DataPower

 View Only
Expand all | Collapse all

Dynamically setting USer agent Basic Auth Password during deployment.

  • 1.  Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Fri June 24, 2022 10:00 AM

    Hi All,

    I have a web Service Proxy where I have created and user agent with in Proxy settings tab. For this user agent I am setting basic auth by matching the back end url which requires username and password for authentication. Here, I have provided username and password alias which contains password set manually after deploying the service through build process.

    But when I redeploy the same service as part of build process the password gets erased. Hence, I need to manually add the password on to existing password alias.

    Here is my question, I wanted to set the password to be set dynamically during deployment process. My question over here is that what value of deployment policy I need to create and pass in the values for setting the password alias automatically as part of deployment in order to avoid manually setting the value after deployment.

    Thanks and Regards

    Avinash



    ------------------------------
    AVINASH VUNDALE
    ------------------------------


  • 2.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    IBM Champion
    Posted Mon June 27, 2022 09:20 AM
    Hi,

    This should work:

    Configuration Match: */*/config/password-alias?Name=.*&Property=EncryptedPassword&Value=.*
    Modification Type: Change Configuration
    Configuration Value: <new encrypted password>

    So basically you should change EncryptedPassword property.

    ------------------------------
    Hermanni Pernaa
    ------------------------------

    Original Message


  • 3.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Thu July 07, 2022 01:28 AM
    Hi Hermani,

    It worked for me Thanks for the help. I am sorry for delay response as I was on holiday.

    Thanks 
    AVINASH

    ------------------------------
    AVINASH VUNDALE
    ------------------------------

    Original Message


  • 4.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Fri July 29, 2022 04:16 AM
    Edited by Avinash Mohan Vundale Fri July 29, 2022 04:22 AM

    Hi Hermanni,

    Of course the above deployment polcy settings works.

    But since its password we can set the property to be part of deployment parameter as our design team disagrees this solution.

    So they have suggested to set this value one time and should not affect even when we keep deploying other service along withthe package bundled with this service.

    further setting the changed password should also be independent of the deployment meaning we should be able to set the password value with out deployment and set the property on the flow.

    Any suggestion for this please.

    Thanks

    Avinash



    ------------------------------
    Avinash Mohan Vundale
    ------------------------------

    Original Message


  • 5.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Mon September 26, 2022 05:53 AM
    Thanks Hermanni, this helped me as well.

    ------------------------------
    Shivam Singh
    ------------------------------

    Original Message


  • 6.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Mon June 27, 2022 09:49 AM
    Hi,
    One possibility to use XMI message to update the info.
    The XMI (SOAP) message could be sent by a program (cUR, Java, Python, etc.) from some computer
    on the same network as the DataPower.
    Here is the format, shown in bold below:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Body>
        <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="TestDomain">
          <dp:modify-config>
            <PasswordAlias name="TestPasswordAlias">
              <Password>mynewpassword</Password>
            </PasswordAlias>
          </dp:modify-config>
        </dp:request>
      </soapenv:Body>
    </soapenv:Envelope>

    The response would look something like:
    <?xml version="1.0" encoding="UTF-8"?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
      <env:Body>
        <dp:response xmlns:dp="http://www.datapower.com/schemas/management">
          <dp:timestamp>2022-06-27T15:27:30+02:00</dp:timestamp>
          <dp:result>OK</dp:result>
        </dp:response>
      </env:Body>
    </env:Envelope>

    If the request is in a file change-password.xml, you could use curl to do this:
    curl -d @change-password.xml https://dp-mgt-ip:5550/service/mgmt/current -uadmin:adminPassword -k

    Please let me know:
    - if this is what you want
    - if this works

    Many thanks,
    Steve Edwards
    DataPower Specialist

    ------------------------------
    Steve Edwards
    Director
    Escala Ltd
    Southampton
    02380783802
    ------------------------------

