Using Basic Users with OAuth-Auth and ROPC

In my research I have found that it is possible to use Basic Users with the ISAM OAuth-Auth capabilities. (ISAM Basic users are users that have NOT been imported into the ISAM registry.) However it seems there is currently a limitation in the OOTB authentication mechanism

isAuthenticated = PluginUtils.isValidUsernamePassword(username, password);

I’ve talked about how this is configured here. This authentication mechanism *can* be configured to use Federated Registries, however it requires the users to have been imported into ISAM via pdadmin.

Federated Registry Support can be enabled here.
Federated Registry Support can be enabled here.

Details from the Knowledge Center feature:

Use Federated Directories Configuration
Set this option to true to use the configured federated directories when authenticating a user name and password. If you specify true:

  • The LDAP Host Name and LDAP Port properties must define a Security Access Manager user registry. This is typically the user registry of the runtime component.
  • The users in any of the additional federated directories you configure must exist in the user registry of the runtime component. Therefore, import these users, if necessary.

Data type: Boolean
Default: false.

Alternative Workaround:

As an alternative for user authentication, we can use an ISAM reverse Proxy to authenticate a user via the Mapping Rules HTTP Callout capability. A demo of this feature is included in the default Pretoken mapping rule for the configured API Protection Policy. If you conifgure the Mapping rule to validate against an ISAM reverse proxy instance that has been configured with Basic User support, then we can satisfy the authentication process.

Screen Shot 2015-11-27 at 1.33.26 PM

The mapping rule can do one of two things:

A) Validate using Basic Auth against the other ISAM instance.
B) POST to the /pkmslogin.form on the other instance.

I plan to update this article with a mapping rule doing the above soon.

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

WordPress.com.

Up ↑

%d bloggers like this: