This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Basic Authentication

Posted on 11-15-2017 03:18 PM
Not applicable
Reply posted on --/--/---- --:-- AM

Getting the following:

"fault": {"faultstring": "Unresolved variable : username","detail": {"errorcode": "steps.basicauthentication.UnresolvedVariable"

Target URL that runs fine from Postman with Basic Authentication: https://rs28:14081/dvs/DATA/DB2.STAFF/GETall

KVM:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="Key-Value-Map-Operations-1"> <DisplayName>Key Value Map Operations-1</DisplayName> <Properties/> <ExclusiveCache>false</ExclusiveCache> <ExpiryTimeInSecs>300</ExpiryTimeInSecs> <Get assignTo="username" index="1"> <Key> <Parameter>ts5837</Parameter> </Key> </Get> <Get assignTo="password" index="1"> <Key> <Parameter>xxxxxx</Parameter> </Key> </Get> <Scope>environment</Scope> </KeyValueMapOperations>

Basic Auth:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1"> <DisplayName>Basic Authentication-1</DisplayName> <Operation>Encode</Operation> <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables> <User ref="username"/> <Password ref="password"/> <AssignTo createNew="false">request.header.Authorization</AssignTo> <Source>request.header.Authorization</Source> </BasicAuthentication>

0 12 898
Topic Labels
0 Likes
12 REPLIES 12

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
Reply posted on --/--/---- --:-- AM

Hi @Jeff Lutzow

Welcome to the community !!!

Looks like you are missing the mapIdentifier attribute in the KVM policy. This attribute is used as the identifier for the KVM name which the policy will look for, to fetch the KVM entries.

Checkout the "Get KVM from a literal" tab here. For example, if your KVM name is "userCreds" under which you create the two entries, then in your KVM policy, you should have

<KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="Key-Value-Map-Operations-1" mapIdentifier="userCreds">

Once you add that, I guess your code will work as expected.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to ssvaidyanathan
Reply posted on --/--/---- --:-- AM

All I am trying to do is set the "username" and "password" parms that are referenced in the Basic Auth so I can see it this is going to run. can you code up the KVM and supply this so that it works? This is what I just tried and it did not work either:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="Key-Value-Map-Operations-2" mapIdentifier="userCred"> <DisplayName>Key Value Map Operations-2</DisplayName> <Properties/> <ExclusiveCache>false</ExclusiveCache> <ExpiryTimeInSecs>300</ExpiryTimeInSecs> <Put> <Key> <Parameter>username</Parameter> </Key> <Value>ts5837</Value> </Put> <Put> <Key> <Parameter>password</Parameter> </Key> <Value>xxxxxxx</Value> </Put> <Scope>environment</Scope> </KeyValueMapOperations>

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to ssvaidyanathan
Reply posted on --/--/---- --:-- AM

When i add both of these KVMs before the BASIC Auth it does not work either:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="Key-Value-Map-Operations-1" mapIdentifier="userCred"> <DisplayName>Key Value Map Operations-1</DisplayName> <Properties/> <ExclusiveCache>false</ExclusiveCache> <ExpiryTimeInSecs>300</ExpiryTimeInSecs> <Put> <Key> <Parameter>user</Parameter> </Key> <Value>ts5837</Value> </Put> <Put> <Key> <Parameter>pass</Parameter> </Key> <Value>xxxxxxx</Value> </Put> <Scope>environment</Scope> </KeyValueMapOperations>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="Key-Value-Map-Operations-3" mapIdentifier="userCred"> <DisplayName>Key Value Map Operations-3</DisplayName> <Properties/> <ExclusiveCache>false</ExclusiveCache> <ExpiryTimeInSecs>300</ExpiryTimeInSecs> <Get assignTo="username" index="1"> <Key> <Parameter ref="user"/> </Key> </Get> <Get assignTo="password" index="1"> <Key> <Parameter ref="pass"/> </Key> </Get> </KeyValueMapOperations>

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to
Reply posted on --/--/---- --:-- AM

Sure.. Let me provide an example

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to
Reply posted on --/--/---- --:-- AM

Hi @Jeff Lutzow

These are the steps:

1) Create a environment KVM (encrypted since this is credentials), for example "userCreds"