    Original Message


  • 7.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Thu July 07, 2022 06:13 AM
    Hi,
    I can see that you wanted an initial deployment solution, which is fine!
    The XMI approach I suggested would be useful in the situation that it
    necessary to change the password alias value at some later date (as
    many security system are required to do).
    So, hope the XMI approach maybe useful at some stage.
    Cheers,
    Steve

    ------------------------------
    Steve Edwards
    Director
    Escala Ltd
    Southampton
    02380783802
    ------------------------------

    Original Message


  • 8.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Fri July 22, 2022 05:31 AM

    HI Steve,

    The requirement is now bit different the password alias keeps changing once in 3 months or may twice in a year based upon the the back end security protection. 

    so I would like to set the password alias in such a way that irrespective of deployments made the password should get picked up run time. 

    So, I was thinking to set the password in default domain on some variable which gets picked up on runtime and is not affected irrespective of deployment.

    Thanks and Regards

    Avinash



    ------------------------------
    Avinash Mohan Vundale
    ------------------------------

    Original Message


  • 9.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Wed September 21, 2022 10:42 AM

    Hi Steve,

    if you are trying to update the password from some other computer
    on the same network as the DataPower. 

    what things do I need to take care of and especially what should be the host and port number that I need to use in here.

    as such when I have tried above method I ended up with below erro message.

    HTTP/1.1 500 Internal Server Error
    Connection: close
    Content-Type: text/xml

    <?xml version="1.0" encoding="UTF-8"?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><env:Fault><faultcode>env:Client</faultcode><faultstring>Access Denied (from client)</faultstring></env:Fault></env:Body></env:Envelope>

    Thanks 

    Avinash
     



    ------------------------------
    Avinash Mohan Vundale
    ------------------------------

    Original Message


  • 10.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Tue June 28, 2022 08:18 AM
    There have been some good examples given of ways to approach this problem, just to note DataPower does support exporting password alias objects if you define your domain settings with a passphrase to decrypt the masked passwords, but this may depend on your security requirements:

    https://www.ibm.com/support/pages/steps-use-datapower-domain-settings-masked-password-treatment-feature

    ------------------------------
    DOMINIC MICALE
    ------------------------------

    Original Message


  • 11.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Fri July 22, 2022 05:27 AM
    Hi Dominic,

    I have now analysed that, I need to set this password alias once in 3 months. Is there any way I can set and the service picks it up every time we deploy same with latest code baseline.

    Thanks 
    Avinash

    ------------------------------
    Avinash Mohan Vundale
    ------------------------------

    Original Message


  • 12.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    Posted Fri July 29, 2022 08:26 AM
    Hi,

    My post of June 27, 2022 09:49 AM suggesting use of XMI
    to change the password value of the password alias was
    proposed by myself to address the very scenario you now
    wish to cater for: changing the password after any initial
    deployment. Here are my words from my original reply
    (which also includes a sample XMI structure):
    "One possibility to use XMI message to update the info.
    The XMI (SOAP) message could be sent by a program (cURL,
    Java, Python, etc.) from some computer on the same network
    as the DataPower. Here is the format, shown in bold below:"

    Hopefully, that should provide the solution you require!
    Steve Edwards

    ------------------------------
    Steve Edwards
    Director
    Escala Ltd
    Southampton
    02380783802
    ------------------------------

    Original Message


  • 13.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    IBM Champion
    Posted Fri July 29, 2022 10:15 AM
    Is there a reason you cannot use either Dominic's or Steve's suggestions?

    ------------------------------
    Joseph Morgan
    ------------------------------

    Original Message


  • 14.  RE: Dynamically setting USer agent Basic Auth Password during deployment.

    IBM Champion
    Posted Fri August 05, 2022 07:15 AM
    Hi,

    following up on Joseph's comment, is there a reason you cannot use Dominic's or Steve's suggested approaches? It sounds like you have a deployment design issue rather than a DataPower issue that you are struggling with... If you want to set the alias just once every three months, that is something that has to be implemented into your (DevOps??) flow. You can use either import or XML Management Interface, just pick the method that is more suitable to your toolset.

    ------------------------------
    Hermanni Pernaa
    ------------------------------

    Original Message