This content has been marked as final.
Show 1 reply
-
1. Re: JBoss AS7.1 Switch from basic to digest authentication & SHA-256
987654321 Jul 14, 2013 12:25 PM (in response to 987654321)To be a bit more specific, the digest authentication works fine for me as long the user passwords in data base are hashed with MD5. What I want is, to keep the user passwords as a SHA-256 hash (additional base64 encoding is just optional) in data base.
So what I need is, that the client sends the password SHA-256 encoded like:
Hash1 = SHA-256("username:realm:password")
Hash2 =SHA-256
("http-method:uri")
Response =SHA-256
("Hash1:nonce:nc:cnonce:qop:Hash2")
Is there a way that JBoss can force the client to do so?