking about are in the authentication section. The authentication section includes other properties that are described in detail in the IAP Service Instance Configuration articles.
- The "auth_method" should be set to
”basic user_password”. - The actual username and password should be provided in their respective properties.
- These password field can be encoded using IAP's encryption.
- The "auth_field" should be set to where the authentication information should be in the request.
- Headers are the most common placement and are referenced with
header.headers. Therefore, the Authorization header should be header.headers.Authorization
- Headers are the most common placement and are referenced with
- The "auth_field_format" is the format of the data that will be sent in the request. The adapter library will replace the variables it knows about:
{username}{password}{b64}….{/b64}to b64 encode everything between the tags
Basic Authentication Properties Example
"authentication": {
"auth_method": "basic user_password",
"username": "systemuser",
"password": "systempassword",
"auth_field": "header.headers.Authorization",
"auth_field_format": "Basic {b64}{username}:{password}{/b64}"
},
Other Options for Basic Authentication
Some systems utilize variations of Basic Authentication. The IAP Service Instance Configurations for the adapter are flexible enough to handle many variations including:
| Option | Description |
|---|---|
| Credentials in a different header field | Change the value of "auth_field" to "header.headers.MyAuthField". |
| Credentials in a different location | To locate in the url path (before ? and any query parameters), set "auth_field" to "urlpath".To locate in the url query (after the ?), set "auth_field" to "url".To locate in the body, set "auth_field" to "body.field”. |
| Different format of auth data | Want to just send the credentials as a string separated by a comma ”{username},{password}”. |
Other Options Examples
Sample Properties
"authentication": {
"auth_method": "basic user_password",
"username": "systemuser",
"password": "systempassword",
"auth_field": "header.headers.MyAuthField",
"auth_field_format": "{username},{password}"
},
Was this article helpful?
