Sauce Connect Upstream Authentication
Sauce Connect supports upstream HTTP authentication via the --auth flag.
This flag allows the proxy to automatically send credentials to specified hosts.
It is necessary when your site under test is protected by basic authentication, and you want Sauce Connect to handle authentication transparently for you.
Overview
By using the --auth flag, you can instruct Sauce Connect to send authentication credentials automatically whenever a request matches a specific host and port. This works for:
- Standard HTTP basic authentication prompts.
- Authentication challenges triggered by clicks or form submissions.
All domains specified via the --auth flag are automatically resigned, as if they were passed using the --tls-resign-domains flag.
Usage
To configure Sauce Connect to send credentials to an upstream server, use the following format:
--auth <username[:password]@host:port,...>
Example
If your application is hosted at mysite.com and uses basic authentication with the username awesometester and password supersekrit, your command would look like this:
--auth awesometester:supersekrit@mysite.com:80
You can also use HTTPS (port 443) or any other port that your upstream server is listening on.
Multiple Hosts
You can provide the --auth flag multiple times to support multiple upstream hosts:
--auth awesometester:supersekrit@mysite.com:80 \
--auth awesometester:supersekrit@myothersite.com:443 \
--auth awesometester:supersekrit@mythirdsite.com:80
Wildcard Matching
You can use asterisks (*) to match any host and/or any port:
--auth awesometester:supersekrit@*:*
This instructs Sauce Connect to send the credentials to all hosts and all ports it connects to.
Security Tip
If you're concerned about exposing credentials in the command line (where they can be viewed in process lists), consider using environment variables instead. For more details, see Using Environment Variables