HTTP Basic Authentication for API Queries

API calls from a client to the Avi Load Balancer Controller must first be authenticated, either by HTTP session-based authentication or HTTP basic authentication. By default, HTTP basic authentication is disabled.

Authenticated API calls are still subject to normal authentication settings, regardless of the method used. The user account used for authentication can be validated by the Controller through a local database or remote (such as LDAP), can be limited to a specific tenant, or have limited roles or access levels. HTTP basic authentication is deactivated by default for increased security.

Enabling HTTP Basic Authentication using CLI

HTTP Basic Authentication can be activated using the following CLI commands.

bash# shell
: > configure systemconfiguration
: systemconfiguration> portal_configuration
: systemconfiguration:portal_configuration> allow_basic_authentication
Overwriting the previously entered value for allow_basic_authentication
: systemconfiguration:portal_configuration> exit
: systemconfiguration> exit

Truncated view of the results:

+-------------------------------------+----------------------------------+
| Field                               | Value                            |
+-------------------------------------+----------------------------------+
| uuid                                | default                          |
| portal_configuration                |                                  |
|   enable_https                      | True                             |
|   redirect_to_https                 | True                             |
|   enable_http                       | True                             |
|   enable_clickjacking_protection    | True                             |
|   allow_basic_authentication        | True                             |
|   password_strength_check           | False                            |
+-------------------------------------+----------------------------------+

Activating HTTP Basic Authentication through API

HTTP Basic Authentication method can be activated by setting “allow_basic_authentication” = True in “/api/systemconfiguration” under “portal_configuration”.

Truncated view of the results:

--snip--
    docker_mode: false,
    portal_configuration: 
    {
        use_uuid_from_input: false,
        redirect_to_https: true,
        sslprofile_ref: "https://10.10.5.27/api/sslprofile/sslprofile-0-1",
        allow_basic_authentication: true,
        enable_clickjacking_protection: true,
        enable_https: true,
        sslkeyandcertificate_refs: 
        [
            "https://10.1.1.10/api/sslkeyandcertificate/sslkeyandcertificate-ae6c1033-859b"
        ],
        password_strength_check: false,
        enable_http: false
    },
    --snip--