Uploaded image for project: 'National Data Service'
  1. National Data Service
  2. NDS-646

Discuss opening how to bypass basic auth for internal stack communication


      When Basic Auth is enabled, APIs that do not expect a layer of Basic Auth over their own built-in authentication will fail with a "401 Unauthorized".

      Services that will almost certainly encounter this same problem:

      • Clowder + Extractors
      • Clowder + ToolManager
      • Dataverse + TwoRavens
      • Dataverse + ToolManager
      • HTTP Tunnel (Chisel)

      With NDS-643, we are now respecting authRequired===false on specs by default, but the user can still enable Basic Auth manually and in doing so prevent their instance from functioning properly. We should discuss how to handle cases such as these in the long term.

      This ticket is complete when we have:

      • discussed how we plan to support Basic Auth over services that are unaware of its presence
      • either:
        • implemented new logic in the platform that can generically handle ignoring HTTP Basic Auth for internal requests (for example: some DNS to retrieve the internal IPs of services)
        • OR
        • implemented new logic in the UI that will prevent the user from enabling auth on these services (inadvisable, as ToolManager has no other inherent auth)

              Unassigned Unassigned
              lambert8 Sara Lambert
              0 Vote for this issue
              2 Start watching this issue


                  Original Estimate - 6 hours
                  Remaining Estimate - 6 hours
                  Time Spent - Not Specified
                  Not Specified