0

Hi am trying to do basic authentication in wso2 interceptor without it being validated against user defined in wso2.gw.conf. My defined interceptor is validating basic auth header. so is their a way to disable basic auth validation by WSO2 against the user defined in wso2.gw.conf.

Also why does my basic Authentication header's password get replaced with hashed password, as defined in wso2.gw.conf

    ["b7a.users"]
    ["b7a.users.xxx"]
    password="1F44F70E2JLKF4E469D32D5742D86A590E10FE04x"

My Open Api Spec :

paths:
  /rt/PING:
    get:
      description: ""
      operationId: PING
      x-wso2-throttling-tier: 6PerMin
      x-wso2-request-interceptor: setAuthHeaderInRequest
      responses:
        "200":
          description: Successful response
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/PING"
            application/xml:
              schema:
                $ref: "#/components/schemcomponents:


 components:
  securitySchemes:
    basicAuthentication:
      type: http
      scheme: basic
  schemas:
    PING:
      type: object
      properties:
        PONG:
          type: string
      xml:
        name: PING
Umer Asir
  • 11
  • 4
  • when you disable security, none of the security will not apply. Even basic auth. From where did you read the password that was hashed. In gateway password is replaced internally to hashed one – Rajith Roshan Apr 02 '20 at 05:12
  • @RajithRoshan correct. i actually was trying without disable security. by mistake it was wrongly copied (updated the openAPI spec). i am decoding bse64 basic auth header in my intercepter to validate username and password with my authication service .. i was getting hashed password instead of actual passed one. – Umer Asir Apr 02 '20 at 05:22
  • Would it be possible to use the basic auth password with hash 256, and specify it as below in the conf file. Then it will not be hashed when you read from. interceptor. [b7a.users.xxx] password="@sha256:{}" replace with correct password – Rajith Roshan Apr 08 '20 at 06:01

0 Answers0