Authenticate the WS client to a server (HTTP basic authentication)

Configuration steps to authenticate the client to a server.

  1. Add HTTP authenticate entries to your FGLPROFILE file.
    To connect to a server with HTTP Authentication, define the client login and password with the same values as registered on the server side. These entries must be defined with an unique identifier (httpauth in this example) to define a HTTP Authentication with "mylogin" as login and "mypassword" as password:

    authenticate.httpauth.login     = "mylogin"
    authenticate.httpauth.password  = "mypassword"

    See [RFC2617] for more details.

  2. Encrypt the password.
    Due to security leaks, it is recommended that you NOT have a password in clear text. The Genero Web Services package provides the tool fglpass, which encrypts a password with a certificate that is readable only with the associated private key. To encrypt the HTTP authentication password:
    1. Encrypt the clear text password with fglpass using the client certificate.
      $ fglpass -e -c MyClient.crt
      Enter password :mypassword
      Note:

      fglpass outputs the encrypted password on the console but can be redirected to a file.

    2. Modify the HTTP authentication password entry by specifying the security configuration to use to decrypt it ("id1" in our example)
      authenticate.httpauth.password.id1="HWTFu8QE2t3e5D4joy7js8mB95oOGTzLmcAor9j5DS+C
      loiliGCwZvZ9eWpfmIWSON9IwoiJheYxfnu20uaGGmmiUGiHxT6341ePXNSicu32NtlVp9t6RcS0
      wN/p9a6D4XtiD9iHW7iQvXhqC9uamd3gI9Q3GhHwXOMMlY//c8Y="
      Note:

      Hard returns have been added to the code sample above, for the purpose of printing and viewing within this document. The value for authenticate.httpauth.password.id1 is a single string with no spaces.

      Note:

      The size of the encrypted password depends on the size of the public key, and can change based on the certificate used to encrypt it.

  3. Configure the client to authenticate to a server.
    As a client is able to connect to different servers that do not know the client with the same login and password, it is necessary to specify the login and password that corresponds to each server. To authenticate the client known as "myclient" with the password passphrase by the server myserver, add the following entry:

    ws.myserver.authenticate = "httpauth"