Encrypt & Decrypt AAA-Info file credentials
Hello Tech Enthusiasts π,
AAA is something DataPower is offerring from a day of appliance available in market. So itβs not a new topic of discussion. However, when it comes to basic-auth authentication mechanism, aaa-info file is what widely used. I usually donβt support as the creds are visible whomesover has access to domain/environment.
We do have other supported authentication and authorization mechanism, which can be helpful, but in this article Iβm purely focussing on alternate solution towards encrypt/decrypt mechanism for aaa-info file credentials.
Admin Process
Adminstrator Steps
- Admin post plain credentials credential by using encrypt/decrypt service in DataPower.
- DataPower returns encrypted text to admin.
- Admin shared the plain username and encrypted password with client via secure line.
- Admin to update the aaa-info.xml file with plain username and password.
Below postman screenshot depicts the behavior of service π
Encrypt Password String
Validate Encrypted Password
Sequence Diagram
Enable light theme for better visibilty of sequence diagram
sequenceDiagram
participant cl as Client
participant dp as DataPower
autonumber
cl ->> dp: Sends request with Authorization header
activate cl
activate dp
dp ->> dp: extract authorization header <br/>ZnJlZDpuYzY5a0I1c0RwNTlibDl3WURRL3pvQ2p2REsvQStHY0V1WjlKVFZkdVo4PTw=
dp ->> dp: extract encrypted password : nc69kB5sDp59bl9wYDQ/zoCjvDK/A+GcEuZ9JTVduZ8=
dp ->> dp: decrypt password using the encrypted algo and shared-secret-key : smith
dp ->> dp: construct new authorization header with plain username and decrypted password<br/>Basic ZnJlZDpzbWl0aA==
dp ->> dp: calls AAA policy to authenticate using AAA-Info.xml file
dp ->> cl: complete transaction for further processing
deactivate dp
deactivate cl
Please do comment down your views.
β Keep Learning π
β Aditya Singh
If this article helped you in someway and want to support me, you can β¦
Comments powered by Disqus.