Skip to content

HTTP Authorization Header

The CEP can handle HTTP Authorization request header as a source of user credentials. This header can be used to provide credentials used by the first method of a chain. The idea behind this feature is to provide an extra layer of security If users are authenticated via SSO solutions. A normal SSO solution would log in the user without asking for any other proof of identity. With this feature, the CEP ask the user to provide a second factor without entering any username or password. The header can be injected by Microfocus Accesses Manager or any other proxy related accesses solution.

Request

There are two ways to make use of the authorization header. The method to authenticate can also be specified by the basic auth header. If none method has been provided, the CEP will use the default method for basic authentication.

GET https://cep.example.com/login/basic

Examples of HTTP authorization request header including a method:
    Authorization: Basic {base64 of REPO\user1:LDAP_PASSWORD:1:user1_password}
    Authorization: Basic {base64 of user1:LDAP_PASSWORD:1:user1_password}
    Authorization: Basic {base64 of REPO\user1:PASSWORD:1:user1_password}
    Authorization: Basic {base64 of user1:PASSWORD:1:user1_password}
    Authorization: Basic {base64 of REPO\user1:EMERG_PASSWORD:1:user1_password}
    Authorization: Basic {base64 of user1:EMERG_PASSWORD:1:user1_password}
Examples of HTTP authorization request header without method
    Authorization: Basic {base64 of user1:user1_password}

Configuration

Example
    environment:
      - CEP_BASICAUTH_ENABLE=true
      - CEP_BASICAUTH_REQUEST_AUTH=true
      - CEP_BASICAUTH_DEFAULT_METHOD=PASSWORD:1