Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTP Basic Authentication

SOLVED
Go to solution
ArnaudM
New Contributor
‎11-24-2016 02:50:AM
‎11-24-2016 02:50:AM

HTTP Basic Authentication

Hello,

 

I'm trying to set Basic authentication on a virtual server.

 

It's basically working as expected using a ldap autenticator and querying it in a rule:

 

$authheader = http.getHeader( "Authorization" );

if( string.startsWith( $authheader, "Basic " ) ) {
 $encuserpasswd = string.skip( $authheader, 6 );
 $userpasswd = string.base64decode($encuserpasswd);
 $i = string.find( $userpasswd, ":" );
 $user = string.substring( $userpasswd, 0, $i-1 );
 $password = string.skip( $userpasswd, $i+1 );
}

# Verify the user's password using an LDAP
# authenticator called 'ldap'
$auth = auth.query( "ldap", $user, $password );
#log.info($user . ": ".lang.dump($auth));
if( $auth['Error'] ) {
 log.error(
 "Error with authenticator 'ldap': " .
 $auth['Error']
 );
 connection.discard();
} else if( !$auth['OK'] ) {
 # Unauthorised
 http.sendResponse( "403 Permission Denied",
 "text/html", "Incorrect username or password",
 ""
 );
}

 

My problem is that it's only working by calling a curl command but this is not prompting a user/password form in a browser - I would not  expect the above code to do so as it is  - but is there any way to force prompting a login form with vTM ?

 

vTM version 10.4

 

Best Regards,

Arnaud

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Baptiste Assmann
Occasional Contributor
‎11-24-2016 06:00:AM
‎11-24-2016 06:00:AM

Re: HTTP Basic Authentication

Hi Arnaud,

 

You should return a 401 if you can't find a Authorization header, as a 'else' to the first 'if'.

 

Baptiste

View solution in original post

0 Kudos
2 REPLIES 2
Baptiste Assmann
Occasional Contributor
‎11-24-2016 06:00:AM
‎11-24-2016 06:00:AM

Re: HTTP Basic Authentication

Hi Arnaud,

 

You should return a 401 if you can't find a Authorization header, as a 'else' to the first 'if'.

 

Baptiste

0 Kudos
ArnaudM
New Contributor
‎11-24-2016 06:31:AM
‎11-24-2016 06:31:AM

Re: HTTP Basic Authentication

Hi Baptiste,

 

Yes indeed ! Thanks for the solution.

 

I was already sarting to look at Java Extension for that, but this solution is simpler.

 

If anyone needs it, here is the edited part:

 

$authheader = http.getHeader( "Authorization" );
if( string.startsWith( $authheader, "Basic " ) ) {
 $encuserpasswd = string.skip( $authheader, 6 );
 $userpasswd = string.base64decode($encuserpasswd);
 $i = string.find( $userpasswd, ":" );
 $user = string.substring( $userpasswd, 0, $i-1 );
 $password = string.skip( $userpasswd, $i+1 );
} else {
  http.sendResponse( "401 Authorization required",
   "text/html", "Please login\n",  
   "WWW-Authenticate: Basic realm=\"authentication\""
  );
}

Merci

Arnaud

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.