Basic Authentication

Overview

Basic Authentication is simple and most widely used authentication mechanism in HTTP based services or APIs. You can send HTTP requests with the authorization HTTP header that contains the word Basic followed by a space and a base 64-encoded string username:password, for instance, to authorize as username/password you can send the HTTP header as follows:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

LDAP is an extension of the basic authentication policy where the provided username and password will be authenticated against the target LDAP server. LDAP is a commonly used protocol for accessing a directory service. A directory service is a hierarchical object oriented database view of an authentication system. NSX Advanced Load Balancer (Avi Vantage) supports LDAP authentication for virtual services.

Note: This guide is explicitly for virtual services/ client authentication only and not for Controller authentication.

Configuring LDAP Authentication

The following are the steps to configure LDAP authentication:

  • Step 1: Create Auth Profile

  • Step 2: Create SSO Profile

  • Step 3: Enable Access Policy on Virtual Server

Step 1: Creating Auth Profile

The following are the steps to create auth profile:

  1. Navigate to Templates > Security > Auth Profile.

  2. Click on Create button.

For more details on LDAP, refer to LDAP Authentication guide.

Step 2: Creating SSO Profile

The following are the steps to create SSO profile:

  1. Navigate to Templates > Security > SSO Policy.

  2. Click on Create button.

    a. Name — Specify the name of the SSO policy.

    b. Type — Select the SSO policy type as LDAP.

    c. Default Auth Profile — Select the auth profile create in the previous section from the drop-down list.

  3. Click on Save

Step 3: Enabling Access Policy on Virtual Server

The following are the steps to create LDAP access:

  1. Navigate to Applications > Virtual Services. Click on Pencil icon to edit L7 profile.

  2. Navigate to Policies > Access

  3. Select LDAP option in Access Policy. Bind the SSO policy that is created in step 2.

    • SSO Policy — Specify the SSO policy attached to the virtual service.

    • Basic Realm — When a request to authenticate is presented to a client, the basic realm indicates to the client which realm they are accessing.

    • Connections Per Server — Specify the number of concurrent connections to LDAP server by a single basic auth LDAP process.

    • Cache Size — Specify the size of LDAP basic auth credentials cache used on the dataplane.

    • Bind Timeout — Specify LDAP basic auth default bind timeout enforced on connections to LDAP server.

    • Request Timeout — Specify LDAP basic auth default login or group search request timeout enforced on connections to LDAP server

    • Connect Timeout — Specify LDAP basic auth default connection timeout enforced on connections to LDAP server.

    • Reconnect Timeout — Specify LDAP basic auth default reconnect timeout enforced on connections to LDAP server.

    • Servers Failover Only — Check this box to indicate that LDAP basic auth uses multiple LDAP servers in the event of a fail-over only.