Skip to content

Commit

Permalink
Update authentication.adoc
Browse files Browse the repository at this point in the history
  • Loading branch information
ujibang authored Oct 24, 2024
1 parent 218c6b1 commit 2555e7b
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions docs/security/authentication.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ The cookie authentication mechanism can function using three different options:
This option is recommended if you also want to allow clients to authenticate via JWTs sent in the `Authorization` header (not stored in a cookie).

```
/tokenBasicAuthMechanism/enabled->true|false
/tokenBasicAuthMechanism/enabled->true
/jwtAuthenticationMechanism/enabled->true
/jwtTokenManager/enabled->true
/rndTokenManager/enabled->false
Expand Down Expand Up @@ -112,6 +112,7 @@ Activates when a URL includes the query parameter `?set-auth-cookie` and a user
```yaml
authCookieSetter:
enabled: false # Not enabled by default
secure: true # true if only allow setting the cookie on https
name: rh_auth # The name of the cookie to be set
domain: localhost # The domain within which the cookie is valid
path: / # The cookie path, applicable to the entire domain
Expand Down Expand Up @@ -377,4 +378,4 @@ WWW-Authenticate: Digest realm="RESTHeart Realm",domain="localhost",nonce="Toez7

In browsers this leads to the login popup windows. In our web applications we might want to redirect to a fancy login page when the 401 Unauthorized response code.

To avoid the popup window just add to the request the `noauthchallenge` query parameter or the header `No-Auth-Challenge`. This will skip the challenge response.
To avoid the popup window just add to the request the `noauthchallenge` query parameter or the header `No-Auth-Challenge`. This will skip the challenge response.

0 comments on commit 2555e7b

Please sign in to comment.