Basic Authentication
HTTP Basic Authentication is a method for an HTTP client to provide a user name and a user password for each HTTP request where a resource needs access control.
GMS supports Basic Authentication on the following services:
- Storage service
- Notification service
- and all services that have a section (with the prefix service.) in the GMS application
Note: Best practice is to use Basic Authentication over HTTPS.
Configuration
By default, the Basic Authentication feature is turned off. The following sections and options must be set in the GMS application in order to turn on this feature.
Note: Basic Authentication options are taken into account dynamically.
| Section | Option | Supersedes | Description |
|---|---|---|---|
| server | realm | Defines the authentication scheme. The default value is Genesys Application Configuration Needed. | |
| server | username | Defines a global username for all services. Note: Without the password option, no authentication is effective. | |
| server | password | Defines a global password for all services. With this option, Basic Authentication is turned on for all services. | |
| service.* | username | server/username | Defines a specific username for one service. Note: Without the password option in the same service section, the server section password is used. If there is no server section password, no authentication is applied. |
| service.* | password | server/password | Defines a specific password for one service. |
| storage | username | server/username | Defines a specific username for the storage service. Note: Without the password option in the same service section, the server section password is used. If there is no server section password, no authentication is applied. |
| storage | password | server/password | Defines a specific password for the storage service. |
| notification | username | server/username | Defines a specific username for the notification service. Note: Without password option in the same service section, the server section password is used. If there is no server section password, no authentication is applied. |
| notification | password | server/password | Defines a specific password for notification service. |
Precedence Example
Configuration Option Examples
Basic Authentication Username and Password for Notification API:
Basic Authentication Username and Password for GMS Node API:
Basic Authentication Username and Password for Service API:
Basic Authentication Username Password for Storage API:
Client Side
When Basic Authentication is turned on from the GMS server-side, the client must manage the HTTP Authentication header to set the username and password in the Authorization header. Only HTTP Basic Authentication is supported. The header request for authentication should look like the following (credential is a string with a specific format [username:password], and base64 encoded):
Request > GET /genesys/1/storage/id HTTP/1.1 > Host: localhost:8080 > Accept: */* > Authorization: Basic ZGVmYXVsdDpwYXNzd29yZA==
Response < HTTP/1.1 200 OK < Date: Thu, 13 Feb 2014 14:44:14 GMT
If the authentication fails, the response looks like this:
Request > GET /genesys/1/storage/id HTTP/1.1 > Host: localhost:8080 > Accept: */* > Authorization: Basic ZGVmYBVsdDpwYXNzd29yZA==
Response < HTTP/1.1 401 Unauthorized < Date: Thu, 13 Feb 2014 14:47:55 GMT < WWW-Authenticate: Basic realm="Genesys Application Configuration Needed" < Content-Length: 0
Example:
Configuration Manager is configured for the service.request-interaction section using the following basic authentication parameters:
- username = genesys
- password = genesys
Request without credential:
POST /genesys/1/service/request-interaction HTTP/1.1 Host: localhost:8080 Accept: */* Content-Length: 40 Content-Type: application/x-www-form-urlencoded
Response with the authentication error:
HTTP/1.1 401 Unauthorized Date: Thu, 13 Mar 2014 07:55:38 GMT WWW-Authenticate: Basic realm="Genesys Application Configuration Needed"
The same request with credential:
POST /genesys/1/service/request-interaction HTTP/1.1 Authorization: Basic Z2VuZXN5czpnZW5lc3lz Host: localhost:8080 Accept: */* Content-Length: 40 Content-Type: application/x-www-form-urlencoded
Response of the request:
HTTP/1.1 200 OK
Date: Thu, 13 Mar 2014 07:55:55 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{"_access_code":"152606","_expiration_time":"29","_id":"413-ac85eb82-3e5e-414e-9ed2-08392320f234",
"_access_number":"6504664630"}
DFM Configuration
When using Basic Authentication, you must also update DFM in order to protect the username/password.
- In Configuration Manager, locate and open the Application object for your Orchestration Server (ORS).
- Select the Options tab.
- Add a new section dfm.<server_name>.
- Add the following options and values:
- username, value = genesys1
- password, value = password1
- maxage, value = 60 (optional)
- maxstale, value = 60 (optional)
- Repeat Steps 3 and 4 for each server.
- Save the ORS application object and restart ORS.