Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Manjunatha Mn (ManjunathaM6763)
ING Vysya Bank Ltd

ING Vysya Bank Ltd
NL
ManjunathaM6763 Member since 2017 6 posts
ING Vysya Bank Ltd
Posted: Jun 5, 2018
Last activity: Jun 5, 2018
Posted: 5 Jun 2018 10:32 EDT
Last activity: 5 Jun 2018 13:52 EDT
Closed

Container Managed Authentication - Basic Authorization

Hi Team,

We have implemented container managed authentication in our organization. We got a security test done for our application and found that authorization header has been set to Basic and username and password are base64 encoded. Its very easy to decode the username and password and which is an security threat for the application.

Can you help how to disable basic authorization and what are the secured types we can use.

Solutions Tried:

We can enable form based authentication in web.xml by modifying the below tag

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>PegaRULES</realm-name>
</login-config>

Regards

Manju

To see attachments, please log in.
Security

Posted: 6 years ago
Posted: 5 Jun 2018 13:52 EDT
Sridhar Nagarhalli (SridharNagarhalli)
PEGA
Technical Lead
Pegasystems Inc.
IN

Hi

This might give you some more insight on configuring authentication services https://pegacommunity.prod.acquia-sites.com/sites/default/files/help_v74/procomhelpmain.htm#data-/data-admin-/data-admin-authservice/main.htm#Authentication_Services

Thanks

Sridhar

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice