Thank you for supporting the Cloud Customer Connect Community in 2024. It's a gift to work with you!

Look back
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

VBCS Authentication for Anonymous users

Have a query with regards to securing the VBCS Web application which allows an anonymous user access SaaS.

We have created an application which allows anonymous users and using ‘Basic’ authentication we are calling SaaS REST end points. Since anonymous user needs access to these end points, we have selected ‘Allow anonymous access to the service connection infrastructure’ and have selected the option ‘Same as Authenticated User’. This does meet our requirement, however seems to pose security threat as anyone can open the browser’s network tab and get the proxy url.

Once the user gets the proxy url, it seem to allow the direct access to not only to the resource from request url, but also to any other resources that the basic authenticated user(service account) has access to.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!