Note |
---|
This material has changed with V5 due to changes in the underlying HttpClient library and the original examples from V4 do not work for this release. |
There is now official support for Basic Authentication using our APIs. Other HTTP authentication mechanisms may work but likely require interacting with lower-level HttpClient library objects. The supported API for this involves injecting a map keyed by HttpHost objects whose value is the username and password to use. This API supports pre-emptive authentication; that is, the code will offer the credentials automatically when contacting the specified host and will not wait for a challenge from the server to do so. It should therefore be used only with TLS-protected hosts with appropriate verification, as described earlier. We have defined a pair of parent beans to abstract some of the classes needed to define the map: The map must be injected into the HttpClientSecurityParameters bean via the preemptiveBasicAuthMap property. Example of Basic Authentication along with TLS Verification Code Block |
---|
| <bean id="CustomHttpSecurity" class="org.opensaml.security.httpclient.HttpClientSecurityParameters"
p:preemptiveBasicAuthMap-ref="restAuthMap">
<property name="tLSTrustEngine">
<bean parent="shibboleth.StaticExplicitTrustEngine"
p:certificates="%{idp.home}/credentials/server.pem" />
</property>
</bean>
<util:map id="restAuthMap">
<entry>
<key>
<bean parent="shibboleth.HttpHost"
p:scheme="https" p:hostname="rest.service.example.org" p:port="443" />
</key>
<bean parent="shibboleth.BasicAuthCredentials"
p:username="%{rest.username}" p:password="%{rest.password}" />
</entry>
</util:map> |
Since the map discriminates the credentials by host, it’s safe to define all your various credentials in one map and use it wherever needed. |