Authenticating with Basic Authentication

Basic Authentication is an authentication scheme built into the HTTP protocol.

The Base64-encoded username and password need to be provided in the Authorization header of each HTTP request. For example, Authorization: Basic VXNlcjpwd2Q=. VXNlcjpwd2Q= is the base-64 encoded string User:pwd.

On Windows PowerShell, encoding and decoding can be tested with the following commands:

Base64-encode a string:

[Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(‘User:pwd’))

Decode a base64-encoded string:

 [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String(‘VXNlcjpwd2Q=’))

The Authentication Service API supports Basic Authentication through a service called SAF Basic Service. This service decodes the base64-encoded string to retrieve the credentials and authenticates users by calling the System Authorization Facility (SAF) OE Service __passwd() provider. For more details about this provider and the error return codes it produces, see the following topics:

__passwd(), __passwd_applid() — Verify or change user password in z/OS C/C++ Runtime Library Reference
Return Codes (errnos) in z/OS UNIX System Services Messages and Codes

Internally, the IMS Transaction Isolation Service API and Debug Profile Service API use the same service to authenticate the Basic Authentication credentials.

To enable or disable SAF Basic Service, specify safBasicIsEnabled to true or false in the eqaprof.env file.