0 Replies Latest reply on Nov 19, 2016 10:16 AM by ebowden

    Basic Auth for web resource in Jive hosted environment

    ebowden

      I am finding that image urls in a Jive hosted environment will not accept basic authentication.

       

      If I attempt an HTTP GET against an image url such as /servlet/JiveServlet/showImage/38-782-435/image017.jpg, Jive replies with a redirect to the login page.

       

      Am I sending the correct authorization header?

      • Yes.  I confirmed that the basic authorization header is correct by accessing the Jive REST API, using the same authorization header.

       

      Am I certain that it is possible to access a Jive resource such as  /servlet/JiveServlet/showImage/38-782-435/image017.jpg, using Basic Auth?

      • Yes.  I am able to access similar image resources in Jive cloud instances, such as the developer sandbox and others.

       

      I am not using a federated account, and I do not find any other federated accounts in the instance.

       

      The instance is not configured for SAML Authentication.

       

      One theory is that the endpoint (.../image017.jpg above) is insisting upon session/cookie based authentication.  The endpoint appears to redirect to the login page and cannot be accessed until the login cookies have been set.

       

      Another theory is that an installed plugin which requires session based auth is being invoked.  Are there any common plugins which are known to cause this issue?

       

      I've searched through the admin console, docs, etc.. and have been unable to find a setting which enables or disables basic auth for web resources.  Anyone familiar with a configuration setting in Jive which enables/disables Basic auth or a setting which forces session based auth?

       

      I entered a support ticket for this issue, but Jive support was unwilling to assist because it pertains to a custom application.  However, are there other questions I can ask of Jive support which could help resolve this issue, which they would typically answer.  For example:

      • Should I ask Jive support to confirm that Basic authentication is enabled?
      • Are there any other questions I could ask of Jive support which could help resolve this issue?

       

      Appreciate any ideas.