Require HTTP Basic Credential Assertion

The Require HTTP Basic Credentials assertion allows you to require basic HTTP authentication—user name, plain text password, and the authentication realm—as a string in the web service or XML application request headers. This assertion is a credential source that saves the user name and password from the HTTP headers for later authentication and authorization via the Authenticate User or Group Assertion or the Authenticate Against Identity Provider Assertion. This assertion should be used in conjunction with the Require SSL or TLS Transport Assertion.
gateway
The
Require HTTP Basic Credentials
assertion allows you to require basic HTTP authentication—user name, plain text password, and the authentication realm—as a string in the web service or XML application request headers. This assertion is a credential source that saves the user name and password from the HTTP headers for later authentication and authorization via the Authenticate User or Group Assertion or the Authenticate Against Identity Provider Assertion. This assertion should be used in conjunction with the Require SSL or TLS Transport Assertion.
Note the following limitations when authenticating via HTTP Basic:
  • The HTTP Basic specification defines the encoding of the username and password as ISO-8859-1. As a result, it is possible to define users in the Internal Identity Provider using arbitrary encoding (for example, multi-byte characters), but these users will not be authenticated successfully over HTTP Basic. 
    Consider using the Require WS-Security UsernameToken Profile Credentials Assertion instead for authentication in this scenario. The WSS standard accepts arbitrary encoding. 
  • The Require HTTP Basic Credentials assertion does not support user names containing the ":" (colon) character.
  • The Require HTTP Basic Credentials assertion should not be used in NTLM Authentication scenarios where the Require NTLM Authentication Credentials assertion is also present. Doing so may cause severe performance issues on the Gateway.
Using the Assertion
  • Add the assertion as described in Adding an Assertion.
The assertion is added to the policy window; no further configuration is required.