This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Tutorial for Basic Auth needed

Posted on 11-29-2017 01:52 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

I'm new to apigee. The Tutorial to create an API is absolutely good and I was able to create a first API Gateway.

Now, I would like to create a second API Gateway to an endpoint that expects Basic Auth.

I've seen the two Videos on https://docs.apigee.com/api-services/reference/basic-authentication-policy but the videos are so extremely fast that I have not understood anything.

Can you provide a tutorial how to set up Basic Auth? - I don't now the difference between Proxy endpoint and target endpont and also the difference between PreFlow and PostFlow. There should be more clarity about that.

0 7 2,625
Topic Labels
0 Likes
7 REPLIES 7

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Moreover: what is the difference and when to use base64-encode and when to use base64-decode?

0 Likes

Posted on --/--/---- --:-- AM
sydub7
New Member
In response to
Reply posted on --/--/---- --:-- AM

Basic Authentication policy's operation is set to 'Decode' when it is put on Proxy Endpoint / Request - Pre Flow. This will Decode the Base 64 encryption when received from <Source> (An app trying to access your proxy) 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
    <DisplayName>Basic Authentication-1</DisplayName>
    <Operation>Decode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User name="userName" ref="request.header.username"/>
    <Password name="password" ref="request.header.password"/>
    <Source>request.header.Authorization</Source>
</BasicAuthentication>

Basic Authetication policy's operation is set to 'Encode' when its placed on Target Endpoint / Request Pre Flow. This will Encode the credentials (usually retrieved from KVM) and place it in <AssignTo> before sending the request to Target server.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-2">
    <DisplayName>Basic Authentication-2</DisplayName>
    <Operation>Encode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="request.queryparam.username"/>
    <Password ref="request.queryparam.password"/>
    <AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to sydub7
Reply posted on --/--/---- --:-- AM

@Syd thank you for the great explanation. But something does not really work. I get the following error: 

{"fault":{"faultstring":"Unresolved variable : request.queryparam.username","detail":{"errorcode":"steps.basicauthentication.UnresolvedVariable"}}

I'd also get same result with Postman.

6035-bildschirmfoto-vom-2017-11-29-21-21-54.png

0 Likes

Posted on --/--/---- --:-- AM
sydub7
New Member
In response to
Reply posted on --/--/---- --:-- AM

Hello @Damian If you review the error message it says that the username is not found in the query parameters. You can double check if you missing this value(in query param)

OR If you are sending the params like in the screen below (from postman)

then your Basic Authentication policy should be adjusted for the following values 

<User name="username" ref="request.header.username"/> 
<Password name="password" ref="request.header.password"/>
i.e : use request.header.username instead of request.queryparam.username

use request.header.password instead of request.queryparam.password

6036-screen-shot-2017-11-29-at-22751-pm.png

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

@Syd I'll have to figure it out tomorrow. Not easy without tutorial....

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Good morning, @Syd ,

I think, yesterday, I was making it too complicated. This morning, I‘ve made a test like this:

a) Create an API to endpoint

http://httpbin.org/basic-auth/user/passwd

b) Call the created API with API Console tool or with Postman : the result is an error (this was expected)

c) In development tab: click on „Proxy Endpoint“ / „Pre Flow“ : create „Basic Auth“ and save it.

<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
    <DisplayName>Basic Authentication-1</DisplayName>
    <Operation>Decode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User name="userName" ref="request.header.username"/>
    <Password name="password" ref="request.header.password"/>
    <Source>request.header.Authorization</Source>
</BasicAuthentication>

d) Test again with API Console or with Postman. Select „Basic Auth“ and use the credentials provided by httpbin. : the result is OK. Yes, it works!!!

Conclusion: As far as I understand, a second authentication policy for „Encode“ is not necessary in this case. Thank you for your comments.

0 Likes

Posted on --/--/---- --:-- AM
sydub7
New Member
In response to
Reply posted on --/--/---- --:-- AM

Glad it all worked out for you @Damian

Cheers !!!

0 Likes