Jump to: navigation, search

Basic Authentication

HTTP Basic Authentication is a method for an HTTP client to provide a user name and a user password for each HTTP request where a resource needs access control.

GMS supports Basic Authentication on the following services:

  • Storage service
  • Notification service
  • and all services that have a section (with the prefix service.) in the GMS application

Note: Best practice is to use Basic Authentication over HTTPS.

Configuration

By default, the Basic Authentication feature is turned off. The following sections and options must be set in the GMS application in order to turn on this feature.

Note: Basic Authentication options are taken into account dynamically.

Section Option Supersedes Description
server realm Defines the authentication scheme. The default value is Genesys Application Configuration Needed.
server username Defines a global username for all services. Note: Without the password option, no authentication is effective.
server password Defines a global password for all services. With this option, Basic Authentication is turned on for all services.
service.* username server/username Defines a specific username for one service. Note: Without the password option in the same service section, the server section password is used. If there is no server section password, no authentication is applied.
service.* password server/password Defines a specific password for one service.
storage username server/username Defines a specific username for the storage service. Note: Without the password option in the same service section, the server section password is used. If there is no server section password, no authentication is applied.
storage password server/password Defines a specific password for the storage service.
notification username server/username Defines a specific username for the notification service. Note: Without password option in the same service section, the server section password is used. If there is no server section password, no authentication is applied.
notification password server/password Defines a specific password for notification service.


GMS Basic Authentication Options

Precedence Example

GMS HTTP Basic Authentication Example

Configuration Option Examples

Basic Authentication Username and Password for Notification API:

Gms basic authentication notification username password.png


Basic Authentication Username and Password for GMS Node API:

Gms basic authentication server username password.png


Basic Authentication Username and Password for Service API:

Gms basic authentication service username password.png


Basic Authentication Username Password for Storage API:

Gms basic authentication storage username password.png

Client Side

When Basic Authentication is turned on from the GMS server-side, the client must manage the HTTP Authentication header to set the username and password in the Authorization header. Only HTTP Basic Authentication is supported. The header request for authentication should look like the following (credential is a string with a specific format [username:password], and base64 encoded):

Request
> GET /genesys/1/storage/id HTTP/1.1
> Host: localhost:8080
> Accept: */*
> Authorization: Basic ZGVmYXVsdDpwYXNzd29yZA==
Response
< HTTP/1.1 200 OK
< Date: Thu, 13 Feb 2014 14:44:14 GMT

If the authentication fails, the response looks like this:

Request
> GET /genesys/1/storage/id HTTP/1.1
> Host: localhost:8080
> Accept: */*
> Authorization: Basic ZGVmYBVsdDpwYXNzd29yZA==
Response
< HTTP/1.1 401 Unauthorized
< Date: Thu, 13 Feb 2014 14:47:55 GMT
< WWW-Authenticate: Basic realm="Genesys Application Configuration Needed"
< Content-Length: 0


Example:

Configuration Manager is configured for the service.request-interaction section using the following basic authentication parameters:

  • username = genesys
  • password = genesys

Request without credential:

POST /genesys/1/service/request-interaction HTTP/1.1
Host: localhost:8080
Accept: */*
Content-Length: 40
Content-Type: application/x-www-form-urlencoded

Response with the authentication error:

HTTP/1.1 401 Unauthorized
Date: Thu, 13 Mar 2014 07:55:38 GMT
WWW-Authenticate: Basic realm="Genesys Application Configuration Needed"

The same request with credential:

POST /genesys/1/service/request-interaction HTTP/1.1
Authorization: Basic Z2VuZXN5czpnZW5lc3lz
Host: localhost:8080
Accept: */*
Content-Length: 40
Content-Type: application/x-www-form-urlencoded

Response of the request:

HTTP/1.1 200 OK
Date: Thu, 13 Mar 2014 07:55:55 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
{"_access_code":"152606","_expiration_time":"29","_id":"413-ac85eb82-3e5e-414e-9ed2-08392320f234",
 "_access_number":"6504664630"}


DFM Configuration

When using Basic Authentication, you must also update DFM in order to protect the username/password.

  1. In Configuration Manager, locate and open the Application object for your Orchestration Server (ORS).
  2. Select the Options tab.
  3. Add a new section dfm.<server_name>.
  4. Add the following options and values:
    • username, value = genesys1
    • password, value = password1
    • maxage, value = 60 (optional)
    • maxstale, value = 60 (optional)
  5. Repeat Steps 3 and 4 for each server.
  6. Save the ORS application object and restart ORS.
Important
If the username/password is changed in GMS sections (server, storage, notification, service[s]), the username/password must also be changed in ORS DFM accordingly. For example, if you set username/password in server section, you can use the same username/password for all GMS DFM in ORS (if you change the GMS username/password, you must also change it in ORS DFM for GMS). If you set a specific username/password for Service, Storage, or Notification API rather than using the main one (in server section), you must also change the settings in each GMS DFM in ORS in order to manage different username/passwords.
This page was last modified on November 24, 2017, at 02:50.

Feedback

Comment on this article:

blog comments powered by Disqus