Basic Authentication

Getting the following:

“fault”: {“faultstring”: “Unresolved variable : username”,“detail”: {“errorcode”: “steps.basicauthentication.UnresolvedVariable”

Target URL that runs fine from Postman with Basic Authentication: https://rs28:14081/dvs/DATA/DB2.STAFF/GETall

KVM:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> Key Value Map Operations-1 false 300 ts5837 xxxxxx environment

Basic Auth:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> Basic Authentication-1 Encode false request.header.Authorization request.header.Authorization

Hi @Jeff Lutzow

Welcome to the community !!!

Looks like you are missing the mapIdentifier attribute in the KVM policy. This attribute is used as the identifier for the KVM name which the policy will look for, to fetch the KVM entries.

Checkout the “Get KVM from a literal” tab here. For example, if your KVM name is “userCreds” under which you create the two entries, then in your KVM policy, you should have

<KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="Key-Value-Map-Operations-1" mapIdentifier="userCreds">

Once you add that, I guess your code will work as expected.

All I am trying to do is set the “username” and “password” parms that are referenced in the Basic Auth so I can see it this is going to run. can you code up the KVM and supply this so that it works? This is what I just tried and it did not work either:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> Key Value Map Operations-2 false 300 username ts5837 password xxxxxxx environment

When i add both of these KVMs before the BASIC Auth it does not work either:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> Key Value Map Operations-1 false 300 user ts5837 pass xxxxxxx environment <?xml version="1.0" encoding="UTF-8" standalone="yes"?> Key Value Map Operations-3 false 300

Sure.. Let me provide an example

Hi @Jeff Lutzow

These are the steps:

1. Create a environment KVM (encrypted since this is credentials), for example “userCreds”

2. Create the KVM entries. Once its saved, you will see them masked (after refreshing the page)

3. In your proxy, have the following KVM policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyValueMapOperations async="false" continueOnError="false" enabled="true" name="KVM-Get-User-Credentials" mapIdentifier="userCreds">
    <DisplayName>KVM-Get-User-Credentials</DisplayName>
    <Properties/>
    <ExclusiveCache>false</ExclusiveCache>
    <ExpiryTimeInSecs>300</ExpiryTimeInSecs>
    <Get assignTo="private.username" index="1">
        <Key>
            <Parameter>username</Parameter>
        </Key>
    </Get>
    <Get assignTo="private.password" index="1">
        <Key>
            <Parameter>password</Parameter>
        </Key>
    </Get>
    <Scope>environment</Scope>
</KeyValueMapOperations>

NOTE: I have prefixed the variable name as “private.” on purpose as that is how encrypted KVM works. For more details on this - refer to “Get encrypted value from KVM” tab in this link

4. Then the Basic Auth policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="BA-Set-Authorization">
    <DisplayName>BA-Set-Authorization</DisplayName>
    <Operation>Encode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="private.username"/>
    <Password ref="private.password"/>
    <AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>

Once these policies are executed, you should see an Authorization header added to your target request

I tested the above and it works as expected. Let me know if you still have issues.

NOTE: Even if your Apigee Edge version does not support Encrypted KVM, the above code should still work

I have it setup except for number 1 and 2:

1. Create a environment KVM (encrypted since this is credentials), for example “userCreds”

2. Create the KVM entries. Once its saved, you will see them masked (after refreshing the page)

How or where do I go to create this KVM… my only experience is creating them from within the ‘development’ tab within the API proxy. But how you created it above looks different and I can’t seem to see where to create it.

Its under Admin → Environments

or if you are using the classic UI, its under APIs menu

@Jeff Lutzow - did that work ?

Ahhhh… i see that now. Okay I think I have it all setup that way. Here is the url that I am trying to hit: https://137.134.252.107:14081/dvs/REST/VSAM.STAFF/GETall.

I have confirmed that i can hit that URL from anywhere outside the company. It then prompts me for a userid and password which i key in and it runs fine returning data.

But when i try to run my API proxy “TestAuth” through either:

http://jlutzow-eval-test.apigee.net/testauth

https://jlutzow-eval-test.apigee.net/testauth

I get:

{“fault”: {“faultstring”: “The Service is temporarily unavailable”,“detail”: {“errorcode”: “messaging.adaptors.http.flow.ServiceUnavailable”}}}

@Jeff Lutzow - this is a different issue then. How are you hitting your target server ? Are you using the URL directly within the proxy or configured via TargetServer ? If its TargetServer, please make sure you have enabled the SSLInfo details as mentioned here

I am using the URL directly from within the proxy.

I just put https://137.134.252.107:14081/dvs/REST/VSAM.STAFF/GETall into the “HTTP Target” field.

Some how I need to be able to set this up to hit that backend Target URL using Basic Authentication. It is easy in Postman but I can’t seem to get it to work here in APIGEE.

If you want to set a proxy up to hit that service and then show me that would be great. I would expect that I either define my userid/password to the environment like you showed me earlier or that it would prompt me for the userid/password when I run it.

I tried hitting that URL and cant access it. Might be a network thing where Apigee is not able to hit the endpoint