Unable to set basic credentials while using HTTP Connector

Claude Libois clibois.work at gmail.com
Wed Jun 23 07:36:48 UTC 2021 

Hello,
In order to migrate from 3.4.1 to version 4, I'm migrating an old
custom dataconnector to the HTTP connector.
I have configured my httpclient security in conf/global.xml:

<bean id="HttpSecurity"
class="org.opensaml.security.httpclient.HttpClientSecurityParameters">
    <property name="basicCredentials">
        <bean class="org.apache.http.auth.UsernamePasswordCredentials"
              c:_0="%{username}" c:_1="%{password}" />
    </property>
</bean>

In the attribute resolver I have set an HTTP dataconnector inspired from
the documentation:

 <resolver:DataConnector
                id="WS" xsi:type="HTTP"
                httpClientRef="shibboleth.MemoryCachingHttpClient"
                httpClientSecurityParametersRef="HttpSecurity"
        >
        <resolver:Dependency ref="LDAP" />
        <URLTemplate>%{service.endpoint}/${uid.get(0)}</URLTemplate>
       <ResponseMapping>
            <Script>
                <![CDATA[
        var HashSet = Java.type("java.util.HashSet");
        var HttpClientSupport =
Java.type("net.shibboleth.utilities.java.support.httpclient.HttpClientSupport");
        var IdPAttribute =
Java.type("net.shibboleth.idp.attribute.IdPAttribute");
        var StringAttributeValue =
Java.type("net.shibboleth.idp.attribute.StringAttributeValue");

        // Limits length to 64k
        var body = HttpClientSupport.toString(response.getEntity(),
"UTF-8", 65536);
        var result = JSON.parse(body);

        var attr = new IdPAttribute("group");
        var values = new HashSet();
        if (result.groups != null) {
            for (var i=0; i<result.groups.length; i++) {
                values.add(new StringAttributeValue(result.groups[i].name));
            }
        }
        attr.setValues(values);
        connectorResults.add(attr);
        ]]>
            </Script>
        </ResponseMapping>

        <ResultCache expireAfterWrite="PT5M"/>
    </resolver:DataConnector>

Unfortunately, while I can see the call to the service.endpoint url, there
is no basic credentials provided in the request and I receive a 401 from
the service endpoint.
Is there something else to do to have basic authentication working with
http connector ?
Best Regards,
Claude
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210623/e35b8546/attachment.htm>

More information about the users mailing list