Cannot disable Basic Auth #4003
Assignees
Labels
bug
Something isn't working
documentation
Improvements or additions to documentation
P2
Priority 2 - Should Have
Comments
|
Thanks @sidharthramesh we need to beef up our documentation here. The One reason for this to be disconnected from the actual enforcement on the server is that often times we'll use a gateway in front of the server and so, for example, you might have OAuth enforced at that level but you still want the server to say its secured by OAuth. To actually disable basic auth you can add the linked snippet under configDropins/overrides: #1020 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Setting
security.basic.enabledto"false"does not disable Basic AuthenticationEnvironment
Which version of LinuxForHealth FHIR Server?
Docker image
ghcr.io/linuxforhealth/fhir-server:5.0.0-rc2To Reproduce
Steps to reproduce the behavior:
Use the following
fhir-server-config.json{ "__comment": "FHIR Server configuration", "fhirServer": { "core": { "tenantIdHeaderName": "X-FHIR-TENANT-ID", "datastoreIdHeaderName": "X-FHIR-DSID", "originalRequestUriHeaderName": "X-FHIR-FORWARDED-URL", "checkReferenceTypes": true, "conditionalDeleteMaxNumber": 10, "__comment": "The Server Registry Resource Provider is a server-wide setting. The default is false, and the CI changes to true in the build and test.", "serverRegistryResourceProviderEnabled": false, "disabledOperations": "" }, "security": { "cors": true, "basic": { "enabled": false }, "certificates": { "enabled": false }, "oauth": { "enabled": false, "regUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/registration", "authUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/authorize", "tokenUrl": "https://<host>:9443/oauth2/endpoint/oauth2-provider/token", "openEhrUrl": "https://<host>:9443/endpoint/open-ehr", "smart": { "enabled": true, "scopes": [ "openid", "profile", "fhirUser", "launch/patient", "patient/*.*", "offline_access" ], "openehr": { "openEhrUrl": "https://<host>:9443/endpoint/open-ehr/url/test" }, "capabilities": [ "sso-openid-connect", "launch-standalone", "client-public", "client-confidential-symmetric", "permission-offline", "context-standalone-patient", "permission-patient" ] } } }, "audit": { "serviceClassName": "org.linuxforhealth.fhir.audit.impl.NopService", "serviceProperties": {} }, "persistence": { "factoryClassname": "org.linuxforhealth.fhir.persistence.jdbc.FHIRPersistenceJDBCFactory", "common": { "__comment": "Configuration properties common to all persistence layer implementations", "updateCreateEnabled": true }, "jdbc": { "__comment": "Configuration properties for the JDBC persistence implementation", "enableCodeSystemsCache": true, "enableParameterNamesCache": true, "enableResourceTypesCache": true }, "datasources": { "default": { "type": "postgresql", "currentSchema": "fhirdata", "jndiName": "jdbc/fhir_default_default", "searchOptimizerOptions": { "from_collapse_limit": 12, "join_collapse_limit": 12 } } } }, "term": { "remoteTermServiceProviders": [{ "__comment": "Configuration for public SNOMED-CT endpoint", "enabled": true, "base": "https://snowstorm-fhir.snomedtools.org/fhir", "supports": [{ "system": "http://snomed.info/sct" }] }] }, "operations": { "erase": { "enabled": true, "allowedRoles": ["FHIROperationAdmin", "FHIRUsers"] } } } }Enabled http endpoint on port 8080 in server.xml
GET Request on
http://localhost:8080/fhir-server/api/v4/Patientrequires basic authentication. Failed with 401 without it.Expected behavior
200 OK
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: