My Oracle Support Banner

HTTP BASIC Authentication Credentials (Username and Password ) Cannot Be Stored Into Local Variables in Oracle API Gateway. (Doc ID 2045645.1)

Last updated on OCTOBER 07, 2022

Applies to:

Oracle API Gateway - Version and later
Information in this document applies to any platform.


When HTTP BASIC authentication credentials are passed to an inbound call on Oracle API Gateway (OAG), the values cannot be stored in local variables to be used for other purposes.

A simplified example of what is to be accomplished is to use a policy that accepts an HTTP BASIC authentication header to an endpoint and displays the username and password before performing a local store lookup and after.
It is observed that before the HTTP Basic lookup, the attributes '' and 'authentication.subject.password' are not populated, nor is any attribute that would contain the desired values.
By using the HTTP BASIC Authentication filter against the local store, the two attributes become populated.

The desire is to not have to check against the local store since the requirement is to perform a callout to a REST API which will authenticate the user itself.
To do this, attributes need to be populated with the username and password values that can then be made available to the callout.

How can this functionality be achieved?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.