API calls from a client to the NSX Advanced Load Balancer Controller must first be authenticated, either by HTTP session-based authentication or HTTP basic authentication. By default, HTTP basic authentication is disabled.
Authenticated API calls are still subject to normal authentication settings, regardless of the method used. The user account used for authentication can be validated by the Controller through a local database or remote (such as LDAP), can be limited to a specific tenant, or have limited roles or access levels. HTTP basic authentication is deactivated by default for increased security.
Enabling HTTP Basic Authentication using CLI
HTTP Basic Authentication can be activated using the following CLI commands.
bash# shell : > configure systemconfiguration : systemconfiguration> portal_configuration : systemconfiguration:portal_configuration> allow_basic_authentication Overwriting the previously entered value for allow_basic_authentication : systemconfiguration:portal_configuration> exit : systemconfiguration> exit
Truncated view of the results:
+-------------------------------------+----------------------------------+ | Field | Value | +-------------------------------------+----------------------------------+ | uuid | default | | portal_configuration | | | enable_https | True | | redirect_to_https | True | | enable_http | True | | enable_clickjacking_protection | True | | allow_basic_authentication | True | | password_strength_check | False | +-------------------------------------+----------------------------------+
Activating HTTP Basic Authentication through API
HTTP Basic Authentication method can be activated by setting “allow_basic_authentication
” = True
in “/api/systemconfiguration
” under “portal_configuration
”.
Truncated view of the results:
--snip-- docker_mode: false, portal_configuration: { use_uuid_from_input: false, redirect_to_https: true, sslprofile_ref: "https://10.10.5.27/api/sslprofile/sslprofile-0-1", allow_basic_authentication: true, enable_clickjacking_protection: true, enable_https: true, sslkeyandcertificate_refs: [ "https://10.1.1.10/api/sslkeyandcertificate/sslkeyandcertificate-ae6c1033-859b" ], password_strength_check: false, enable_http: false }, --snip--