The HTTP Basic Authentication Trust Association Interceptor

The HTTP Basic Authentication Trust Association Interceptor (TAI) can be used to authenticate incoming requests using the HTTP Basic Authentication Protocol described in RFC 2617. This can be useful for clients that are not capable of doing HTTP form-based authentication.

The Web client sends the user ID and password information used for authentication with each individual request to the WAS. This typically requires using SSL for the complete portal related network traffic. Otherwise the user password is exposed on the network. Compared to this, when we use HTTP form based authentication, it can be sufficient that we use the transport layer security to cover only the user login flow.

With HTTP Basic authentication TAI the Web client sends the user credentials with each request. Users cannot log out from the portal except by completely closing the Web client. If a user logs out of the portal, and leaves the browser open, another user might be able to access pages the first user visited previously.

The TAI is responsible if none of the patterns in the black lists match the incoming request URL or user agent, and at least one of the patterns in one of the white lists does match. If the TAI is configured with empty white lists, it will never authenticate a request.

If TAI decides to authenticate the request, and that request contains an authorization header containing a user ID and password, the TAI tries to log on with that credential. If no user ID and password is provided, the TAI will challenge the client according to RFC 2617.

Parent Enable HTTP Basic Authentication for simple clients

Related information

RFC 2617