In the default AAI deployment the aai-schema-service has the spring profiles

spring.profiles.active=production,dmaap,aaf-auth

However there is no implementation of the authentication in the aaf-auth profile  so even if AAF is not installed the REST api works.

e.g. 

curl -k --user aaaa:bbbb -H "Accept: application/json" -H "Content-Type: application/json" -H "X-TransactionId: AFR" -H "X-FromAppId: AFR" https://localhost:8452/aai/schema-service/v1/versions

{"versions":["v11","v12","v13","v14","v15","v16","v17","v18","v19"],"edge-version":"v12","default-version":"v19","depth-version":"v11","app-root-version":"v11","related-link-version":"v11","namespace-change-version":"v12"}

 

The problem shows up when you try to use one-way-ssl as the profile as now there is an implementation of authentication which expects basic auth. The problem is that the job dev-aai-aai-graphadmin-create-db-schema is calling the aai-schema api without passing any basic auth. This works when the aaf-auth is used but not when using  one-way-ssl .

 

I think there should be an implementation of AAF auth and the users of the interface should be updated to include the auth.