Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2576

Make it possible to use DigestPasswords when using the DIGEST-SHA-256 and DIGEST-SHA-512-256 HTTP Digest authentication mechanisms

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.3.0.Final
    • None
    • HTTP
    • None

      The DigestMechanismFactory currently supports the DIGEST, DIGEST-SHA-256, and DIGEST-SHA-512-256 authentication mechanisms.

      However, when using the DIGEST-SHA-256 or DIGEST-SHA-512-256 mechanisms, it's not possible to make use of DigestPasswords. Only clear passwords can be used with these mechanisms.

      The underlying issue is that DigestAuthenticationMechanism#getH_A1 erroneously sets the credential algorithm for the PasswordDigestObtainer to "digest-md5". The algorithm that should be used depends on the mechanism name.

            fjuma1@redhat.com Farah Juma
            fjuma1@redhat.com Farah Juma
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: