Today I have a question about the HTTP Request action of install4j versions 6.1.X. When we do a request against a secured rest endpoint a dialog is displayed to collect the credentials of the user. That work fine for the Basic authentication mechanism. Now we have a scenario to challenge against a kerberos authentication mechanism like it is the standard for single-sign-on system architectures. Is this supported by the HTTP Request action?
No, there is no support for any other authentication mechanisms other than basic authentication.
Related
Is there a way to use Basic authentication rather than AWS4-HMAC-SHA256 authentication with the AWS API Gateway Service? I need to support a system that only supports webhook calls with Basic Authentication.
You just need to modify the 401 Unauthorized response template so that it contains the WWW-Authenticate header set to 'Basic'. Apart from that, you'll need to create a custom authorizer that verifies that the provided credentials are correct. You can find more info here
You can configure an API Gateway to support Basic auth, and API Gateway supports integrations with any AWS service.
Setting up Basic auth in API Gateway requires a few steps. Check this post and search down to BobK#AWS response: https://forums.aws.amazon.com/thread.jspa?messageID=799091&tstart=0
Our OAuth 2.0 server expects the client credentials for the auth-code-to-token exchange to be in a Basic HTTP Auth header, a common strategy detailed in the OAuth 2.0 RFC. Is there a flag that can be set on our account to enable this?
It does not appear we are exposing this setting via the Actions Console, but we do support this for properly configured clients.
I have reached out to the team responsible for Actions Console and will update this answer with instructions once we support this option.
We are also facing similar issue. Our OAuth 2.0 server expects client credentials should be coming in Basic HTTP Auth header, but looks like from the Actions console it is coming as a part of request body. As you have mentioned that provision is there in your infrastructure, so if you can have that provision in Actions console as well to send client credentials in Basic Auth header it would be great !
Is it possible that the XPages REST component returns 401 HTTP status code after invalid authentication? Now it returns 200 and the server login page.
My NSF app is used only as a REST service interface to serve the backend application data.
It may be possible to do this using an "Override Session Authentication" web rule in the Directory. I believe that that's intended for cordoning off parts of a server like this that shouldn't use session authentication.
Starting with Domino 9.0.1 FP10 there is now a notes.ini configuration that forces Domino to return HTTP 401 Unauthorized when serving the login page:
DOMINO_FORCE401_WITH_HTML_LOGIN_PAGE=1
I saw the word "endpoint" many times in OAuth documents.. However, I still don't know what does this word really mean.. Does anyone have ideas about this?
The OAuth 2.0 Authorization Framework
The authorization process utilizes two authorization server endpoints
(HTTP resources):
Authorization endpoint - used by the client to obtain
authorization from the resource owner via user-agent redirection.
Token endpoint - used by the client to exchange an
authorization
grant for an access token, typically with client authentication.
Its basically the HTTP web address of the authentication server. It could probably be server addresses depending upon how its worked. The first is for requesting access of the user the second could be for granting access to the application. this probably depends upon how the Authentication server is set up.
OAuth endpoints are the URLs you use to make OAuth authentication requests to Server. You need to use the correct OAuth endpoint when issuing authentication requests in your application. The primary OAuth endpoints depend upon the system you are trying to access.
Example Google has two end points:
Request access of user:
https://accounts.google.com/o/oauth2
Exchange tokens
https://accounts.google.com/o/oauth2/token
We're trying to test out WSO2 API manager and having troubles adding some APIs. MailChimp was added easily because MC has not OAuth Credentials itself. But when trying to add Facebook or another API that has it's own API manager it doesn't work and constantly get a 401 Unauthorized. This is becaused both Facebook and WSO2 API Manager need OAuth tokens and obviously you can only send one Authorization header. Any help here?
WSO2 ApiManager 1.0 still does not support (OAuth) secured back-end services out of the box. Hence it is not possible to register facebook, twitter apis via APIM.
Right now, an application is sending and authorization header to the APIM with a key issued by the APIM. Ideally if you send another authorization header, that will be forwarded to facebook api, but at the API Gateway level you need to remove the processed header which belongs to the APIM authorization.
Adding backend services with security will be added as a new feature to APIM future releases.
Regards,
/Nuwan
Can you please explain why you want to use the API manager here? You can directly send your request to Facebook where the request is authorised.