HTTP Basic Authentication for API Queries

API calls from a client to the NSX Advanced Load Balancer Controller must first be authenticated, either by HTTP session-based authentication or HTTP basic authentication. The use of HTTP basic authentication for API access is unrelated to the use of basic authentication for clients accessing a virtual service in which the Service Engine is proxying the authentication.

Authenticated API calls are still subject to normal authentication settings, regardless of the method used. The user account used for authentication may be validated by the Controller through a local database or remote (such as LDAP), may be limited to a specific tenant, or have limited roles or access levels. HTTP basic authentication is deactivated by default for increased security.

Enabling HTTP Basic Authentication using CLI

HTTP Basic Authentication may be activated using the following CLI commands.

bash# shell
: > configure systemconfiguration
: systemconfiguration> portal_configuration
: systemconfiguration:portal_configuration> allow_basic_authentication
Overwriting the previously entered value for allow_basic_authentication
: systemconfiguration:portal_configuration> exit
: systemconfiguration> exit

Truncated view of the results:

+-------------------------------------+----------------------------------+
| Field                               | Value                            |
+-------------------------------------+----------------------------------+
| uuid                                | default                          |
| portal_configuration                |                                  |
|   enable_https                      | True                             |
|   redirect_to_https                 | True                             |
|   enable_http                       | True                             |
|   enable_clickjacking_protection    | True                             |
|   allow_basic_authentication        | True                             |
|   password_strength_check           | False                            |
+-------------------------------------+----------------------------------+

Activating HTTP Basic Authentication through API

HTTP Basic Authentication method may be activated by setting “allow_basic_authentication” = True in “/api/systemconfiguration” under “portal_configuration”.

Truncated view of the results:

--snip--
    docker_mode: false,
    portal_configuration: 
    {
        use_uuid_from_input: false,
        redirect_to_https: true,
        sslprofile_ref: "https://10.10.5.27/api/sslprofile/sslprofile-0-1",
        allow_basic_authentication: true,
        enable_clickjacking_protection: true,
        enable_https: true,
        sslkeyandcertificate_refs: 
        [
            "https://10.1.1.10/api/sslkeyandcertificate/sslkeyandcertificate-ae6c1033-859b"
        ],
        password_strength_check: false,
        enable_http: false
    },
    --snip--