Monday, November 17, 2014

How to use custom authentication header and pass it as auth header to back end server(in addition to bearer token).

In this article we will describe how we can use custom authentication header and pass it as auth header to backend server.

You can add a mediation extension [1], and have a custom global sequence in the API gateway which will assign Authorization header the value of your basic authentication.

<sequence name="WSO2AM--Ext--In" xmlns="http://ws.apache.org/ns/synapse"> 
<property name="Authentication" expression="get-property('transport', 'Authentication')"/> 
<property name="Authorization" expression="get-property('Authentication')" scope="transport" type="STRING"/> 
<property name="Authentication" scope="transport" action="remove" /> 
</sequence> 


In order to add the custom mediation, visit '/repository/deployment/server/synapse-configs/default/sequences' and create an xml file (Ex: global_ext.xml) to contain your mediation extension.
Then include above synapse configuration in that xml. (I have attached the custom global sequence xml here).

When you invoke your Rest API via a RESTclient, configure that client to have a custom header(Ex:Authentication) for your basic authentication credentials and configure 'Authorization' header to contain the bearer token for the API.

So, what will happen will be something like this:
Client (headers: Authorization, Authentication) -> Gateway (drop: Authorization, convert: Authentication-Authorization) -> Backend


[1]https://docs.wso2.com/display/AM150/Adding+a+Mediation+Extension

1 comment:

  1. Nice, is it possible to assign the user name (or application name) to a value? I mean the user name that is defined in the API Store. This would allow to use the WSO2 for user authorization also in the backend (the authorization bearer is stripped off at the moment and no (additional) user token is added, so it is not possible for the backend web services to know the real user).

    ReplyDelete