http-basic-auth

http-basic-auth

Validates HTTP Basic Authentication credentials by comparing the password from the HTTP Authorization header against user data retrieved from a backend.

Context

Valid inside @execute blocks for HTTP server handlers only. The HTTP server automatically extracts credentials from the Authorization: Basic header and populates aaa.identity and http.authorization.password before the execute block runs.

Basic Syntax

@execute {
    # User and password (hash) lookup
    backend {
        name "USERS";
        query "FIND_USER";
    }
    # Validation
    http-basic-auth;
}

Result

The http-basic-auth action produces the following pipeline results:

• Accept: The username and password from the Authorization header match the user data from the backend.
• Reject: Authentication failed. This occurs when:
  • The username does not match the user loaded by the backend.
  • The password does not match.
• Ignore: The action cannot perform authentication. This occurs when:
  • No Authorization: Basic header is present in the request.
  • No user was found in the execution context.
  • The user is not configured with password-based authentication.

Required context variables:

• aaa.identity - Set automatically by HTTP server from Authorization header username
• http.authorization.password - Set automatically by HTTP server from Authorization header password
• user.password - Retrieved from backend for comparison

Backend mapping for user identification works the same as pap.

Related Actions

• pap - PAP authentication for RADIUS

See Also

• HTTP Basic Authentication - Complete guide with examples