Uploaded image for project: 'National Data Service'
  1. National Data Service
  2. NDS-646

Discuss opening how to bypass basic auth for internal stack communication

    XMLWordPrintableJSON

Details

    Description

      When Basic Auth is enabled, APIs that do not expect a layer of Basic Auth over their own built-in authentication will fail with a "401 Unauthorized".

      Services that will almost certainly encounter this same problem:

      • Clowder + Extractors
      • Clowder + ToolManager
      • Dataverse + TwoRavens
      • Dataverse + ToolManager
      • HTTP Tunnel (Chisel)

      With NDS-643, we are now respecting authRequired===false on specs by default, but the user can still enable Basic Auth manually and in doing so prevent their instance from functioning properly. We should discuss how to handle cases such as these in the long term.

      This ticket is complete when we have:

      • discussed how we plan to support Basic Auth over services that are unaware of its presence
      • either:
        • implemented new logic in the platform that can generically handle ignoring HTTP Basic Auth for internal requests (for example: some DNS to retrieve the internal IPs of services)
        • OR
        • implemented new logic in the UI that will prevent the user from enabling auth on these services (inadvisable, as ToolManager has no other inherent auth)

      Gliffy Diagrams

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                lambert8 Sara Lambert
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Time Tracking

                    Estimated:
                    Original Estimate - 6 hours
                    6h
                    Remaining:
                    Remaining Estimate - 6 hours
                    6h
                    Logged:
                    Time Spent - Not Specified
                    Not Specified

                    Tasks