Skip to main content

Authorization

As per current implementation, Basic Auth is considered as first priority and Session Auth is considered as second priority and hence we will be returning Status Codes as below:

  • Valid Authorization and Invalid X-Auth-Token Access Granted

  • Invalid Authorization and Valid X-Auth-Token - 401 AccessDenied

    Note

    The ability to check for the validity of both "Authorization" and-"X-Auth-Token" headers will increase the overall response time of GET requests.

  • Invalid Authorization and Invalid X-Auth-Token - 401 AccessDenied

  • No Authorization and ValidX-Auth-Token Access Granted

Important
Session Authentication can be used only when no authorization headers are given in the requests.
Note
To make the Redfish password more secure, we are using dynamic salt (separate salt value for each redfish user) instead of static salt and will use SHA512 digest for generating password hash.