Configure Apache Server for Basic HTTP Authentication

Copyright © Cloud Software Group, Inc. All Rights Reserved

Chapter 4 Apache Module for TIBCO API Exchange Gateway : Configure Apache Server for Basic HTTP Authentication

Configure Apache Server for Basic HTTP Authentication

Basic HTTP authentication requires the client to provide a user name and password when it sends the request to the Apache HTTP server. The basic authentication typically is used over transport as it does not provide any protection of the submitted credentials from the client to the Apache HTTP server.

To use the basic authentication by the client, it is recommended that you use one way SSL for secure communication between the Apache HTTP server and the requestor. Configure the following for secured communication:

−

Configure the Apache HTTP server for one-way SSL. See Configuring One-Way SSL Authentication. If you use the HTTP transport, do not set up the SSL configuration on Apache HTTP server.

−

Configure the Apache HTTP server for Basic Authentication. See Enable Basic Authentication on Apache HTTP Server for the configuration.

−

Configure the Core Engine for Basic Authentication. See Configuring TIBCO API Exchange Gateway for Basic Authentication.

Configure Apache HTTP Server for Basic Authentication

Perform the following tasks to configure the Apache server for Basic authentication:

Task A Enable Basic Authentication on Apache HTTP Server

To enable the basic authentication on Apache HTTP server,

1.

Open a terminal window.

2.

Navigate to ASG_HOME/modules/http_server/apache directory.

3.

Edit the mod_ASG.conf file.

4.

Search for the following section in the file:

   <Location/>

   SetHandler asg_rv_inbound_handler

   AsgSubject _LOCAL.asg.north.request

   AsgTimeout 30

   </Location>

5.

Insert the configuration for a new location above the old location configuration as follows:

   <Location /asg/ba>

   AuthType Basic

   AuthName "ASG"

   # (Following line optional, file is default)

   AuthBasicProvider file

   AuthUserFile /home/asg/apache/htpasswd/htpasswords

   Require validuser

   SetHandler asg_rv_inbound_handler

   AsgSubject _LOCAL.asg.north.request

   AsgTimeout 30

   </Location>

6.

Verify that the location changes are as follows:

   <Location /asg/ba>

   AuthType Basic

   AuthName "ASG"

   # (Following line optional, file is default)

   AuthBasicProvider file

   AuthUserFile /home/asg/apache/htpasswd/htpasswords

   Require validuser

   SetHandler asg_rv_inbound_handler

   AsgSubject _LOCAL.asg.north.request

   AsgTimeout 30

   </Location>

   <Location / >

   SetHandler asg_rv_inbound_handler

   AsgSubject _LOCAL.asg.north.request

   AsgTimeout 30

   </Location>

This location change enforces user access with basic authentication.

7.

Save the mod_ASG.conf file.

Task B Create a Password File for the Apache HTTP Server

1.

Open a terminal window.

2.

Navigate to APACHE_HOME.

3.

Create a htpasswd subdirectory to store the password file. Create a blank htpasswords file, if not already there in this directory.

4.

Navigate to the APACHE_HOME/bin directory.

5.

Create a partner identity using the Apache htpasswd utility for the user asgpartner01 with password asgpartner01, shown as follows:

For example, on the Windows platform:

   htpasswd APACHE_HOME\htpasswd\htpasswords asgpartner01

   New Password:asgpartner01

   Enter New Password:asgpartner01

6.

Create a second partner identity using the Apache htpasswd utility for the user asgpartner02 with password asgpartner02, shown as follows:

For example, on the Windows platform:

   htpasswd APACHE_HOME\htpasswd\htpasswords asgpartner02

   New Password:asgpartner02

   Enter New Password:asgpartner02

Task C Reload the Configuration File for the Apache HTTP Server

You should restart the Apache HTTP server to reload the configuration file.

1.

Open a terminal window.

2.

Navigate to the APACHE_HOME/bin directory.

3.

Stop the Apache server, if already running.

4.

Run the following command to start the Apache server:

httpd.exe

On the UNIX Platform

1.

Open a terminal window.

2.

Navigate to the APACHE_HOME/bin directory.

3.

Run the following command to restart the Apache server:

   ./apachectl restart

Example Use Case

Configuring Client (Requestor) for Basic Authentication

This section explains an example use case how to configure a client for basic authentication. This example shows the configuration setup for TIBCO Designer when TIBCO BusinessWorks is used as a client to send the request to API Exchange Gateway. Customize the changes accordingly if you are using a different client to send requests to TIBCO API Exchange Gateway.

