FAQ: Pass through Basic Authentication Credentials - Not Suppressing the Authorization Header

The default behavior for Sentry is to suppress an incoming HTTP Authorization Header (basic authentication credentials) and not send these credentials to the remote server. This is due to the fact that most use cases include Sentry consuming these credentials and processing the authentication and authorization, making this unnecessary (and the credentials unwanted) on the remote server.

The suppression of the Authorization header is shown with the following DEBUG level log message, in the System Log:

Stored header suppressed from proxying - Authorization: ********


In the event that Basic Authentication credentials are required at the remote server, you will need to enable Basic Authentication on the HTTP Remote policy. When this is enabled, there are 3 options for which credentials to be sent:

1. Static credentials from User Policy - select from the local user accounts in Sentry

2. Dynamic credentials from authenticated user - one example is Sentry does document based authentication with the incoming request, and then sends these same credentials to the remote server using basic authentication

3. Propagate client's credentials - to send the same incoming credentials set by the client




Article is closed for comments.