Configuration steps to authenticate the client to a server (HTTP
authentication).
-
Add HTTP authenticate entries to fglprofile.
To connect to a server with HTTP Authentication, define the client login and password with the
same values as registered on the server side. These entries must be defined with an unique
identifier (httpauth in this example) to define a HTTP Authentication with
"mylogin" as login and "mypassword" as
password:
authenticate.httpauth.login = "mylogin"
authenticate.httpauth.password = "mypassword"
See [RFC2617]
for more details.
-
Encrypt the password.
Due to security leaks, it is recommended that you NOT have a password in clear text. The
Genero Web Services package provides the tool fglpass, which
encrypts a password with a certificate that is readable only with the associated private key. To
encrypt the HTTP authentication password:
-
Encrypt the clear text password with fglpass using the client
certificate.
$ fglpass -e -c MyClient.crt
Enter password :mypassword
Note: fglpass outputs the encrypted password on the console but can be redirected
to a file.
-
Modify the HTTP authentication password entry by specifying the security configuration to use
to decrypt it (id1 in our case)
authenticate.id2.password.id1="HWTFu8QE2t3e5D4joy7js8mB95oOGTzLmcAor9j5DS+C
loiliGCwZvZ9eWpfmIWSON9IwoiJheYxfnu20uaGGmmiUGiHxT6341ePXNSicu32NtlVp9t6RcS0
wN/p9a6D4XtiD9iHW7iQvXhqC9uamd3gI9Q3GhHwXOMMlY//c8Y="
Note: Hard returns have been added to the code sample above, for the purpose of printing and viewing
within this document. The value for authenticate.id2.password.id1 is a single string with no
spaces.
Note: The size of the encrypted password depends on the size of the public key, and can
change according to the certificate used to encrypt it.
-
Configure the client to authenticate to a server.
As a client is able to connect to different servers that do not know the client with the same
login and password, it is necessary to specify the login and password that correspond to each
server. To authenticate the client known as "myclient" and with the password passphrase by
the server myserver, add the following
entry:
ws.myserver.authenticate = "httpauth"