The CA API Gateway supports the use of HTTP Basic access authentication for enforcing access controls. This allows a user agent or client application (such as a browser) to send a credentials to a protected service for the purpose of authentication and authorization. Basic access authentication provisions a "realm" value to indicate the scope of a particular authentication method. Realms are used to collate separate protected services and resources in such a way that a consistent credential set should be valid for all resources in that realm.

The realm for an HTTP request requiring credentials is specified by the WWW-Authenticate. This header specifies the realm that the client application should display to the operator or administrator specifying a set of credentials. It is only sent in response to a client application that attempted to consume a service or resource that required HTTP Basic authentication but did not provide it in the initial request. By default, the Gateway specifies the default realm as "L7SSGBasicRealm." It may be desirable to change that realm and this article will prescribe the steps necessary to make that change on a policy-by-policy basis.

The attached service policy provides an example logic branch that enforces the presence of HTTP Basic credentials or return an HTTP 401 error status with a customized WWW-Authenticate header. Import the service policy into a new service in order to inspect the provided a sample. A screen capture is illustrated below:

Attachments:

• customWwwAuthenticateRealm.xml