getting error while configuring the Basic authenti...

rajeshnimmadan · 11-02-2016 10:59 AM

I'm trying to add basic authentication policy. I given username and password while testing the API in trace I'm getting the following error.

      "errorcode": "steps.basicauthentication.UnresolvedVariable"
   <br>

nmallesh

Hi @Rajesh Nimmada,

Kindly provide the screenshot of Basic Authentication Policy for better understanding.

rajeshnimmadan

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
<DisplayName>Basic Authentication-1</DisplayName>
<Operation>Encode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="request.queryparam.username">test</User>
<Password ref="request.queryparam.username">test</Password>
<AssignTo createNew="false">request.header.Authorization</AssignTo>
<Source>request.header.Authorization</Source>
</BasicAuthentication>

anilsr

Other users will only be able to help you if you provide enough details and are clear about your question. Use the body field to provide the details of your question.

Is this is a technical product question, please include:

What are you doing? - Are you encoding / decoding using Basic Auth Policy ? What's the policy code ?
What are you seeing? - You have given this
What are you expecting to see? - Please update your question.

aswinsegu

Hi @Rajesh Nimmada,

This runtime error happens when variables for decode and encode are not present. Please make sure you are passing required parameters as Basic Authentication header in prescribed format.

Error name	HTTP status	Cause
`UnresolvedVariable`	500	The required source variables for the decode or encode are not present. This error can only occur if `IgnoreUnresolvedVariables` is false.

Please provide your Basic Authentication Policy along with Authorization header for further assistance.

nmallesh

@Rajesh Nimmada

Are you providing Authorization as Basic Header in your request?

rajeshnimmadan

Thank you very much for your response I resolved by configuring variables in key-value-map-operations policy but I want to know where we have to verify the username and password of basic authentication policy.

anilsr

@Rajesh Nimmada , Basic Auth policy doesn't do any verification of credentials. It just helps you base64 encode credentials or decode base64 encoded credentials. You have to do the credentials verification using Policy Condition / Raise Fault Policy.

rajeshnimmadan

I am using Basic authentication policy along with key-value-pair policy . I am not getting any error but I want to know where we have to verify the username and password and also I don't know where we have to specify the value to username and password.

Below is my key-value-pair policy.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="Key-Value-Map-Operations-1">
<DisplayName>Key Value Map Operations-1</DisplayName>
<Properties/>
<ExclusiveCache>false</ExclusiveCache>
<ExpiryTimeInSecs>300</ExpiryTimeInSecs>

<InitialEntries>
<Entry>
<Key>
<Parameter></Parameter>
</Key>
<Value></Value>
</Entry>
<Entry>
<Key>
<Parameter></Parameter>
</Key>
<Value></Value>
<Value>v4</Value>
</Entry>
</InitialEntries>






<Get assignTo="username" index="1">
<Key>
<Parameter>username</Parameter>
</Key>
</Get>
<Get assignTo="password" index="1">
<Key>
<Parameter>password</Parameter>
</Key>
</Get>
<Delete>
<Key>
<Parameter ref="myvar"/>
</Key>
</Delete>
<Scope>environment</Scope>
</KeyValueMapOperations>

Below is my Basic authentication policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
<DisplayName>Basic Authentication-1</DisplayName>
<Operation>Encode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="username"/>
<Password ref="password"/>
<AssignTo createNew="false">request.header.Authorization</AssignTo>
<Source>request.header.Authorization</Source>
</BasicAuthentication>

nmallesh

Hi @Rajesh Nimmada,

Use <Condition> tag to raise a fault if the username/password does not match -

Add a step as below in default.xml

<Step>                    
	<Condition>(basic_auth.username = kvm.username) and (basic_auth.password = kvm.password)</Condition>
	<Name>Raise-Fault-Invalid-Credentials</Name>
</Step>

Add a Raise Fault Policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault async="false" continueOnError="false" enabled="true" name="Raise-Fault-Invalid-Credentials">
    <DisplayName>Raise Fault-Invalid Credentials</DisplayName>
    <Properties/>
    <FaultResponse>
        <Set>
            <Headers/>
            <Payload></Payload>
            <StatusCode>401</StatusCode>
            <ReasonPhrase>Unauthorized</ReasonPhrase>
        </Set>
    </FaultResponse>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>

(You can also compare the encoded value from Username/Password with provided Authorization Header)

<Condition>(basic_auth.username = kvm.username) and (basic_auth.password = kvm.password)</Condition>

Get the Username/Password from the Base64 encoded value in the Authorization header using Basic Authentication Policy as below -

Use Basic Auth with Decode Operation to decode the credentials from Base64 encoded value.