5941-screen-shot-2017-11-16-at-124101-pm.png

2) Create the KVM entries. Once its saved, you will see them masked (after refreshing the page)

5942-screen-shot-2017-11-16-at-124250-pm.png

3) In your proxy, have the following KVM policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="KVM-Get-User-Credentials" mapIdentifier="userCreds">
    <DisplayName>KVM-Get-User-Credentials</DisplayName>
    <Properties/>
    <ExclusiveCache>false</ExclusiveCache>
    <ExpiryTimeInSecs>300</ExpiryTimeInSecs>
    <Get assignTo="private.username" index="1">
        <Key>
            <Parameter>username</Parameter>
        </Key>
    </Get>
    <Get assignTo="private.password" index="1">
        <Key>
            <Parameter>password</Parameter>
        </Key>
    </Get>
    <Scope>environment</Scope>
</KeyValueMapOperations>

NOTE: I have prefixed the variable name as "private." on purpose as that is how encrypted KVM works. For more details on this - refer to "Get encrypted value from KVM" tab in this link

4) Then the Basic Auth policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="BA-Set-Authorization">
    <DisplayName>BA-Set-Authorization</DisplayName>
    <Operation>Encode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="private.username"/>
    <Password ref="private.password"/>
    <AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>

Once these policies are executed, you should see an Authorization header added to your target request

I tested the above and it works as expected. Let me know if you still have issues.

NOTE: Even if your Apigee Edge version does not support Encrypted KVM, the above code should still work

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to ssvaidyanathan
Reply posted on --/--/---- --:-- AM

I have it setup except for number 1 and 2:

1) Create a environment KVM (encrypted since this is credentials), for example "userCreds"

5941-screen-shot-2017-11-16-at-124101-pm.png

2) Create the KVM entries. Once its saved, you will see them masked (after refreshing the page)

5942-screen-shot-2017-11-16-at-124250-pm.png

How or where do I go to create this KVM.... my only experience is creating them from within the 'development' tab within the API proxy. But how you created it above looks different and I can't seem to see where to create it.

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to
Reply posted on --/--/---- --:-- AM

Its under Admin --> Environments

5945-screen-shot-2017-11-16-at-20826-pm.png

or if you are using the classic UI, its under APIs menu

5946-screen-shot-2017-11-16-at-20923-pm.png

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to ssvaidyanathan
Reply posted on --/--/---- --:-- AM

@Jeff Lutzow - did that work ?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to ssvaidyanathan
Reply posted on --/--/---- --:-- AM

Ahhhh... i see that now. Okay I think I have it all setup that way. Here is the url that I am trying to hit: https://137.134.252.107:14081/dvs/REST/VSAM.STAFF/GETall.

I have confirmed that i can hit that URL from anywhere outside the company. It then prompts me for a userid and password which i key in and it runs fine returning data.

But when i try to run my API proxy "TestAuth" through either:

http://jlutzow-eval-test.apigee.net/testauth

https://jlutzow-eval-test.apigee.net/testauth

I get:

{"fault": {"faultstring": "The Service is temporarily unavailable","detail": {"errorcode": "messaging.adaptors.http.flow.ServiceUnavailable"}}}

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to
Reply posted on --/--/---- --:-- AM

@Jeff Lutzow - this is a different issue then. How are you hitting your target server ? Are you using the URL directly within the proxy or configured via TargetServer ? If its TargetServer, please make sure you have enabled the SSLInfo details as mentioned here

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to ssvaidyanathan
Reply posted on --/--/---- --:-- AM

I am using the URL directly from within the proxy.

I just put https://137.134.252.107:14081/dvs/REST/VSAM.STAFF/GETall into the "HTTP Target" field.

Some how I need to be able to set this up to hit that backend Target URL using Basic Authentication. It is easy in Postman but I can't seem to get it to work here in APIGEE.

If you want to set a proxy up to hit that service and then show me that would be great. I would expect that I either define my userid/password to the environment like you showed me earlier or that it would prompt me for the userid/password when I run it.

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to
Reply posted on --/--/---- --:-- AM

I tried hitting that URL and cant access it. Might be a network thing where Apigee is not able to hit the endpoint

0 Likes