Ensure that the Uniform resource identifier (URI) used by the client to send the request (for example, TIBCO BusinessWorks as a client) matches the URI used by the receiving gateway (for example, TIBCO API Exchange Gateway facade). This example uses "/asg/ba/" as the URI.

Task A Configure the Endpoint URL for Transport

In this example, the client side HTTP URL contains "/asg/ba/" string in the endpoint URL to access the server running the Core Engine.

For example, refer to BookQuery project shipped with TIBCO API Exchange Gateway at the ASG_HOME/examples/BookQuery/BookQuery location as follows:

1.

Open the ASG_HOME/examples/BookQuery/BookQuery project using TIBCO Designer.

2.

Navigate to BookQuery > Client process.

3.

Double-click QueryByTitleClient to open the process.

4.

Click SOAPRequestReply activity to open it.

5.

Click Transport Details tab. To use the basic authentication, change the endpoint URL as follows:

−

From:

http://127.0.0.1:9696/ServerProcesses/GetBooksByTitleEndpoint

−

To: http://127.0.0.1:9696/asg/ba/ServerProcesses/GetBooksByTitleEndpoint

6.

Save the changes to the configuration.

Task B Create an Identity Resource

You must create an identity as set on the Apache HTTP server configuration. See Create a Password File for the Apache HTTP Server.

For example, you can create an identity as follows for the BookQuery project:

1.

Select Client Process node.

2.

Go to Resources > Add Resources > General > Identity.

3.

Input the values for the following fields:

−

Name: a string value (For example, MyIdentity)

−

Type: select Username/Password from the drop-down list.

−

Username: username (username must match the username created at the Apache server. For example, asgpartner01. See Create a Password File for the Apache HTTP Server.

−

Password: password (password must match the password created at the Apache server. For example, asgpartner01. See Create a Password File for the Apache HTTP Server).

4.

Save the changes to the configuration.

Task C Configure Identity For Transport

You must set the identity (username and password) for the HTTP transport as follows:

1.

Double-click QueryByTitleClient to open the process.

2.

Click SOAPRequestReply activity to open it.

3.

Click Transport Details tab.

a.

Select the Use Basic Authentication check box.

b.

Set the Identity field as follows:

−

Click the Browse button next to the Identity field.

−

Select the Identity resource created as explained Create an Identity Resource.

−

Click OK to select the identity resource.

c.

Click Apply to save the changes.

d.

Save changes to the configuration.

Configuring TIBCO API Exchange Gateway for Basic Authentication

Perform the following steps to configure the basic authentication for the TIBCO API Exchange Gateway:

Task A Start Config UI

See Starting GUI to launch the Config UI.

Task B Add a New facade Operation

1.

Create a new configuration or select an existing configuration, as applicable.

2.

Click the ROUTING > Facade Operations tab.

3.

Add a new operation or select an existing operation. See Facade Operations.

4.

The Operation URI field contains "/asg/ba/" string in the endpoint as follows for the facade operation:

For example, /asg/ba/ServerProcesses/GetBooksByTitleEndpoint

Note that the client uses the "/asg/ba" in the transport URL to send the request to the Core Engine.

5.

Save the changes to the configuration.

Task C Add a New Partner Group

1.

Create a new configuration or select an existing configuration, as applicable.

2.

Add a new partner group. See Partner Groups.

3.

Save the changes to the configuration.

Task D Add a New Partner

1.

Create a new configuration or select an existing configuration, as applicable.

2.

Add a new partner as setup for the client. See Partners.

•

See Create an Identity Resource for the username. The partner name must match the username of the identity resource.

For example, set up the partner name as follows:

−

Partner Name: asgpartner01

3.

Save changes to the configuration.

Task E Add a New Partner Group

Create or add a new partner group for the partner. See Partner Groups.

Task F Add a New Facade Access

You must add a new facade access to authorize the asgpartner01 partner to access the operation configured for basic authentication.

Perform the following steps:

1.

Create a new configuration or select an existing configuration, as applicable.

2.

Add a new facade access to authorize the partner to access the operation. See Facade Access.

3.

Save changes to the configuration.

Task G Add Routing

You must add the routing data for the partner and operation created in Add a New Partner and Add a New facade Operation sections so that the Core Engine can route the facade request to the appropriate target operation. See Routing.