HTTP Authorization Header¶
The CEP can handle HTTP Authorization request header as a source of user credentials. This header can be used to provide credentials used by the first method of a chain. The idea behind this feature is to provide an extra layer of security If users are authenticated via SSO solutions. A normal SSO solution would log in the user without asking for any other proof of identity. With this feature, the CEP ask the user to provide a second factor without entering any username or password. The header can be injected by Microfocus Accesses Manager or any other proxy related accesses solution.
Request¶
There are two ways to make use of the authorization header. The method to authenticate can also be specified by the basic auth header. If none method has been provided, the CEP will use the default method for basic authentication.
GET https://cep.example.com/login/basic
Authorization: Basic {base64 of REPO\user1:LDAP_PASSWORD:1:user1_password}
Authorization: Basic {base64 of user1:LDAP_PASSWORD:1:user1_password}
Authorization: Basic {base64 of REPO\user1:PASSWORD:1:user1_password}
Authorization: Basic {base64 of user1:PASSWORD:1:user1_password}
Authorization: Basic {base64 of REPO\user1:EMERG_PASSWORD:1:user1_password}
Authorization: Basic {base64 of user1:EMERG_PASSWORD:1:user1_password}
Authorization: Basic {base64 of user1:user1_password}
Configuration¶
environment:
- CEP_BASICAUTH_ENABLE=true
- CEP_BASICAUTH_REQUEST_AUTH=true
- CEP_BASICAUTH_DEFAULT_METHOD=PASSWORD:1