Authentication with User Name and Password - ABO

Back Office Integration Guide

Product
ABO
AFS_Version
7.9
Category
Reference Guide
language
English

Authentication can be made by login and password.

The afs:login parameter is used for authentication.

An Authentication API request takes the following form:

http://$HOST/$REQUEST&afs:login=login://$USER:$PASSWORD@$AUTHENTICATION_AUTHORITY

where afs:login=login://<user>:<password>@<authentication_authority> is the authentication part.

This way of authentication may be harmful because the user password is not completely secure and could be retrieved.

In the example:

  • $USER is the user used for authentication.
  • $PASSWORD is the associated password.
  • $AUTHENTICATION_AUTHORITY is the Authentication Authority (such as LDAP).

    $AUTHENTICATION_AUTHORITY supports the following values:

    • LDAP: if BO is connected to an LDAP, user is authenticated thanks to this LDAP.
    • BOWS: if BO is using its own internal users database.
    • SSO: at first user authentication, an SSO token is sent back. It can be then used for the next API requests.
    • Antidot: this authentication mode is used only for the Back Office antidot root user.

The authentication part of every Back Office API call must always be encoded.
See Wikipedia, percent-encoding for more information.

When possible, it is safer to use the following HTTP HEADER:

Authorization

With the following content:

Basic <Base64.encode($LOGIN:$PASSWORD)>

Where <Base64.encode($LOGIN:$PASSWORD)> means the "$LOGIN:$PASSWORD" string encoded in Base64.

To obtain the base64, run the following command:

echo -n "$LOGIN:$PASSWORD" | base64 -

Example:

For antidot default user, run the following command:

echo -n "antidot:change_on_install" | base64 -

It returns the following encoded string:

YW50aWRvdDpjaGFuZ2Vfb25faW5zdGFsbA==

The content of the Authorization HTTP HEADER should be as follows:

Basic YW50aWRvdDpjaGFuZ2Vfb25faW5zdGFsbA==