The following policy writes the decoded username to the basic_auth.username variable and the decoded password to the basic_auth.password variable.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-Decode">
    <DisplayName>Basic Authentication-Decode</DisplayName>
    <Operation>Decode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="basic_auth.username"/>
    <Password ref="basic_auth.password"/>
    <Source>request.header.Authorization</Source>
</BasicAuthentication>

Use Key Value Map Operations Policy to get the Username|Password

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="Kvm-Get-Backend-Credentials" mapIdentifier="BackendCreds">
    <DisplayName>Kvm Get Backend Credentials</DisplayName>
    <Properties/>
    <ExclusiveCache>false</ExclusiveCache>
    <ExpiryTimeInSecs>300</ExpiryTimeInSecs>
    <Get assignTo="kvm.username" index="1">
        <Key>
            <Parameter>username</Parameter>
        </Key>
    </Get>
    <Get assignTo="kvm.password" index="1">
        <Key>
            <Parameter>username</Parameter>
        </Key>
    </Get>
    <Scope>environment</Scope>
</KeyValueMapOperations><br>

rajeshnimmadan

Hi@Nisha mallesh,

Okay but I am trying to give values to the username and password and after that I have to verify those while testing .

nmallesh

@Rajesh Nimmada

Yes,

1. Use KVM policy to get the values for username/password

(kvm.username/kvm.password as above)

2. Use Basic Authentication Policy for decoding values for Username/password - (basic_auth.username/basic_auth.password as above)

3. Once, you have all the necessary values for the condition mentioned above, include a step for raise fault with the condition

Each of the steps are mentioned in detail in the answer already provided above.

Thanks, hope this helps!

rajeshnimmadan

executed the above code but I am getting the below error

{
  "fault": {
    "faultstring": "Unresolved variable : request.header.Authorization",
    "detail": {
      "errorcode": "steps.basicauthentication.UnresolvedVariable"
    }
  }
}

nmallesh

@Rajesh Nimmada

Are you providing Authorization as Basic Header in your request?

rajeshnimmadan

No,

If please can you tell where I will specify that and below is my Basic authentication policy.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-Decode">
<DisplayName>Basic Authentication-Decode</DisplayName>
<Operation>Decode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="basic_auth.username"/>
<Password ref="basic_auth.password"/>
<AssignTo createNew="false">request.header.Authorization</AssignTo>
<Source>request.header.Authorization</Source>
</BasicAuthentication>

nmallesh

How are you invoking the request?

If you are using postman - add Authorization in the header section with the value as Basic <base 64 encoded value >

rajeshnimmadan

I am just testing in apiconsole iam not using postman

and also while configuring the Basic authentication policy it showing internal error

rajeshnimmadan

and my target end point didn't contain any user name and password i am just trying to give my own credentials by using the above policies

nmallesh

@Rajesh Nimmada

Go to Authentication Tab - Choose Basic Auth - Provide Username and Password

Regarding internal error in the Basic Auth Policy - this should be resolved after adding the changes

rajeshnimmadan

Thank you for your patience,

Is it required to specify the map identifier in key-value-pair policy.

and one more thing is that i am not specify the user name and password in any where else but i am following with decode and kvm policy so where i need to give and store values to the username and password and where I need to verify those before hitting the backend server.

nmallesh

@Rajesh Nimmada

Yes, map identifiers are required to uniquely point to the maps we are referring to

You can store values in Key Value Maps using Edge UI

Go to API section, select Environment Configurations - choose Key Value Maps

Add a map with name as the value provided in mapIdentifier, (in the policy, above)

This is a initial process to store the values

KVM map operations policy helps you in retrieving values from the map

Kindly go through apigee documentation for the policies mentioned in the answer -

They are quite elaborate and appropriate with examples.

rajeshnimmadan

yeah i given values to kvp map but till now i am wondering how to configure refference tag in the Basic authentication policy

nmallesh

@Rajesh Nimmada

I quite didn't get your concern

<Ref> tag in Basic Authentication Policy is used to refer to a variable where the decoded values from the base64 encoded string are stored.

<Username> tag stores the decoded value of Username in the variable referred by its <Ref> tag.

Same is the case with <Password> tag for password.

getting error while configuring the Basic authentication policy.